MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 710c867f88580a724179a226f01a141ac030d155bb0bb629baa94c805374adc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA 10 File information Comments

SHA256 hash: 710c867f88580a724179a226f01a141ac030d155bb0bb629baa94c805374adc7
SHA3-384 hash: 03b10cc05d0758309659c0f659bb6be3ef90a7be171ea1b03069cf5356a8d5eae5175e447fd860f4fa69ead8f3cfd642
SHA1 hash: a9eb612e87efef440c2325c5837e83cb78e64a9b
MD5 hash: e7798fe6b8f2624588b14fba41053068
humanhash: connecticut-hamper-hawaii-montana
File name:libvlc.dll
Download: download sample
Signature AgentTesla
File size:2'172'416 bytes
First seen:2026-06-02 13:09:37 UTC
Last seen:2026-06-02 14:50:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a74aa7e3f7bface91a0c13a664c38b71 (1 x AgentTesla)
ssdeep 49152:8hawmRMsUbt6vMA2YPH1oQidOUrzXwgnj1SWy1e:rcsUbgid3rzggnj1SWy1e
TLSH T13BA5AE02F3C40A79C16AE574CA578B33C2B2B9510775968F2AA5D74E1F33B925F3A720
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter lowmal3
Tags:AgentTesla exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
188
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
No threats detected
Analysis date:
2026-06-02 13:11:34 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
94.1%
Tags:
dropper
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a service
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto masquerade microsoft_visual_cc reconnaissance
Verdict:
Malicious
File Type:
dll x64
First seen:
2026-06-02T05:09:00Z UTC
Last seen:
2026-06-03T21:44:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.Win64.Aotnet.gen Trojan.Win32.Agent.sb Trojan.Win64.Agent.sb
Result
Threat name:
Codoso Ghost
Detection:
malicious
Classification:
troj
Score:
60 / 100
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Files With System Process Name In Unsuspected Locations
Yara detected Codoso Ghost
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1921637 Sample: libvlc.dll.exe Startdate: 02/06/2026 Architecture: WINDOWS Score: 60 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected Codoso Ghost 2->44 46 Sigma detected: Files With System Process Name In Unsuspected Locations 2->46 8 loaddll64.exe 1 2->8         started        process3 process4 10 rundll32.exe 112 8->10         started        13 cmd.exe 1 8->13         started        15 rundll32.exe 1 8->15         started        17 30 other processes 8->17 file5 34 C:\ProgramData\...\backgroundTaskHost.exe, PE32+ 10->34 dropped 36 C:\ProgramData\startup_input\baaupdate.exe, PE32+ 10->36 dropped 38 C:\ProgramData\startup_input\azroles.dll, PE32+ 10->38 dropped 40 104 other files (none is malicious) 10->40 dropped 19 WerFault.exe 20 18 10->19         started        21 rundll32.exe 129 13->21         started        process6 file7 26 C:\ProgramData\startup_input\azroleui.dll, PE32+ 21->26 dropped 28 C:\ProgramData\startup_input\autopilot.dll, PE32+ 21->28 dropped 30 C:\ProgramData\startup_input\authfwcfg.dll, PE32+ 21->30 dropped 32 106 other files (none is malicious) 21->32 dropped 24 WerFault.exe 16 21->24         started        process8
Gathering data
Threat name:
Win64.Trojan.Kepavll
Status:
Malicious
First seen:
2026-06-02 08:31:48 UTC
File Type:
PE+ (Dll)
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Similar samples:
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious behavior: LoadsDriver
Executes dropped EXE
Drops file in Drivers directory
Unpacked files
SH256 hash:
710c867f88580a724179a226f01a141ac030d155bb0bb629baa94c805374adc7
MD5 hash:
e7798fe6b8f2624588b14fba41053068
SHA1 hash:
a9eb612e87efef440c2325c5837e83cb78e64a9b
Malware family:
AgentTesla
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Rule name:RIPEMD160_Constants
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:ThreadControl__Context
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 710c867f88580a724179a226f01a141ac030d155bb0bb629baa94c805374adc7

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments