MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb
SHA3-384 hash: 77ef75d2968d13e5c3588ca85883582c7e7217722245e8c7bcc67572a570981d2d0e196948b98780c0e3512a844cb333
SHA1 hash: fe88ce011c6b856781caab9b7dd176e2108e3b63
MD5 hash: 2a04a7584d90cff161be936b0b3f43c0
humanhash: yankee-crazy-alpha-snake
File name:Запит на отримання інформації командира військової частини А0135_11-967_10.11.2025.HTA
Download: download sample
Signature Gamaredon
Create hunting rule
File size:4'900 bytes
First seen:2025-11-10 10:00:05 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 96:bw0+FNy1L87mjHHHTZOYZZYMOMdjixJKA+nijmjMMx8KN45uhYOiU0UcUfT3G1va:E0CI9+mjHHHTZOYZZYMOMdjixJKbniju
TLSH T1C9A1B26FD51A32DA63E4911BFB4907C1A85BA8C6AA7D68446C46437F3073D38768333B
Magika html
Reporter smica83
Tags:apt gamaredon hta UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6911b7dee2c9ded75d78f707
Tags:
n/a
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb/results/dashboard
Payload URLs
URL
File name
https://UPqdp.AX
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb
Verdict:
Malicious
File Type:
hta
First seen:
2025-11-10T07:30:00Z UTC
Last seen:
2025-11-10T20:45:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.Agent.sb Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1811235
Behaviour
Behavior Graph:
n/a
Score:
23%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Html
Link:
https://app.malva.re/file/2a04a7584d90cff161be936b0b3f43c0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb/
Verdict:
Malicious
Threat:
Trojan.Win32.Agent
Link:
https://tip.neiki.dev/file/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-11-10 10:00:56 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pikbosjjph2ws5d36ejbdp2shvkhtqld44lwkhv3uifnoobuxc5q._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/251110-l15dwswmcy/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Badlisted process makes network request
Malware Config
Dropper Extraction:
http://nv.ua@serversftp.serveirc.com?/sss_10.11.2025/dialGSd/horribleNQx.pdf
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7a1417492979f569747bf11211bf523d5479c163e717651ebba20ad73834b8bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments