MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33
SHA3-384 hash: eb8233645eff8cd6341d759c5c5ada8ac66c96b085a63475bee415a5fa0896b32854186af54f7d6d4824263bb2446b8b
SHA1 hash: 8810fb7b44fa22e09abaf666911cc7b92df026f9
MD5 hash: 98f4d07fe705ddfb6fd348e4ca083fda
humanhash: arkansas-bulldog-papa-connecticut
File name:357-16230-25_24.10.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:5'911 bytes
First seen:2025-10-24 18:18:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 96:ZSULYMIGHXCHAbzvO4v8OP4p3snDMmJH9AyJW2py+jYSts3ZE1+bpcWruorjN+7e:VLKGHXCHAbzvlUOPu+MmJH9AyJW+iqAR
TLSH T1C4C19F14FEE16791E4F10965CE8B579070219D43B441EFBB2B962326B6E31FB8579110
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:gamaredon rar UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Повістка про виклик_357-16230-25_24.10.2025.pdf
File size:9'433 bytes
SHA256 hash: 7e7cdaac7a508b43d0971c92c72517a93f2dabdc0b91b7e4250bc4f672158bfc
MD5 hash: b3ef7841d96e5643653707d3460dd924
MIME type:text/plain
Signature Gamaredon
File name:Повістка про виклик_357-16230-25_24.10.2025.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_357-16230-25_24.10.2025.HTA
File size:5'152 bytes
SHA256 hash: fe3c9988490f950ed0d34d807664161bd90ef4e981e314f5a62e37cdd2cc2127
MD5 hash: f2368a466c7a67ab3690736dd9d84f62
MIME type:text/html
Signature Gamaredon
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fbc3053bdc93eb0563ecba
Tags:
n/a
Verdict:
Suspicious
Labled as:
CVE-2025-8088
Link:
https://www.hybrid-analysis.com/sample/cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33
Verdict:
Malicious
File Type:
rar
First seen:
2025-10-24T08:40:00Z UTC
Last seen:
2025-10-24T08:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33/
Threat name:
Document-HTML.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-10-24 13:44:21 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zpt2fkuwtx75sabcn2n6eovtu733ej2kyaiacus52iderazgpmzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cbe7a2aa969dffd900226e9be23ab3a7f7b2274ac01001525dd2064883267b33

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:SUSP_RAR_NTFS_ADS
Create hunting rule
Author:Proofpoint
Description:Detects RAR archive with NTFS alternate data stream
Reference:https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats
Rule name:WinRAR_CVE_2025_8088_Exploit
Create hunting rule
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments