MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8
SHA3-384 hash: 7c6b8224600671ae5b98fca9fc7055581d00d6fba3f42131239d7453d5d4c1b4e5c34f6862e0b82bca7fe365b862bbfa
SHA1 hash: 7101d5ff941ca92ea9e80d31bee1700dcd598b2d
MD5 hash: 24784c11802ec72b4cdcf8f09f393072
humanhash: echo-lima-mirror-freddie
File name:2-1180-25_24.06.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:11'431 bytes
First seen:2025-06-27 10:43:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:P7SQXkvQ833p9meBymYL5UwSTSQOjhup0Ofyrb8OJIQcsAS6nHNA:2QXEQ8p7B9YLyddOjhu7fIoOPuRHNA
TLSH T11232C0B215093EDDC45EB13F93B41780182976983513FAA7F6E9C8F9610A83C475E09C
Magika zip
Reporter smica83
Tags:apt gamaredon UKR zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
HU HU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:2-1180-25_24.06.2025.HTA
File size:3'636 bytes
SHA256 hash: e4258bdfa82a1065aa1095ae2c6da4240f6ebe20ba285e56f1e216eec5984510
MD5 hash: 4e6f239440ee9f18b1361c6776966ec9
MIME type:text/html
Signature Gamaredon
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTA.Gamaredon-D.31257.25154.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685e760c0fceda814b468903
Tags:
n/a
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8/results/dashboard
Payload URLs
URL
File name
https://nylonjEd.com
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta obfuscated
Link:
https://www.filescan.io/uploads/685e760fc4a908e875dc3ccc/reports/fc407947-6f2d-4a87-a55f-40504c4ac17f/overview
Verdict:
Suspicious
Labled as:
HEUR/Suspar.Generic
Link:
https://www.hybrid-analysis.com/sample/eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8
Score:
41%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/24784c11802ec72b4cdcf8f09f393072
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8/
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-24 09:41:06 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=53i2wfy4isixgbm5frmvlzw57jz2v6ksyyjccc4czbitp5boag4a._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/250627-qnqgesxjv9/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://google.com@document-downloads.ddns.net/OD/sensationaSL/AprilcWs.jpeg
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamaredon
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eed1ab171c449173059d2c5955e6ddfa73aaf952c612210b82c85137f42e01b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments