MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e8c2f67e2cfbc719f3a432f1fca27727bd2a6dc5350780c886b862c8656e508. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e8c2f67e2cfbc719f3a432f1fca27727bd2a6dc5350780c886b862c8656e508
SHA3-384 hash: e3051c52ea1a3a83f745f6aa6f9fe277840cd837ed2aefbaf98624bc24cc2000d62aecf45a6ca5cb3e28f28b376941ac
SHA1 hash: 1b27a89bd07e437447d2abee5c1d4b80d3dbbb74
MD5 hash: f71b8c17f523d2d96945dd1038adf4aa
humanhash: colorado-floor-one-lactose
File name:RICHIESTA DI INFORMAZIONI SUL PRODOTTO_3247845.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'917'968 bytes
First seen:2026-06-10 13:28:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:7KPvE32UgsIN8ZhFpVPXqIZYeIgwePzA+O6Rvr:OXEhINIhTVSIGeIVeuM
TLSH T14595333E733489D141A911B30228DC46BAD5DD83BBF873FD9BDBB6C9929412C588F852
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter JAMESWT_WT
Tags:AgentTesla ftp-enogcaen-br-com rar Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:RICHIESTA DI INFORMAZIONI SUL PRODOTTO_3247845.JS
File size:7'197'030 bytes
SHA256 hash: ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383
MD5 hash: 5feecadf232a069e5b9f9c3ca29ed7ab
MIME type:text/plain
Signature AgentTesla
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/dd1e3884-9f6f-41e6-947d-46a379ce7ba2/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a29668934eaf30d8ce486bf
Tags:
virus lien blic hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug dropper evasive obfuscated packed repaired
Link:
https://www.filescan.io/uploads/6a2966be1f652d6865754509/reports/fb169c7a-3e92-4feb-9439-dfb9a805f265/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0e8c2f67e2cfbc719f3a432f1fca27727bd2a6dc5350780c886b862c8656e508
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e8c2f67e2cfbc719f3a432f1fca27727bd2a6dc5350780c886b862c8656e508/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-06-10 13:27:32 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:donutloader collection execution keylogger loader spyware stealer trojan
Link:
https://tria.ge/reports/260610-tcl7eaes9k/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Detects DonutLoader
Family: AgentTesla
Family: DonutLoader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/0e8c2f67e2cfbc719f3a432f1fca27727bd2a6dc5350780c886b862c8656e508

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments