MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 482eaafcd2e09b3c766c51546bbe1a2af495eb1c7bada6f87deec4d27ce8c837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash: 482eaafcd2e09b3c766c51546bbe1a2af495eb1c7bada6f87deec4d27ce8c837
SHA3-384 hash: 4ef70038f5e6ddb0b6572370f16188aec29bc3c7bb507d20856dff2375ac1d9fdaccc998da896bdd60d21ada778708c5
SHA1 hash: 08a13e0f2f53e7972a4bb3c30d9310ced8a6afb9
MD5 hash: f0b61343e6d42bf08e24f95ef1a9fcee
humanhash: orange-wyoming-california-video
File name:1_11_4_1480_11.02.2026.rar
Download: download sample
File size:90'348 bytes
First seen:2026-07-10 10:08:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:Ewq2XJPB4reOEPPaK6SRFaRXWlCs/1ui2HuwSFzeCpF7gz0Uw0y0y0y0y0y0y0yg:ENRnEPPtXAWlv1ui2HDSFzew7gwYf7kK
TLSH T101938EB2291D7178DA056BF4788B2966524013CCFADC7F17CB40D358EF8EA6B1858E93
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-8088 rar UKR

Intelligence


File Origin
# of uploads :
1
# of downloads :
78
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Скарга_1_11_4_1480_11.02.2026.pdf
File size:1'437 bytes
SHA256 hash: 9708f7517239eb82e24ee2f5c3f4ee9c7457bd7f9177b5379634ad52b6c98e28
MD5 hash: 3f35b97c109bfb31908001acd4717c2a
MIME type:text/plain
File name:Скарга_1_11_4_1480_11.02.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_1_11_4_1480_11.02.2026.HTA
File size:81'136 bytes
SHA256 hash: 7e0bb811fef2ba01953b4f93eceb036d5793845cbf01f691b006b42892b9deaa
MD5 hash: 81f37186f11a4ac8def13bcd7294b616
MIME type:text/html
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
rar
First seen:
2026-07-10T07:07:00Z UTC
Last seen:
2026-07-11T21:43:00Z UTC
Hits:
~10
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Threat name:
Win32.Trojan.Ravartar
Status:
Malicious
First seen:
2026-07-10 10:09:53 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
actor:romcom actor:storm_0978 adware apt discovery exploit spyware vuln:cve_2025_8088
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:SUSP_RAR_NTFS_ADS
Author:Proofpoint
Description:Detects RAR archive with NTFS alternate data stream
Reference:https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats
Rule name:WinRAR_CVE_2025_8088_Exploit
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments