MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c
SHA3-384 hash: e510fe9a3471a919b33b3340bc95b766b69860025112db7df338c5dbf898b9cb11372c885f7d481654a3e03d19e5dc5a
SHA1 hash: 171aea9d91b6bdfb2177b632d0ae223fcd82e397
MD5 hash: 537dcb0f73ce1aebd7b5f07f4fcaff44
humanhash: video-social-steak-maine
File name:2-1180-25_24.06.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:10'991 bytes
First seen:2025-06-27 10:42:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:f0YJVCA4tm1K321Q7609633s2NDgRhwCgqDsQubVc9TzbzNVZW00y8e+HYxSsHyA:MgX4c1h1U9633KRSFqDsQbjJVb+HUGg
TLSH T16032BF04448AF326DFB943771019FF4B87DEF4F945A62C50736EA4F45CC98670978688
Magika zip
Reporter smica83
Tags:apt gamaredon UKR zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
HU HU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:2-1180-25_24.06.2025.HTA
File size:4'021 bytes
SHA256 hash: 8fe70f3db6d119b85b849272d30b8aee47b310dad42ecbd6e43da8612a38423d
MD5 hash: d6e929a773257b1c36f40498720b958d
MIME type:text/html
Signature Gamaredon
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTA.Gamaredon-D.11093.8581.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685e75ce37c3436779468b3c
Tags:
virus spawn sage
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c/results/dashboard
Payload URLs
URL
File name
https://forgeryGm3.com
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta obfuscated
Link:
https://www.filescan.io/uploads/685e75d145e80b29f8a1836a/reports/851f2529-e5dc-48b6-b66c-ee469709e738/overview
Verdict:
Suspicious
Labled as:
HEUR/Suspar.Generic
Link:
https://www.hybrid-analysis.com/sample/ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c
Score:
14%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/537dcb0f73ce1aebd7b5f07f4fcaff44
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c/
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-06-24 12:11:36 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vnkimlyybm3zzogwcl53ekeriaxh2vivdw5ipz5rdzc4lzc3nv6a._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/250627-qnp6nazvbt/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://print-documents.freedynamicdns.net/SS/atomN2s/rewardU26.jpeg
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamaredon
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ab54862f180b379cb8d612fbb22891402e7d55151dba87e7b11e45c5e45b6d7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments