MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d5ee8e6b6daa36ca0b4c6e8bb59d58df94a3cae81bd1010be07adf401fcdc78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash: 1d5ee8e6b6daa36ca0b4c6e8bb59d58df94a3cae81bd1010be07adf401fcdc78
SHA3-384 hash: d084a92da975987c50611c66bce528294ba7b29b38a777081c074d5ceb695da0badb57134061ce7b2de3b3f0ba22f6ef
SHA1 hash: 4b7d0c3a74fbca2ec0ac2e95b5f6ca5aa089cc43
MD5 hash: db5035441c63496362f6a71624648e34
humanhash: video-magnesium-butter-river
File name:PO_5778.zip
Download: download sample
Signature AgentTesla
File size:136'253 bytes
First seen:2026-07-03 17:54:50 UTC
Last seen:2026-07-03 17:56:46 UTC
File type: zip
MIME type:application/zip
ssdeep 768:lv1pLcvEEx3GKOWqbiKOWqJOWqbiKOWqPUaOkcRUaOofWXjwoa+/lJlJlJlJlJlm:pj
TLSH T171D3380BB5AB8D4793F8793679EBA821CF0321690B63186A0512477FBF05C1E35B279D
Magika zip
Reporter TomU
Tags:AgentTesla zip

Intelligence


File Origin
# of uploads :
3
# of downloads :
56
Origin country :
CH CH
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Tags:
ransomware autorun shell sage
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Payload URLs
URL
File name
https://www.matematica.com/
JS File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin repaired schtasks
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-17T00:22:00Z UTC
Last seen:
2026-07-01T08:48:00Z UTC
Hits:
~100
Gathering data
Threat name:
Win32.Trojan.Leonem
Status:
Malicious
First seen:
2026-06-17 05:38:24 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1d5ee8e6b6daa36ca0b4c6e8bb59d58df94a3cae81bd1010be07adf401fcdc78

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments