MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5834faf19f1b7bb34f25999d86cac6664ae8f5c578c32eef0ca5fa894ab152d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5834faf19f1b7bb34f25999d86cac6664ae8f5c578c32eef0ca5fa894ab152d6
SHA3-384 hash: a903f0a02d31a42df6fdecdd3f53295c245eab894ae1c03993487c24603e3a389ec891d9fd9ccb581725c21bacfbdf39
SHA1 hash: d76a3d5da74e8de5f65aaa42c7de212775812cd6
MD5 hash: 6d45d104a804872df43b183856d60a54
humanhash: comet-mango-uranus-orange
File name:FreeFortniteCheat.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:521'966 bytes
First seen:2025-12-03 13:49:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 123
ssdeep 12288:S2sC/bMXw1egDPvN8Oc3oJekehg+Jac8no6C3hCS:PR4X10SOc3oJekehguac8ZQIS
TLSH T12CB423C4D296D42669C115F660A4BDD06CB90EF83C661E37AB2D4016FFE0D2B7B1D0E8
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:AgentTesla pw-123 rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
NL NL
File Archive Information

This file archive contains 6 file(s), sorted by their relevance:

File name:mapper.exe
File size:140'288 bytes
SHA256 hash: e314d223698e2ea8da7168e67116d98b559ec5119f69d3490217317bff702911
MD5 hash: e403fa13b64564046fab163e7c769d30
MIME type:application/x-dosexec
Signature AgentTesla
File name:driver.sys
File size:11'264 bytes
SHA256 hash: a34e11c2f4efe61f499b0a7e6968bd55b4c2fdfa72ffcd800c169f45b84c9ca9
MD5 hash: eee876b008cc6a02ddde922df21c444d
MIME type:application/x-dosexec
Signature AgentTesla
File name:dControl.rar
File size:455'514 bytes
SHA256 hash: 1c52dd820b66e3f5307b6b59ef0fcd46600d40cd7a3d86a8d181d59431d6c0ef
MD5 hash: d1371ea489a7276525b153c600edbc63
MIME type:application/x-rar
Signature AgentTesla
File name:blockdriv.rar
File size:427 bytes
SHA256 hash: d9e15fde6e53232440a87199d5cf3dbce1892f6bb8adf8468afeea27bff6cd1e
MD5 hash: 40901f10f77409cd454e4c2e4b545222
MIME type:application/x-rar
Signature AgentTesla
File name:drag driver.sys in to mapper
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Signature AgentTesla
File name:RankupServicefreecheatV6.lnk
File size:1'943 bytes
SHA256 hash: b529cef98058b9944f2655530e6ed5599163c96b76da36150e7c7247e956e373
MD5 hash: 1d5ef619ebda611a1ae7211164ec1328
MIME type:application/octet-stream
Signature AgentTesla
Vendor Threat Intelligence
Details
No details
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e66df9277c2bd8bc5de5e5
Tags:
dropper virus sage
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5834faf19f1b7bb34f25999d86cac6664ae8f5c578c32eef0ca5fa894ab152d6
Result
Gathering data
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5834faf19f1b7bb34f25999d86cac6664ae8f5c578c32eef0ca5fa894ab152d6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=la2pv4m7dn53gtzftgoynswgmzfor5ofpdbs53ymux5issvrklla._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery upx
Link:
https://tria.ge/reports/251203-rn459azlgz/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:killer_rookit
Create hunting rule
Author:wtl
Description:detect killer rookit
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

rar 5834faf19f1b7bb34f25999d86cac6664ae8f5c578c32eef0ca5fa894ab152d6

(this sample)

AgentTesla

Executable exe d4afec965d05ba32766a802f6611faa86405cb36b857b65de8d4c83b1f152806

AgentTesla

Shortcut (lnk) lnk b529cef98058b9944f2655530e6ed5599163c96b76da36150e7c7247e956e373

  
Dropping
SHA256 b529cef98058b9944f2655530e6ed5599163c96b76da36150e7c7247e956e373
  
Dropping
MD5 1d5ef619ebda611a1ae7211164ec1328

Comments