MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0
SHA3-384 hash: f59fb7e8be8a616c9f371f80bbffd44655230df989383bc0c1ca8ff1ea4f3ed84ac2e36e6766c8d4d7f7df5fa36bfe53
SHA1 hash: 11cf68b2d660dbb560133f9ed516be675fb64176
MD5 hash: bc1c4e1475dc0dc2b6b6a0fc0eb88fcd
humanhash: orange-kansas-cold-colorado
File name:2-13476-2025_08.09.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:18'479 bytes
First seen:2025-09-09 09:28:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:2CFzcCiW2i3SlRFxkaiRs20HPxXwFPIywFxR4fR4fR4H+oTnniHc:2CFci32Pes2KPUgxxRgRgRLoTni8
TLSH T15482CF3D05668212DD444EB66A09530AFC7A752E722BFB1DE07A40F0B8C85BF1591FC8
Magika zip
Reporter smica83
Tags:apt gamaredon UKR zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Повістка про виклик до військового комісаріату 2-13476-2025_08.09.2025.HTA
File size:8'519 bytes
SHA256 hash: 3febbfe36a843e3ec979fb2e0f8de185520e18fa1de23fa3f5c711549270eaa1
MD5 hash: 85f2183ed6ae4551e70f3af906dcbd02
MIME type:text/html
Signature Gamaredon
File name:2-13476-2025_08.09.2025.pdf
File size:9'345 bytes
SHA256 hash: 8c51309c8cdab4f6ec71805382c955e473139138b8de6d5893c425315cbfcd91
MD5 hash: 08878b4a28850006fdfb28f9c0cb7853
MIME type:text/plain
Signature Gamaredon
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68bff348b2005259887919d4
Tags:
infosteal backdoor spawn sage
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68bff34ca7b97e046b9353ff/reports/1fc67d06-c409-4751-837e-f95ef7d6eb2e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0
Verdict:
Malicious
File Type:
zip
First seen:
2025-09-09T07:24:00Z UTC
Last seen:
2025-09-09T07:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0/results?tab=lookup
Score:
18%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0/
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 20:23:27 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lkfk3jf3yn6xt6jtjfmhuy47gixljudi3ugfxajr2o3jz6oigpqa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware discovery spyware
Link:
https://tria.ge/reports/250909-nacx3a1pt6/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a8aada4bbc37d79f93349587a639f322eb4d068dd0c5b8131d3b69cf9c833e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments