MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09
SHA3-384 hash: b96cf6038e952b47e1306602ee3b01f37e785db78a6235932e0c9471ab172ee7809146a8fcc6ffe795fd32e923918b53
SHA1 hash: 745962bea13e68f93ac36163026865b7e3826103
MD5 hash: 04c44dc56980df576de4863458293b4c
humanhash: oranges-ceiling-golf-chicken
File name:2-1180-25_03.06.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:10'608 bytes
First seen:2025-06-04 23:21:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:qxuwBnQS407MgUXyPHOj3gTJFdz55Labi9ZYXUdeaIiQdxa9yJzZwj7+rT:2qjgVYwtB5Ll8XZa7QTZ4+v
TLSH T18F22BF6ECCA21204D20577B9504A7CFEBF7A91CA8A9C252F24F94CF168842C763D57ED
Magika zip
Reporter smica83
Tags:apt gamaredon UKR zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
HU HU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:2-1180-25_03.06.2025.HTA
File size:3'549 bytes
SHA256 hash: 270c3b05a1bf1569ec6d2c60cd9c0ac5e6f121c666a00c29e1ff477a6240f8d5
MD5 hash: 50a5287d835e607309931a958cf455dd
MIME type:text/html
Signature Gamaredon
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTA.Gamaredon-D.18291.29460.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6840d62a8bd5d68a12e553c2
Tags:
virus spawn sage
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09/results/dashboard
Payload URLs
URL
File name
https://speedyy7O.com
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta obfuscated
Link:
https://www.filescan.io/uploads/6840d6f6fd02ed5e0598b935/reports/db5a9959-b9de-45b4-8ab3-d4f7bdd5d3d7/overview
Verdict:
Suspicious
Labled as:
HEUR/Suspar.Generic
Link:
https://www.hybrid-analysis.com/sample/9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09
Score:
10%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09
Gathering data
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-06-04 18:19:22 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ttta3xqrygwxflzcztlxjqhp5hc2ebxj3t54eoekdme4y4dup4eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Gamaredon

3611035faf63b8bf14c88a9bd02e3783f2bde3128c97f6317d4d4c912463ef39

Gamaredon

zip 9ce60dde11c1ad72af22ccd774c0efe9c5a206e9dcfbc2388a1b09cc70747f09

(this sample)

  
X
https://x.com/malwrhunterteam/status/1930356941236084866?t=x3cbTl4oFxbRIGlplK-Qmg&s=19
  
Dropped by
MD5 ba053b1357cb472539d6c9b9348f8e46
  
Dropped by
SHA256 3611035faf63b8bf14c88a9bd02e3783f2bde3128c97f6317d4d4c912463ef39

Comments