MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 4 File information Comments

SHA256 hash:	d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3
SHA3-384 hash:	02e49027c09f2733f28305ccd54bb44bf933a236e7987e979b5d011b1be5ab39eaae9ae4e315c5628af6ba5adfd1f2bf
SHA1 hash:	a868bb63faa1ad42e0f059b4e2a5935e33d91520
MD5 hash:	30d9d3588818bf0a11b7bbced4d57574
humanhash:	lithium-papa-burger-salami
File name:	Payment_Receipt.rar
Download:	download sample
File size:	22'982 bytes
First seen:	2026-05-14 05:22:08 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	384:WPfHNIPTPaPvP6PsMPjPy/P1PLPOPvPuPGPTP0PPPmPxP2PzPyAP6PF:WPWPTPaPvP6PdPjPy/P1PLPOPvPuPGPz
TLSH	T113A284677418F4EECE2974F569FAA05B38913D40E06D8BE9A50668DD0FE2845FC3D0C6
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	__0XYC__
Tags:	rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/1161d17a-a258-4e52-b04f-581c16ada9fd/

Detection(s):

TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a055c18953bbcef1c903829

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6a055c132fcb905ec2963cd4/reports/8f32ed8f-55a9-4f82-874f-067f9f24786a/overview

Verdict:

Malicious

Labled as:

CVE-2025-8088

Link:

https://www.hybrid-analysis.com/sample/d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3

Verdict:

Malicious

File Type:

rar

First seen:

2026-05-14T03:54:00Z UTC

Last seen:

2026-05-16T00:38:00Z UTC

Hits:

~10

Detections:

HEUR:Exploit.WinLNK.CVE-2024-38217.a HEUR:Exploit.Multi.CVE-2025-8088.gen HEUR:Exploit.Multi.CVE-2025-8088.b HEUR:Exploit.Multi.CVE-2025-6218.b

Link:

https://opentip.kaspersky.com/d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/30d9d3588818bf0a11b7bbced4d57574

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3/

Verdict:

Malicious

Threat:

CVE-2025-6218

Link:

https://tip.neiki.dev/file/d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3

Threat name:

Win32.Exploit.CVE-2025-8088

Status:

Malicious

First seen:

2026-05-14 05:22:54 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=24tez7bobvzwutfhbvldzhztrnika35isnpuzk3b22g5mfhxkprq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d7264cfc2e0d736a4ca70d563c9f338b50a06fa8935f4cab61d68dd614f753e3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	SUSP_RAR_NTFS_ADS Create hunting rule
Author:	Proofpoint
Description:	Detects RAR archive with NTFS alternate data stream
Reference:	https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Rule name:	WinRAR_ADS_Traversal Create hunting rule
Author:	@bartblaze
Description:	Identifies potential ADS traversal in RAR archives, seen in vulnerabilities such as CVE‑2025‑6218 and CVE-2025-8088.
Reference:	https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

Rule name:	WinRAR_CVE_2025_8088_Exploit Create hunting rule
Author:	marcin@ulikowski.pl
Description:	Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:	https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

https://x.com/__0XYC__/status/2054792675887382660?s=20

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample