MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 3 File information Comments

SHA256 hash:	2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c
SHA3-384 hash:	1085552c93978ad5f3a5c06f82196ae2f843a8347f001548d7bbe5daa1a6f7af0fb568f84530a79612be9c6b4aaf9163
SHA1 hash:	06918434fe28eb04d898714453df533a4e9e075a
MD5 hash:	13a979dc9d0f51d17c2cb7052b4d71d1
humanhash:	bacon-lamp-sodium-sweet
File name:	Виконавчий_лист_2_13_1_1956_02.03.2026.rar
Download:	download sample
File size:	66'865 bytes
First seen:	2026-04-04 19:34:42 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	768:GEArvOO997nxwwwWN2IyIyOoN2222222HrrrrrEgR:GEArznyFFXk
TLSH	T128637E76CFBC89A6C514DD6073C87862729135ACB5EE831424BBA4753DC87CBB9138CA
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	smica83
Tags:	CVE-2025-8088 rar UKR

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	Виконавчий_лист_2_13_1_1956_02.03.2026.pdf
File size:	1'532 bytes
SHA256 hash:	c081a8c580847e18199a7cf963d4b11d9f7c31c9f73cf0ce258cab3d2d51e3f2
MD5 hash:	ac0ac668ee9a54bc8aeb34cd1e1d7e27
MIME type:	text/plain

File name:	Виконавчий_лист_2_13_1_1956_02.03.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_.._.._Microsoft_Windows_Start Menu_Programs_.._Programs_.._Programs_Startup_2_13_1_1956_02.03.2026.vbs
File size:	20'421 bytes
SHA256 hash:	d71a00201e4998edaccfe47c8a0167c20eafa548cb0ca400d422127dbdeacad6
MD5 hash:	aba8f02c24f9a1129d683f221963ccbf
MIME type:	text/plain

Vendor Threat Intelligence

Gathering data

Detection(s):

TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69d167f86a61012f6acec7df

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69d167f42346b9da57bd106a/reports/f7da31cc-2467-4b0f-849f-f242a8f39ea8/overview

Verdict:

Malicious

Labled as:

CVE-2025-8088

Link:

https://www.hybrid-analysis.com/sample/2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c

Verdict:

Malicious

File Type:

rar

First seen:

2026-04-04T15:33:00Z UTC

Last seen:

2026-04-04T18:24:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/13a979dc9d0f51d17c2cb7052b4d71d1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c/

Threat name:

Win32.Trojan.Ravartar

Status:

Malicious

First seen:

2026-04-04 19:35:22 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

11 of 37 (29.73%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fzkzkfx3f7i63mvt7hjsyrgg6mw37ynkeh3meakdbmqqzmjdxsoa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/2e559516fb2fd1edb2b3f9d32c44c6f32dbfe1aa21f6c201430b210cb123bc9c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	SUSP_RAR_NTFS_ADS Create hunting rule
Author:	Proofpoint
Description:	Detects RAR archive with NTFS alternate data stream
Reference:	https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Rule name:	WinRAR_CVE_2025_8088_Exploit Create hunting rule
Author:	marcin@ulikowski.pl
Description:	Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:	https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample