MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 18

Intelligence 18 IOCs YARA 3 File information Comments

SHA256 hash:	2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323
SHA3-384 hash:	9f36923571f0eee8bd7bf7aa1b844ba79c27e5f5928f7695e21850259ab40fab847443d6f9f45b6b0263fffa2fa016e6
SHA1 hash:	e6a5d9d170877247f6bda6587a3a09ee3cdf9364
MD5 hash:	4eae810ffb75a8548a409f1cffa2f533
humanhash:	solar-sodium-fix-pluto
File name:	2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'031'168 bytes
First seen:	2026-02-05 15:15:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'793 x AgentTesla, 19'692 x Formbook, 12'274 x SnakeKeylogger)
ssdeep	24576:cvW69C1y0XSH7kVdz73HKHaS9BAoHV71gklhDQ8savW:UQ1y0CkVBDHjQVO4h
Threatray	3'615 similar samples on MalwareBazaar
TLSH	T19A25F1986B0AD406C951D3381FB2F7F8192C1EEAB901E2139FDDBEABB9B6D174D44041
TrID	69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.0% (.EXE) Win64 Executable (generic) (10522/11/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.2% (.EXE) Win32 Executable (generic) (4504/4/1) 1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika	pebin
Reporter	adrian__luca
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

RoboSki

Details

Link:

https://research.acce.ciphertechsolutions.com/results/57772a3c-913c-4558-b022-1af72504cd6a/

Malware family:

agenttesla

ID:

File name:

2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323.exe

Verdict:

Malicious activity

Analysis date:

2026-02-05 15:19:14 UTC

Tags:

auto-startup stealer ultravnc rmm-tool agenttesla

Link:

https://app.any.run/tasks/6e1d9bcb-6237-44ce-960d-6c7be8bab81f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

AgentTesla

Link:

https://www.capesandbox.com/analysis/51965/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6984b421ae5379bb6609c21f

Tags:

infosteal shell virus smtp

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323

Result

Gathering data

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-01-16T01:06:00Z UTC

Last seen:

2026-02-04T20:00:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323/results?tab=lookup

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b819a8d1-4a26-4602-a368-3e19f5f07fbe

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323

Verdict:

inconclusive

YARA:

10 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.22 Win 32 Exe x86

Link:

https://app.malva.re/file/4eae810ffb75a8548a409f1cffa2f533

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323/

Verdict:

Malicious

Threat:

Family.AGENTTESLA

Link:

https://tip.neiki.dev/file/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2026-01-16 06:19:05 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 36 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fjgrcegsystrtx6dlz5gkquiljccqng7jmndnkbgjleclqjb6mrq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

31dd3e8d2700af11c4a5e14defb93a8ef1891f8801d6e8bc5ed35e106a072e64

AgentTesla

56e0cfc0fb789f7d8d7cef0b8497eef95563f46bb383d5f38061347657eaa445

AgentTesla

6d9b7e45f0ac13266800021b0ed41d95a69746f2596511680223525bb1fde745

AgentTesla

87c9b23d3ac3e48910f9d204708f95d337fab4161b5fc8a9a32735cfe7b8d83d

AgentTesla

a89d88037e6e7321b7da02290aab0139ddf7be1b697388dcc28fba708304682f

AgentTesla

eb87b3dc43401ecf721197d64f818cd03e9283f04d02eb2ca4680c3356f29fcf

AgentTesla

f11026574c1ad05a8eb43f8a267b8dc11ce7f981f32a4c72f0675e6141e898f4

AgentTesla

+ 3'605 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery execution keylogger spyware stealer trojan

Link:

https://tria.ge/reports/260205-sm6s5ahw7f/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Checks computer location settings

Drops startup file

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Command and Scripting Interpreter: PowerShell

AgentTesla

Agenttesla family

Unpacked files

SH256 hash:

2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323

MD5 hash:

4eae810ffb75a8548a409f1cffa2f533

SHA1 hash:

e6a5d9d170877247f6bda6587a3a09ee3cdf9364

Link:

https://www.unpac.me/results/8bb09391-29b9-41da-8d8f-452ce1d7c4cf/

SH256 hash:

e63257c40a1098817c0d771c02b89a2de1c9228a3928225b743eb3091d1e3a52

MD5 hash:

718d3c8acc8a93eb207389779cabfa41

SHA1 hash:

0c35f726cb9f2dec58dbbaebd12da54bd02291e9

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

Link:

https://www.unpac.me/results/8bb09391-29b9-41da-8d8f-452ce1d7c4cf/

SH256 hash:

af5f53021774cf410f7cc1be223f3dd88e3c6439cfa384bb64ed749c7e5390c7

MD5 hash:

71d57788cede0516516dae01575e2331

SHA1 hash:

21306f0870d06c40d568218dc3c9e7023cb4ae03

Detections:

win_agent_tesla_g2

AgentTesla

Agenttesla_type2

INDICATOR_EXE_Packed_GEN01

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID

Link:

https://www.unpac.me/results/8bb09391-29b9-41da-8d8f-452ce1d7c4cf/

Parent samples :

84948f929bec33d3892956ab4ea6c13d6164f4c6b4511e5e9b6cc62050cb22e3
3d922750a515c0be6575297f8d5275e5ad07faaacbe1753e9b856a6d6619fd66
339a2266533304573cdeb1138bca268419acfdebd5767866df313cb6b078399b
39e885110ea41b64da0597e267754cf951b6932d52a956e47d35e3fbcdbf0281
d599cd22b34287261efa52b26e4ba1e7c94b31e0f06994a68ce60fe8b9cbbeec
8e49bc5255e6e01b5d5fa898271ee60b2616ede84ec2c2f6cec2377b431c0866
e5a760f448682d093b83e5bddf43e59b3310aa2d0a839dcc2b5436ee8b2a6206
75bf9f33aad410dae222ddd9030dea8db2d382dbf167e3cf8dac50d4ff434a3b
76f762eb047d0d10398cbb7ae345988ff147fbf7816f16a328ac909b441df8aa
0a795a84711a3124536313e95c9b23572203c90eac5ea6204295dd3563657848
524caed8da7e4b466a5806d5ad78dc4c586f7a84d4cbed6fed3bf6897ed300a6
a206ebb029fd442736f17f60d15352433c227d272fba3db4aaa901610db29877
4ce42f872a55b78f937b36fc38968788eb0db778a8a9e4cd2bef5db79c2b4f2a
149a430a6f9f5316febfc555e4c26b07139dd519a723bd2f11e2edb8f500fae9
f7f4ea9c6e3d1b7bf941588fcaa14a8d18832901dc069f373455715103773cbe
e5133614dc27aed731eafbb37becffb2360df341e8b13123c3ecbadb642f56ae
8ae45c720a8a11d0e93820faaa0269483025b685c4626fb22f39797c70ea0af8
b16ab8dc1f81d06c74e75c73d1083370ac6c473d6030cf266f5c90ccec10acb1
b20c1983024b6fc695fa952f8f938a76b2954bc27ee2519b41a4426c00547c41
e2efb1ad7ebd15c1f51459d85998d138ef6afa278a1caa04e373127150c4b03c
3a516a97b667b1288c49d68d4a37d06392d58d2e284f255d327f55a62f05e0e9
b889e6d9579f2e4b3ee78ca51f2ced0361b249922f2aba412f6fcc44a954709d
7d8a887d116f563de667cdc00c50702c7312d2fea2c9e6e29827697041c76df6
cd00cfe570484f4e4faca48a3126ba82175f611e36405fbcc426873935de1b0e
0ca4e2896859ee2bbd20d1cb46efc20b0f2c67aa58d7391579660698789aa855
2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323
b475c6d5e806b588dee0dc1dccfd3c1acd833c31937c45839c862b059f3d1667
db80e5c7bd595702fd17c1fe6ce3c5ddb6b9bf5260119d2b0d912b5e4f3f1f95
0249b099e5cf161407b30450caa1c6c778180293c336ac5990a7711cb4019ce5
23e95b4bfcb913ff25a67fd4d57e2e84c5b001b9fc6789649df80c289b8efe10
c9c33cd3a5286e3dd64aaa27c2a15805089220e14cf801d2ada4ccd7a1c96de3
4f373533a0324e13b5cd7764cab27bfc7f41d4e86734ea71218fe18a59a4fa7c
49cf6ac94593fa09849a81fc318729e648ac0611e5e7f1306f0cf918c31778f7
07fa3b53b7aaa614ed5e5858502e9aaa58662b16e62b60d77202a7de9ef761f2
2c3e8cb0b8a5d5f24a825d0211132c1878433f8782b5dd59a27d34e5e6c26aa5
a46d2c7d7389353f070eea4c1f5e45030d64d32e555db18f78ef9fd9426b1fcd
0e7748b165d5f1c07358bc019822d04ec982afaaa3041b9eadea63c3e2ed0eee
39bc05d33ed0083431a636ad244599306c83e2ce018bf338c141473f75e8e16e
0a6a06e56f2dbda37023903607bcf61523387a2593d700123f9adfa9a4cb7a40
de5b6490630bc0d27ec89040cfe809ac380e51b63ebd48cb394deded4611c7ee
220b96820a5e01182e733274f7851f094dd516973796fb3445bf7c7eac2f4806
486faeaf4db04e05f86f7edf502e3cda3cde907972ed497d2a14a582bec938aa
c422ca9d2fe7bf77502171842ee2c9115f6223eb34d453b8b224ead3e065e3e9
45e8d77904415b19b872e4ae94e0cc03fa69bdefc547bbbbd1da41282088844a
17406103af81a1e9978c42905c1da9fb3be734fb3bccc1864b60d15a693b205d
cc9abd8914b4e1b8347fbf2d83caa1c2c678103d153b3f382f459126e811478e
6e9d5d9edbcb669ae34a6ef13823a399992bdf4f15c2e8abeadb95fd2a33f7a0

SH256 hash:

d64f0eb4741ae191ebc0463590112c982eafa00a130a144323c9a4c425043f28

MD5 hash:

23b14755ec43b251a2feb99cb15034dc

SHA1 hash:

5a882d5d99ffcb5fd83a468d8981f837b118ca6f

Link:

https://www.unpac.me/results/8bb09391-29b9-41da-8d8f-452ce1d7c4cf/

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/2a4d1110d2c4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2a4d1110d2c4a719dfc35e7a6542885a442834df4b1a36a8264ac825c121f323

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51965/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample