Exploring Winrar Vulnerability (CVE-2023-38831)

**Executive summary:** This report analyzes active exploitation of WinRAR CVE-2023-38831 (pre-6.23) where attackers craft ZIPs that abuse identical file/folder names and trailing spaces to cause WinRAR to extract and execute malicious files; the sample chain includes a CAB SFX, a VB dropper (AMD.exe) that extracts and registers a malicious DLL (Core.ocx) via COM registration, persistence via registry keys, and C2 communication (noted IP 37.120.158.229), and provides IOCs (SHA256) and remediation guidance to update WinRAR and use endpoint protection.