MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 20


Intelligence 20 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
SHA3-384 hash: 8ca8a9a6a1d849d20e7ecb1dc2f72997bf3c9162515c48f0afe685e8339fea4e02a2abade3f3b4c367ddb16289c52655
SHA1 hash: 1b60010484b70216cd75c1af7ae6af6d5f687724
MD5 hash: 0554274843610eb9226e3534a8a8de10
humanhash: early-item-paris-football
File name:Cotización del producto.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'157'120 bytes
First seen:2026-06-08 06:37:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'068 x AgentTesla, 20'020 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 24576:eZPB3mZHQvlAVW07yyF4OHEQCvoGFRYo:uPRvKVJyqfHOvvFR
Threatray 180 similar samples on MalwareBazaar
TLSH T1A935F1101E9B1B84E8793FB4C0235D21B3F8F567327ACF9BAEE820689D97745CE05916
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
DeepSea
Details
Link:
https://research.acce.ciphertechsolutions.com/results/4fc59c66-0e7b-4034-9eba-fd84285d4780/
Malware family:
n/a
ID:
1
File name:
_2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4.exe
Verdict:
Malicious activity
Analysis date:
2026-06-08 06:43:20 UTC
Tags:
netreactor stealer ultravnc rmm-tool
Link:
https://app.any.run/tasks/dcaf54e8-69a4-41cc-8925-c3db748e7339

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/69486/
Detection(s):
Win.Packed.Malwarex-10059342-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2663363e9eff6a6b68af55
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin obfuscated obfuscated packed tracker vbnet
Link:
https://www.filescan.io/uploads/6a26633246e44aecc0d48641/reports/0d981b94-4d33-4e78-9491-45db60b89a62/overview
Verdict:
Malicious
Labled as:
IL:Trojan.MSILZilla
Link:
https://www.hybrid-analysis.com/sample/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-06-05T10:04:00Z UTC
Last seen:
2026-06-10T04:01:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Agensla.TCP.C&C PDM:Trojan.Win32.Generic Trojan.Win32.Inject.sb Trojan.MSIL.Inject.sb Trojan.MSIL.Inject.b Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb Trojan-PSW.MSIL.Agensla.g VHO:Trojan-PSW.MSIL.Agensla.gen Trojan-Spy.Stealer.FTP.C&C HEUR:Trojan-Spy.MSIL.Noon.gen Trojan-PSW.Win32.Stealer.sb Trojan-PSW.MSIL.Agensla.d HEUR:Trojan-Spy.MSIL.Agent.sb
Link:
https://opentip.kaspersky.com/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4/results?tab=lookup
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d2030f75-883b-4180-87e1-8428f33ae428
Result
Threat name:
AgentTesla, DarkTortilla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1924238
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
Yara detected MSIL Injector
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
Gathering data
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2026-06-05 12:54:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
26
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6zo7chal2g76rhd56rsecqvxzk6zbd7uzycyfhy7aoak5meo7ka._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2029871b36e36b727b2057f31f5baec2c2d05a865d77633821492dbc9a39cf21
AgentTesla
2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
AgentTesla
9c01cfdbe35631129e75e76565294dadc83d2264f3b979ec1afa2d0d0eaac514
AgentTesla
c98b4dd7d6feffcbd72c39b272cc3b829aa1b92f9ae27c29c2a68abdc1bef4a6
AgentTesla
error
AgentTesla
+ 170 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection discovery keylogger spyware stealer trojan
Link:
https://tria.ge/reports/260608-hdtr4ahv7p/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
.NET Reactor proctector
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: AgentTesla
Unpacked files
SH256 hash:
2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
MD5 hash:
0554274843610eb9226e3534a8a8de10
SHA1 hash:
1b60010484b70216cd75c1af7ae6af6d5f687724
Link:
https://www.unpac.me/results/0371f2db-bf2a-4dfc-abb4-fe6a355efad2/
SH256 hash:
ac400b0769b063f91614a07bc119bc5b44e5237064870728b449036dcc4b67e1
MD5 hash:
85908e3e3270b1cc66d4350a44411d31
SHA1 hash:
46ee969e0851ba17e735345aefcdc0816f2b7c57
Link:
https://www.unpac.me/results/0371f2db-bf2a-4dfc-abb4-fe6a355efad2/
SH256 hash:
bd343c351601819d9fa3626ed622bd593e168a9a642ac3d490d3414a87f205db
MD5 hash:
e757fe46f296318775f854bb69859c57
SHA1 hash:
960fde472ef17d68f9b3e84acb998ec491d16a4f
Link:
https://www.unpac.me/results/0371f2db-bf2a-4dfc-abb4-fe6a355efad2/
SH256 hash:
bbd8661b84f4ed8a0f56cc25111806a7c7e4b33d08cdf7464da1ee027d04f945
MD5 hash:
69ce22d288bbb1e58194210a2aa04107
SHA1 hash:
dd2dad3687910cdbba0dfd2edb98e4a2d336b429
Link:
https://www.unpac.me/results/0371f2db-bf2a-4dfc-abb4-fe6a355efad2/
SH256 hash:
79d4000aac604c62607e326148a644258e46c168675ee982651517bec9bbdb69
MD5 hash:
c3042b407753183e49d93957755edfa5
SHA1 hash:
fed1018c06368f903e0ed496d719a69e225c71a0
Detections:
win_agent_tesla_g2
Create hunting rule
triage_agenttesla_infostealer
Create hunting rule
Link:
https://www.unpac.me/results/0371f2db-bf2a-4dfc-abb4-fe6a355efad2/
Parent samples :
9c01cfdbe35631129e75e76565294dadc83d2264f3b979ec1afa2d0d0eaac514
3b3c396524c4ddb98941fd82d0881b2c5babd388df42ec13abb6223a5fafc38c
2029871b36e36b727b2057f31f5baec2c2d05a865d77633821492dbc9a39cf21
2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2fb2ef88e05e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 2fb2ef88e05e8dff44e3efa3220a15be55ec847fa6702c14f8f81c05758477d4

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69486/

Comments