MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700
SHA3-384 hash: a9c7743a22606eaa9e598204e8c5adb1abda91381a914736b104fb1e4b5823e7e2986a88b9106003892f23ac4a348d9f
SHA1 hash: f71b5e4fa574ebc4bdcb769824bb27d9a89dbbfe
MD5 hash: 73211ebe0b8384bfa5e1adcb5ada21d3
humanhash: idaho-item-magazine-shade
File name:2-1180-25_24.06.2025.rar
Download: download sample
Signature Gamaredon
Create hunting rule
File size:15'850 bytes
First seen:2025-06-27 10:41:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:sKuK1g5QRYtG8hR9tkzPx6EzrSltl0MpOCWMpmax64tM6GMGMLn0RDaayjBFk3FR:sKz1gCYzGAQrs7Hma9kVo0cPjBqM3g
TLSH T1C462CF969C96BA08DCCF57F67E07E02E1A119E4E84F0A06D2341D9B4B81594B3C3E31E
Magika zip
Reporter smica83
Tags:apt gamaredon UKR zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
HU HU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:2-1180-25_24.06.2025.HTA
File size:11'343 bytes
SHA256 hash: a32a7175122ec0296f612ecb3874b82296e38e4178dd50cb36b859f046d26a17
MD5 hash: e4fb56a7693690c2ab0f738877896f3c
MIME type:text/html
Signature Gamaredon
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTA.Gamaredon-D.7012.15.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685e756a0fceda814b4688ea
Tags:
infosteal spawn overt sage
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700/results/dashboard
Payload URLs
URL
File name
https://deliverfH3.com
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta obfuscated
Link:
https://www.filescan.io/uploads/685e7575d1f1eb5d81c8601d/reports/b3b5ec92-0779-44d9-8c7e-e4913c691195/overview
Verdict:
Suspicious
Labled as:
HEUR/Suspar.Generic
Link:
https://www.hybrid-analysis.com/sample/fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700
Score:
48%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc249b4686f4cfd98ab016aac32ecccf947012321a321d8e6463c17401b0c700/
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-24 17:09:41 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qsjwrug6th5tcvqc2vmglwmz6khaersdizb3dtempaxianqy4aa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/250627-qnp6nagl4z/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://google-pdf.redirectme.net/OD/remisshKY/consentedjtP.jpeg
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments