MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 574480a151bc4f07e68de202fb516ecd1a34599939073e3d63bc7056e818bcf7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 574480a151bc4f07e68de202fb516ecd1a34599939073e3d63bc7056e818bcf7
SHA3-384 hash: 0aeabc750eff220378e95e676f88fad754d30a55bee62ea6d7bf1292a352ad35baa461da152c5f73ea50c5b7b6573e27
SHA1 hash: b4cf3037dd53cc7c84e3ca22efc7095e4407b27a
MD5 hash: 55f856126ea739ad5b1946fc4bab8de6
humanhash: nebraska-mango-stairway-fanta
File name:FreeTempSpoofer.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:457'726 bytes
First seen:2025-12-03 12:49:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 123
ssdeep 6144:DWsaq3xHF8SMIDX8bKltQKeEi+zUtT5QDT+LMYlb3RW1kIpjiIqyxX4WfuNUTAI:6sf588SKeEi+oxmDqRRW1XQmXWyb
TLSH T179A42354F13C50234A318A0993BAD21A1DA774DD809F3998FF859C5E9C9ACF8E1D87EC
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:AgentTesla pw-123 rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
NL NL
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:dControl.rar
File size:455'514 bytes
SHA256 hash: 1c52dd820b66e3f5307b6b59ef0fcd46600d40cd7a3d86a8d181d59431d6c0ef
MD5 hash: d1371ea489a7276525b153c600edbc63
MIME type:application/x-rar
Signature AgentTesla
File name:blockdriv.rar
File size:427 bytes
SHA256 hash: d9e15fde6e53232440a87199d5cf3dbce1892f6bb8adf8468afeea27bff6cd1e
MD5 hash: 40901f10f77409cd454e4c2e4b545222
MIME type:application/x-rar
Signature AgentTesla
File name:RankupServiceFreeTempV6.lnk
File size:1'941 bytes
SHA256 hash: dc8fb465d9b20ffd3e35e6b505ccd3ba82eb752f7ee2840a13ff4975dfaacaca
MD5 hash: f2f3f314bb1065195e7edc10429526ac
MIME type:application/octet-stream
Signature AgentTesla
Vendor Threat Intelligence
Details
No details
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e66de0277c2bd8bc5de577
Tags:
applicunwnt injection extens
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/574480a151bc4f07e68de202fb516ecd1a34599939073e3d63bc7056e818bcf7
Result
Gathering data
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/574480a151bc4f07e68de202fb516ecd1a34599939073e3d63bc7056e818bcf7/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5cibikrxrhqpzun4ibpwulozundiwmzhedt4pldxryfn2ayxt3q._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery upx
Link:
https://tria.ge/reports/251203-qb9drszqck/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Downloads MZ/PE file
Looks for VMWare Tools registry key
Looks for VMWare services registry key.
Enumerates VirtualBox registry keys
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

rar 574480a151bc4f07e68de202fb516ecd1a34599939073e3d63bc7056e818bcf7

(this sample)

AgentTesla

Executable exe af48c1ccc7264156dfb8e35fc36cad7ace7d531eadeddf53be927c9c3c7324a0

AgentTesla

Shortcut (lnk) lnk dc8fb465d9b20ffd3e35e6b505ccd3ba82eb752f7ee2840a13ff4975dfaacaca

  
Dropping
SHA256 dc8fb465d9b20ffd3e35e6b505ccd3ba82eb752f7ee2840a13ff4975dfaacaca
  
Dropping
MD5 f2f3f314bb1065195e7edc10429526ac

Comments