MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828
SHA3-384 hash: 7f4213a24691c30413be4590cf0caa3da3f0b1a6835347fb57ae03b2275b0f67fabfc53edc3a428fc4c2e45c58fbaf16
SHA1 hash: c290008d5416086dfba068b921f2896fff637974
MD5 hash: d8905a09f3acd32709ad5a20d504530c
humanhash: winter-double-hot-golf
File name:4_11_2_1537_03.02.2026.rar
Download: download sample
File size:59'783 bytes
First seen:2026-02-03 08:43:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:rmtOd7+yb+WLFIFaKKKmwkN41zffH+++0gg340o8h8uuuuucVVV2yyy9UIjUIjOx:CqdLFm+41zffH+++0ggjL6UUUUO9Tfvv
TLSH T13743C0D25A18843402513D5E72B6A936B924F3EDE0CE5B0346B2F9B0B6F144F2768EC7
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-6218 CVE-2025-8088 rar UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Лист_4_11_2_1537_03.02.2026.pdf
File size:1'532 bytes
SHA256 hash: 1f3e759fdee76ded73be6472b821b5833976894e40e1372c019e5b440d425eb3
MD5 hash: 3da2e69f3541904681368fe304e0a544
MIME type:text/plain
File name:Лист_4_11_2_1537_03.02.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_.._.._Programs_Startup_4_11_2_1537_03.02.2026.HTA
File size:13'448 bytes
SHA256 hash: 2ae5c7931b2aae135881c278f5396d52b4689a65618732e7fa252847c4afad94
MD5 hash: 11d665a5e07192cbdb5afcbfe9779343
MIME type:text/html
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/63e093cb-7ec9-4e97-805a-90902a795ef8/
Detection(s):
TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL
Create hunting rule

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6981b52d4cec271dd7055cfd
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6981b52a552d46acbff0668d/reports/5a39c110-4cc3-4d2f-be44-d20f52bcccf2/overview
Verdict:
Malicious
Labled as:
CVE-2025-8088
Link:
https://www.hybrid-analysis.com/sample/30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828
Verdict:
Malicious
File Type:
rar
Link:
https://opentip.kaspersky.com/30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828/
Threat name:
Binary.Exploit.CVE-2025-8088
Create hunting rule
Status:
Malicious
First seen:
2026-02-03 08:44:26 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
2 of 36 (5.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gdfl5q4icey5rcj3rrtnkovrgpltrfcqtycya3tfwtgi3cq7paua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
adware discovery spyware
Link:
https://tria.ge/reports/260203-ph6e1sgt8e/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/30cabec3881131d8893b8c66d53ab133d73894509e05806e65b4cc8d8a1f7828

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:SUSP_RAR_NTFS_ADS
Create hunting rule
Author:Proofpoint
Description:Detects RAR archive with NTFS alternate data stream
Reference:https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats
Rule name:WinRAR_CVE_2025_8088_Exploit
Create hunting rule
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments