MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63
SHA3-384 hash: 2c13ac65cdf83781588dac641a743ae0c01ccd57c6a54a6e8ed6228d6c1d7d3e2ab12b7c1ab1838ef4379fa15a38cf93
SHA1 hash: 84047b64950aa7c9006fbccaf7300adc593f7ad9
MD5 hash: 97d09dff53344cd37821ceff7f3c416c
humanhash: april-seventeen-fruit-hot
File name:Scan_5_18_4_1202_09.04.2026.rar
Download: download sample
File size:69'761 bytes
First seen:2026-04-09 20:02:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:XhuUJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJddddddddddd8:X+
TLSH T16B635CB3179FA145E10B78CA3FC0A2DA0B161968C4B92A730607C977EFDCC678A5B5D4
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-8088 rar UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Scan_5_18_4_1202_09.04.2026.pdf
File size:1'825 bytes
SHA256 hash: f61f9b81e5481609989dcd978b5bd41ecb15702ccbc5e083672b3c385e2f920b
MD5 hash: 81bd782cd7cc9e1c295188c134df54b6
MIME type:text/plain
File name:Scan_5_18_4_1202_09.04.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_.._.._Microsoft_Windows_Start Menu_Programs_.._Programs_.._Programs_Startup_5_18_4_1202_09.04.2026.vbs
File size:33'244 bytes
SHA256 hash: 6e016724df082936cc98869b30134845ae6455e1b551e3fe421d2cdb7ed1dc66
MD5 hash: 5171d96141f05cadfec166c805fe7823
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/2a576cbd-ac4d-4e3a-830a-f68b1e8bd75c/
Detection(s):
TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL
Create hunting rule

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d805d66a61012f6ad070de
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69d805d15ea31bc68a1c0ce7/reports/10174b8e-44ba-49f3-8caa-ae2414dd9032/overview
Verdict:
Malicious
Labled as:
CVE-2025-8088
Link:
https://www.hybrid-analysis.com/sample/fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63
Verdict:
Malicious
File Type:
rar
First seen:
2026-04-09T12:45:00Z UTC
Last seen:
2026-04-09T19:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63/
Threat name:
Win32.Trojan.Seheq
Create hunting rule
Status:
Malicious
First seen:
2026-04-09 20:02:49 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7iam4hylytldl7srfstk2ttrotnbsb5itmyzkaqsq36i3jadp5rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa00ce1f0bc4d635fe512ca6ad4e7174da1907a89b3195021286fc8da4037f63

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:SUSP_RAR_NTFS_ADS
Create hunting rule
Author:Proofpoint
Description:Detects RAR archive with NTFS alternate data stream
Reference:https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats
Rule name:WinRAR_CVE_2025_8088_Exploit
Create hunting rule
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments