MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gamaredon

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c
SHA3-384 hash:	bb27e694c4a01c1c3e4498fea19d2b7c5f511d048fbb751118ff2be5bf3141c1557353fd9e8dfc94900f943ea462a4d1
SHA1 hash:	e99eb0a53be3c9479defef7e20341b9ce5e4b5fa
MD5 hash:	0de31d625e0407acb3c3bc847a8d51ab
humanhash:	lactose-paris-failed-alpha
File name:	11-2967-25_23.09.2025.rar
Download:	download sample
Signature	Gamaredon Create hunting rule
File size:	15'654 bytes
First seen:	2025-09-23 18:14:08 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	384:kshw9rCzR83oGtBD3n806b6b6b6b6b60YB14DrGZIlHT:ksQoioGtdn8Zeeeee0YB14HGs
TLSH	T17662B037FF7D75C60CB374E8C42E41942EF0322E4AA21982B05572827082D79CBED5B9
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	smica83
Tags:	apt gamaredon rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	Звернення народного депутата Верховної Ради України IX скликання 11-2967-25_23.09.2025.HTA
File size:	4'506 bytes
SHA256 hash:	18c4d384f8fef858accb57fff9dc4036bf52a051b249696b657162b1adcbf104
MD5 hash:	bd8bd746b35be94eb0223a24793c8b7b
MIME type:	text/html
Signature	Gamaredon

File name:	11-2967-25_23.09.2025.pdf
File size:	9'457 bytes
SHA256 hash:	4eef6f02257c7f01c551b955d5b997a4e009f06e92918ee5adf622c5cb8936b3
MD5 hash:	7c38906f7605070b5040d836541ecbaa
MIME type:	text/plain
Signature	Gamaredon

Vendor Threat Intelligence

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68d2e57267bec058d281976c

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68d2e38c05398d990aefb9ee/reports/46e0f5c6-5c1b-409f-b7d4-5b8d8a9bf7f4/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c

Verdict:

Malicious

File Type:

rar

First seen:

2025-09-24T14:20:00Z UTC

Last seen:

2025-09-24T14:20:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/0de31d625e0407acb3c3bc847a8d51ab

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c/

Threat name:

Binary.Trojan.Gamaredon

Status:

Malicious

First seen:

2025-09-23 17:20:07 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

6 of 38 (15.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nayu5e5upv3u4n4njrlt6ccbpp2a5llbzkxk7pasrq6g374wvyga._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/68314e93b47d774e378d4c573f08417bf40ead61caaeafbc128c3c6dff96ae0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample