Festival
Professionals
UNG:DOX
slider navigation
slider navigation
PL_BFRn.rar
PL_BFRn.rar
Sunspot
da / en
Tickets
When you have bought tickets, they will show up here
Date
Quantity
Event
Venue
    * Tickets bought via EAN are not shown here.
    Passes
    When you have bought a pass, or is assigned one, it will show up here
    Active
    Type
    Name
      Festival
      Professionals
      UNG:DOX
      Tickets
      When you have bought tickets, they will show up here
      Date
      Quantity
      Event
      Venue
        * Tickets bought via EAN are not shown here.
        Passes
        When you have bought a pass, or is assigned one, it will show up here
        Active
        Type
        Name
          da / en
          slider navigation
          slider navigation

          11. – 22. March 2026

          slider navigation
          Tickets
          When you have bought tickets, they will show up here
          Date
          Quantity
          Event
          Venue
            * Tickets bought via EAN are not shown here.
            Passes
            When you have bought a pass, or is assigned one, it will show up here
            Active
            Type
            Name
              Sunspot

              Pl_bfrn.rar

              Analysis of similar samples (e.g., on ANY.RUN ) reveals the following characteristics: RAR Archive containing an executable (.exe). Malware Family: Agent Tesla (Spyware/Infostealer).

              The file is identified as a malicious archive, typically associated with Agent Tesla or Guploader malware campaigns . These files are often distributed via phishing emails disguised as business documents like purchase orders or price lists (hence the "PL" prefix). 🛡️ Technical Summary PL_BFRn.rar

              Targets Chrome, Firefox, and Edge for saved passwords and cookies. Analysis of similar samples (e

              Email attachments with double extensions (e.g., PL_BFRn.pdf.exe ). 🔍 Behavior Analysis Execution Flow Analysis of similar samples (e.g.

              Check %AppData% or %Temp% for randomly named .exe files.

              Connections to unusual SMTP ports (587, 465) or known malicious IP addresses.

              The user extracts the RAR and runs the hidden executable.