MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14f62053739732d93f517339bc700faa7de9ced2050b9055d71c84108feb577a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 20


Intelligence 20 IOCs YARA 4 File information Comments

SHA256 hash: 14f62053739732d93f517339bc700faa7de9ced2050b9055d71c84108feb577a
SHA3-384 hash: 3bd930f81d02e0d9eca5c78924d577988eb229d9fc1ab324766e0035f498f5ac5f58fbdc4b12f3682c7d1915c5faa2ae
SHA1 hash: 64ebd6110864da820b99647f004204151bc66b19
MD5 hash: c52384c51ac835080ad9b9a3fb0fd437
humanhash: north-fourteen-fifteen-black
File name:rzdtyigydgthyfgjmuhk.exe
Download: download sample
Signature AgentTesla
File size:1'146'880 bytes
First seen:2026-06-17 06:19:19 UTC
Last seen:2026-07-06 09:07:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'116 x AgentTesla, 20'118 x Formbook, 12'358 x SnakeKeylogger)
ssdeep 24576:XoOSNllb0HsBsxpbrqKR1N9hwyOjMG9bNdm:YOqHssBsTbFN9hwyONdN
Threatray 44 similar samples on MalwareBazaar
TLSH T16D35DF287CC64588C5788FB5CA725BCC33F1D94BD782E30BBEDA30A8995E7D6C501A16
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter lowmal3
Tags:AgentTesla exe

Intelligence


File Origin
# of uploads :
4
# of downloads :
244
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
rzdtyigydgthyfgjmuhk.exe
Verdict:
Malicious activity
Analysis date:
2026-06-17 06:22:17 UTC
Tags:
netreactor stealer ultravnc rmm-tool

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated obfuscated vbnet
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-06-15T20:14:00Z UTC
Last seen:
2026-06-19T04:24:00Z UTC
Hits:
~1000
Detections:
VHO:Trojan-PSW.MSIL.Agensla.gen Trojan.MSIL.Inject.b Trojan-PSW.Agensla.TCP.C&C HEUR:Trojan-Spy.MSIL.Agent.sb Trojan-Spy.Stealer.FTP.C&C Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb PDM:Trojan.Win32.Generic HEUR:Trojan.MSIL.InjectorNetT.gen
Result
Threat name:
AgentTesla, DarkTortilla
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
Yara detected MSIL Injector
Behaviour
Behavior Graph:
Gathering data
Threat name:
Win32.Trojan.Kepavll
Status:
Malicious
First seen:
2026-06-16 00:12:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
23
AV detection:
22 of 23 (95.65%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla collection discovery keylogger spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
.NET Reactor proctector
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: AgentTesla
Unpacked files
SH256 hash:
14f62053739732d93f517339bc700faa7de9ced2050b9055d71c84108feb577a
MD5 hash:
c52384c51ac835080ad9b9a3fb0fd437
SHA1 hash:
64ebd6110864da820b99647f004204151bc66b19
SH256 hash:
cad6f02bdd6527c30442d766a69e826e9f5f36a3b8df7ef88d9076964411d87b
MD5 hash:
19c9cab32601134a7cc3ce7d0b25c34a
SHA1 hash:
017b7554650afcd6ea8aaffaafe5ce71762739ee
SH256 hash:
b9fbbc0882a9292051f67b55e19ce05642087cc0b28cfad9c4179ec83e10a260
MD5 hash:
e1bc2eed219732e90e59d2ca3556f7b9
SHA1 hash:
5ff3d4764df59d5c26bb66c0462e95c9ce5ef24f
SH256 hash:
8567bfcb4198ac228c8491c45fe1a3503b0ef512f3a4e4a60849e125d0c31e65
MD5 hash:
e22ae9aa18da51cee7d287944079191a
SHA1 hash:
6c3427d9bc91a03f613b0581c394deb57110b80b
SH256 hash:
789575701497662fc225ef34c9a3ac8c8f5dcef18087f2671207daab3c0cd59d
MD5 hash:
f7353b93df8faa358d22837751856b6d
SHA1 hash:
bb4b5aa0a5bab285b69d17aac0793b4a310d2534
Detections:
win_agent_tesla_g2 triage_agenttesla_infostealer
Malware family:
AgentTesla
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Author:malware-lu
Rule name:NETexecutableMicrosoft
Author:malware-lu
Rule name:pe_imphash
Rule name:Skystars_Malware_Imphash
Author:Skystars LightDefender
Description:imphash

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 14f62053739732d93f517339bc700faa7de9ced2050b9055d71c84108feb577a

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments