MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96c58e4ddb87760bdfc0067fa67e8481b4c689d943d1e2a4a518b395f7e731e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96c58e4ddb87760bdfc0067fa67e8481b4c689d943d1e2a4a518b395f7e731e6
SHA3-384 hash: df32794108f71238563eaf703b021d8107dc4ed0be37859dc9ab543fdfb5e4cee5f3ab6bf7315af29075116d7bba4b97
SHA1 hash: 12432084e2dee368021a7f5604787e5ecb97447e
MD5 hash: f3e3bcd0a5406db01369ef21e398bf40
humanhash: pluto-robin-winner-helium
File name:FreeFortniteCleaner.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'838 bytes
First seen:2025-12-03 13:55:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 123
ssdeep 48:lHQy+o+H5B4/sEgzyFIyRriD0kvpokm5QEr0D:tQxok5B41Rry0kuv5QEE
TLSH T13131193C1B2CA830DA24204858EBC7B571E34B2C9C6E1239B567A57330946C031FAF63
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:pw-123 rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
NL NL
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:blockdriv.rar
File size:427 bytes
SHA256 hash: d9e15fde6e53232440a87199d5cf3dbce1892f6bb8adf8468afeea27bff6cd1e
MD5 hash: 40901f10f77409cd454e4c2e4b545222
MIME type:application/x-rar
Signature AgentTesla
File name:RankupServicecleanerV6.lnk
File size:1'943 bytes
SHA256 hash: df51f20d01a0930305155c468922835ba1331559312b929befa44e7384b589f4
MD5 hash: a4c46b877bad19f547216ab470ce572f
MIME type:application/octet-stream
Signature AgentTesla
Vendor Threat Intelligence
Details
No details
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e66de0277c2bd8bc5de58d
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/96c58e4ddb87760bdfc0067fa67e8481b4c689d943d1e2a4a518b395f7e731e6
Result
Gathering data
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96c58e4ddb87760bdfc0067fa67e8481b4c689d943d1e2a4a518b395f7e731e6/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3cy4to3q53axx6aaz72m7ueqg2mncozipi6fjffdczzl57hghta._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion
Link:
https://tria.ge/reports/251203-rn459azlg1/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Downloads MZ/PE file
Looks for VMWare Tools registry key
Looks for VMWare services registry key.
Enumerates VirtualBox registry keys
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

rar 96c58e4ddb87760bdfc0067fa67e8481b4c689d943d1e2a4a518b395f7e731e6

(this sample)

AgentTesla

Executable exe 964f1a49f5204ea173a64cc729ba0d026555eef213d8a71eb3dd18c942512e7a

AgentTesla

Shortcut (lnk) lnk e42facfa650f7b6fb31f2cc187f623993d316701e3d20188d9eb260c2f14511b

  
Dropping
SHA256 e42facfa650f7b6fb31f2cc187f623993d316701e3d20188d9eb260c2f14511b
  
Dropping
MD5 ae923718718106af1805275b712f998c

Comments