MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7
SHA3-384 hash: a896af184a2298d1f241fab58a2a3a64dc93afd209ffcb41edcdb6dcb943ca7054c5b1bddb6bd20130b3ac7a7561feb4
SHA1 hash: ec96c37eaa81339163c6f259a431567b71a6d326
MD5 hash: 454ea7aa75d57543bd36131d7f2dd7ff
humanhash: ten-green-network-cold
File name:Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.rar
Download: download sample
File size:753'132 bytes
First seen:2026-03-17 07:16:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:3Yoe3z9DXHzA2AZMmrQhrtEqWeq23KvCA0grfAIm04oblnM8gzD4AAUzHXQbmrQN:3Y33zZzqDMvEven3Sl0KfXmWM8gz1AUa
TLSH T19AF423B6E2B62CC5BA243677ED3AB6B8F59CB4B261D551FB20015103C3DF74C85929B0
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-8088 rar UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
HU HU
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.pdf:.._.._.._.._.._.._.._.._.._.._.._.._ProgramData_YDV
File size:1'119'232 bytes
SHA256 hash: b01f31c9541579ad34f4e50acafec252eb419f5b1ca98155e0ec84c19d12c9e4
MD5 hash: d2cf055f564664cc761287628d24953b
MIME type:application/octet-stream
File name:Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.pdf:.._.._.._.._.._Roaming_Microsoft_Windows_Start Menu_Programs_Startup_yXZ9BtFU2OewE.lnk
File size:1'203 bytes
SHA256 hash: 1c170b7470d507378ddb78e9d66305f1184e965baaf2d27ededb23a318a58953
MD5 hash: 587a464ffc174288d3f66d1845133229
MIME type:application/octet-stream
File name:Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.pdf
File size:103'785 bytes
SHA256 hash: c2527a907b209bc4ce911e36b79781ec260f0851eeb466dbeb386d67fec11467
MD5 hash: c06ef1a6be8b92cbc3eb710a7cfe83d7
MIME type:application/pdf
File name:Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.pdf:.._.._.._.._.._.._.._.._.._.._.._.._ProgramData_U0U
File size:69'024 bytes
SHA256 hash: ce78748acd8e9be741b143ad716d735dc682bd5a010427a199744b81456f8e35
MD5 hash: dcdeba12bdfc3a0dce97b2f2ce60789a
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/553c0f36-15e3-49f1-ac4a-7aa02ad25fca/
Detection(s):
TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL
Create hunting rule

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b8fffe88c80c01586b0e9e
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69b8fffb4678eefbc7ad35d2/reports/711dad9e-42ed-4608-a4ee-40ea5269f5ba/overview
Verdict:
Malicious
Labled as:
CVE-2025-8088
Link:
https://www.hybrid-analysis.com/sample/718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7
Verdict:
Malicious
File Type:
rar
Link:
https://opentip.kaspersky.com/718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Link:
https://app.malva.re/file/454ea7aa75d57543bd36131d7f2dd7ff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7/
Threat name:
Win32.Trojan.Suschil
Create hunting rule
Status:
Malicious
First seen:
2026-03-17 07:17:51 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogcgl5cma2ahid5wc6io3i6s6tcsdde54dcwakm4lah2cybnzhdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
adware discovery link pdf spyware
Link:
https://tria.ge/reports/260317-qhd67scy5w/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/718465f44c0680740fb61790eda3d2f4c5218c9de0c560299c580fa1602dc9c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_RAR_NTFS_ADS
Create hunting rule
Author:Proofpoint
Description:Detects RAR archive with NTFS alternate data stream
Reference:https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats
Rule name:WinRAR_ADS_Traversal
Create hunting rule
Author:@bartblaze
Description:Identifies potential ADS traversal in RAR archives, seen in vulnerabilities such as CVE‑2025‑6218 and CVE-2025-8088.
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
Rule name:WinRAR_CVE_2025_8088_Exploit
Create hunting rule
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments