MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 18

Intelligence 18 IOCs YARA 5 File information Comments

SHA256 hash:	0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a
SHA3-384 hash:	770ff32674521776d6ed79f005bb1ed4d0476522a4bb928d40446a4e702400a742af3f32d80098def5eca3c23f397ad7
SHA1 hash:	6e2a425e94ef736c5b47fb34d4601218e9ae9331
MD5 hash:	3e009726d6e532ea2f80b81613459c2d
humanhash:	december-enemy-iowa-nine
File name:	0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	827'392 bytes
First seen:	2025-09-05 12:34:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	24576:AB4Qjhs9o77noFI/9BgNiXhOSRkf3Ckr:AbQmo3QhOikf3
TLSH	T19D0501D72601D607CD667F700CB1D3B9D3A5DE88A011C3176AE1FEDB353AE426A8E182
TrID	69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.0% (.EXE) Win64 Executable (generic) (10522/11/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.2% (.EXE) Win32 Executable (generic) (4504/4/1) 1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika	pebin
Reporter	adrian__luca
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

agenttesla

ID:

File name:

0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a

Verdict:

Malicious activity

Analysis date:

2025-09-05 15:00:24 UTC

Tags:

netreactor stealer ultravnc rmm-tool exfiltration smtp agenttesla

Link:

https://app.any.run/tasks/0a9a4d03-a4d8-4cd4-b364-acb1b3736007

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

AgentTesla

Link:

https://www.capesandbox.com/analysis/25352/

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68bad8ffeb163e0ec18479f0

Tags:

agensla virus lien msil

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Using the Windows Management Instrumentation requests

Reading critical registry keys

Launching a service

Stealing user critical data

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

fareit obfuscated obfuscated packed packed packer_detected vbnet

Link:

https://www.filescan.io/uploads/68badd9e14a3b51cba508041/reports/4db18c59-b12b-4a94-b93b-1e38bd6ad2bb/overview

Verdict:

Malicious

Labled as:

Genie.8DN.Generic

Link:

https://www.hybrid-analysis.com/sample/0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-08-13T23:13:00Z UTC

Last seen:

2025-08-13T23:13:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/baf633ba-408d-4241-93d9-2cb02b1bbb71

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.30 Win 32 Exe x86

Link:

https://app.malva.re/file/3e009726d6e532ea2f80b81613459c2d

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a/

Threat name:

ByteCode-MSIL.Trojan.InfostealerTesla

Status:

Malicious

First seen:

2025-08-14 02:09:28 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bk2l773axycbjd5dfuuvl7e7ehqe3ezpn6jlipvsjmarg4selqna._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery keylogger spyware stealer trojan

Link:

https://tria.ge/reports/250905-p5qm3swrs8/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Agenttesla family

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/632be059-09ca-44f7-99f4-31683b5cbbfa

Unpacked files

SH256 hash:

0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a

MD5 hash:

3e009726d6e532ea2f80b81613459c2d

SHA1 hash:

6e2a425e94ef736c5b47fb34d4601218e9ae9331

Link:

https://www.unpac.me/results/657e7a7b-b947-4d8f-9533-c55ab0f3dde8/

SH256 hash:

ae9636466d21decb91b7506adffce283e2652a10b4a54a665f6fe95362401f8e

MD5 hash:

99cbfdf6df98b1f5871eab4e7ad72ce6

SHA1 hash:

1810136683336172ac6c7c253eacf180e3384689

Link:

https://www.unpac.me/results/657e7a7b-b947-4d8f-9533-c55ab0f3dde8/

SH256 hash:

c1f939b52262e14e93e1b9806481e8177af0371b5a3d8cbfb498d1ba92f510d7

MD5 hash:

e74090efab3ddc30209355b2b1092e88

SHA1 hash:

5631583ff174d123a6b8416ee4847300b9cd9fbd

Detections:

win_agent_tesla_g2

AgentTesla

INDICATOR_EXE_Packed_GEN01

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID

Agenttesla_type2

Link:

https://www.unpac.me/results/657e7a7b-b947-4d8f-9533-c55ab0f3dde8/

Parent samples :

d356ba191bb34c5674c8de83cbd59ec77975b7a3e4757eace8ac784818131065
d9750b998c1c81b7ae4ced24eb1edeb1533c2b399c0e4dc0118cb43625814d5e
d94821fc5dd20efbe9aca1fc1bcd764c202f34a93590e3ed5cf81505bd45f769
e1a0771b4e2b6524eee712641b99aa2890a5e3a7bd2664b70db58049a973a9e5
53823787f8cd69b1887e545c1130de4c77a6939fed24d2753634704ae6aa1c90
0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a
3cb3401f42c9b3847e85aa6cdae6e981b576d289a21a6b7d166879e2b6ae5d6f

SH256 hash:

a7bdfdd42c683dfbd616cb7745780aa691a2c9f5b7cb89811746f2231f33b878

MD5 hash:

826eef592250d7edca01d61b440d0327

SHA1 hash:

e472e004ee4cd2ac399878814150b78c23183e94

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/657e7a7b-b947-4d8f-9533-c55ab0f3dde8/

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/0ab4bfff60be/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0ab4bfff60be04148fa32d2955fc9f21e04d932f6f92b43eb24b011372445c1a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/25352/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample