MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA 24 File information Comments

SHA256 hash:	a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622
SHA3-384 hash:	9f5179b6c090700ac69d0890df49789815cde6c59355aa996c049febb8c45626feb25dbe286814cca4caad80eb5cc830
SHA1 hash:	7e9de87ee2f7134635f42f278e5fd149f006fe0d
MD5 hash:	c498bf06cace35a21f9e54aca071a663
humanhash:	jig-ink-fanta-yankee
File name:	FreeFortniteCheat.rar
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'881'774 bytes
First seen:	2025-10-17 12:57:20 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
Note:	This file is a password protected archive. The password is: 123
ssdeep	49152:FY1FOTehg8LqU2f+oVvxrp6XJL7oqGvql:ujJhNsVFgcqGvql
TLSH	T1B79533C8FDB8E0326ED529BEA1A9728215F45D143D9119B9C608D053FE6CC7B731E8E8
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	burger
Tags:	DCRat pw-123 rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file is a password protected archive. The password is: 123

This file archive contains 6 file(s), sorted by their relevance:

File name:	mapper.exe
File size:	140'288 bytes
SHA256 hash:	e314d223698e2ea8da7168e67116d98b559ec5119f69d3490217317bff702911
MD5 hash:	e403fa13b64564046fab163e7c769d30
MIME type:	application/x-dosexec
Signature	AgentTesla

File name:	driver.sys
File size:	11'264 bytes
SHA256 hash:	a34e11c2f4efe61f499b0a7e6968bd55b4c2fdfa72ffcd800c169f45b84c9ca9
MD5 hash:	eee876b008cc6a02ddde922df21c444d
MIME type:	application/x-dosexec
Signature	AgentTesla

File name:	dControl.rar
File size:	455'514 bytes
SHA256 hash:	1c52dd820b66e3f5307b6b59ef0fcd46600d40cd7a3d86a8d181d59431d6c0ef
MD5 hash:	d1371ea489a7276525b153c600edbc63
MIME type:	application/x-rar
Signature	AgentTesla

File name:	blockdriv.rar
File size:	427 bytes
SHA256 hash:	d9e15fde6e53232440a87199d5cf3dbce1892f6bb8adf8468afeea27bff6cd1e
MD5 hash:	40901f10f77409cd454e4c2e4b545222
MIME type:	application/x-rar
Signature	AgentTesla

File name:	drag driver.sys in to mapper
File size:	0 bytes
SHA256 hash:	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash:	d41d8cd98f00b204e9800998ecf8427e
MIME type:	inode/x-empty
Signature	AgentTesla

File name:	RankupServicefreecheatV5.exe
File size:	2'035'136 bytes
SHA256 hash:	7d762632cff476032847ec9e7eaaa403009624e1c1ec87cb92371e84df25945d
MD5 hash:	1efe2abb6d18b2635beafa60a7116a1e
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68e66df9277c2bd8bc5de5e5

Tags:

dropper virus sage

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622

Verdict:

Unknown

File Type:

rar

Link:

https://opentip.kaspersky.com/a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/c498bf06cace35a21f9e54aca071a663

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2025-10-17 12:58:37 UTC

File Type:

Binary (Archive)

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=um4sfoxekcrh4hazgjdzxabffnn6y3qudwfkhoyxgbrun3cgoyra._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Any_SU_Domain Create hunting rule
Author:	you
Description:	Detect any reference to .su domains or subdomains

Rule name:	Check_VBox_Guest_Additions Create hunting rule

Rule name:	Check_VmTools Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_EXE_Packed_Enigma Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with Enigma

Rule name:	killer_rookit Create hunting rule
Author:	wtl
Description:	detect killer rookit

Rule name:	MALWARE_Win_DLAgent10 Create hunting rule
Author:	ditekSHen
Description:	Detects known downloader agent

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	TH_Generic_MassHunt_Win_Malware_2025_CYFARE Create hunting rule
Author:	CYFARE
Description:	Generic Windows malware mass-hunt rule - 2025
Reference:	https://cyfare.net/

Rule name:	win32_dotnet_form_obfuscate Create hunting rule
Author:	Reedus0
Description:	Rule for detecting .NET form obfuscate malware

Rule name:	win32_dotnet_loader Create hunting rule
Author:	Reedus0
Description:	Rule for detecting .NET loader malware

Rule name:	Windows_Generic_MalCert_65514fe0 Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

rar a33922bae450a27e1c1932479b80252b5bec6e141d8aa3bb17306346ec467622

(this sample)

AsyncRAT

exe aa5c7d69d06c6fe831464fe03e9ad4e58fb0e49f0c70b1b56741db2fd758154e

AgentTesla

exe 7d762632cff476032847ec9e7eaaa403009624e1c1ec87cb92371e84df25945d

Dropping

SHA256 7d762632cff476032847ec9e7eaaa403009624e1c1ec87cb92371e84df25945d

Dropping

MD5 1efe2abb6d18b2635beafa60a7116a1e

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample