MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097
SHA3-384 hash: cc733f05ddf7efd97f0ac7aeeb20b894be7323d7ee7d6a64ec8d102a226bfd6e098ee6d81986213c29304c1ca6b67e50
SHA1 hash: bc3296e82e4e38c5979895dfa8918b75b8d1b1e4
MD5 hash: 186c0eadbca8bd5e34a5611a8ea05835
humanhash: princess-juliet-oranges-shade
File name:Booking_580_322.pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2026-02-03 13:03:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 384:a81FWdRs4Gs8hlJcAPhrObmsKg/1h9xuBoCHiQJPxj+mH:/TWc4FiMTa+jCRdVd
TLSH T1B245553BE518DFF4CB2E21F4109B3D0160A4AB56753689BDB89EC1587F267408FA64EC
TrID 47.8% (.ISO/UDF) UDF disc image (2114500/1/6)
46.3% (.NULL) null bytes (2048000/1)
5.7% (.HTP) HomeLab/BraiLab Tape image (256000/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Magika iso
Reporter JAMESWT_WT
Tags:AgentTesla img Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
IT IT
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Boot-NoEmul.img
File size:2'048 bytes
SHA256 hash: fc3d39b29d7c628ab9d3b01b096a2bd5e711d42f0ba2a42df0bd500773c92f91
MD5 hash: ce05c025433085b7e856e7214f7ce8b1
MIME type:application/octet-stream
Signature AgentTesla
File name:BOOKING_.VBS
File size:18'481 bytes
SHA256 hash: cc59432c013a67e42a5b0199f9e205890954a7095b68f1391d9ea931c3a7d65e
MD5 hash: 5b4bb519e558fa8bc1ae5d632ca5509c
MIME type:text/plain
Signature AgentTesla
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Link:
https://research.acce.ciphertechsolutions.com/results/2dff47e4-e129-4d58-bc1c-b0e107e0b9b2/
Detection(s):
SecuriteInfo.com.PUA.UDF.VBS-1.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6981f23487f81e55ffeeebde
Tags:
n/a
Verdict:
Suspicious
Labled as:
VBS/Agent.CAH
Link:
https://www.hybrid-analysis.com/sample/6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097
Verdict:
Malicious
File Type:
iso
Detections:
HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097/results?tab=lookup
Gathering data
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-03 13:02:47 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
4 of 36 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nis7kixhpbq5lmcw6vdk6i5zbtvuano27edrkcphxdvrdm6fqclq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/6a25f522e77861d5b056f546af23b90ceb4035daf9071509e7b8eb11b3c58097

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments