MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
SHA3-384 hash: f1e3dae292920f5079e09239254d14e6735ca10898b7ca6e15e9774786e076b60cb6098c3bfa6325dd96897232f0c431
SHA1 hash: d4282847f396be2bbcb2b6bf04300a253f9893dc
MD5 hash: 4293335fd96d6cc38a44cdac07672feb
humanhash: diet-pasta-avocado-jersey
File name:NO.482515-RTM166 CTNS.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:519'168 bytes
First seen:2025-06-25 05:07:41 UTC
Last seen:2025-07-07 14:57:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:yug63wwa1/nkJssnNO9ryHlwD1FBM0456K:cJFkJssnN4GiFM0J
Threatray 3'846 similar samples on MalwareBazaar
TLSH T1BDB4AC943FB4AED1D96407F00A11EAF812B9AF994C20C3DA6EDCBFDB74387845558253
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon 344bc4e06968300c (4 x AgentTesla, 4 x Formbook, 2 x SnakeKeylogger)
Reporter KodaDr
Tags:AgentTesla exe


Avatar
KodaDr
Sheikh Ridoy_Unitansbd <export7@unitransbd.com>

Intelligence

File Origin
# of uploads :
4
# of downloads :
474
Origin country :
RU RU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NO.482515-RTM166 CTNS.exe
Verdict:
No threats detected
Analysis date:
2025-06-25 05:09:06 UTC
Tags:
netreactor
Link:
https://app.any.run/tasks/57339a17-c2a0-4763-8a7d-c246f1ffd1bb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10986/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.3171.14653.2692.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685b844bb06783b9ebd72e89
Tags:
virus krypt msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
entropy masquerade obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/685b84498e19e7aebeef8fce/reports/46c8883e-0f8d-4801-976f-562e0e3cd27b/overview
Verdict:
Malicious
Labled as:
MSIL/GenKryptik_AGeneric.ARF trojan
Link:
https://www.hybrid-analysis.com/sample/93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a3b53c90-8112-4f3d-84f4-af59f8361e40
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable PE (Portable Executable) Win 32 Exe x86
Link:
https://app.malva.re/file/4293335fd96d6cc38a44cdac07672feb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-06-25 03:18:27 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spo5ynwqivcupaiqbbppv3rrj6bu3r3wyooue3ghf3d24pmajmpq._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
5abfe96f31b8b8e4013501cbd3e7bb332e03b37e96f04cb75f05c04f15bb66ac
AgentTesla
85fe9a984586bf60490e3fd4a470e088cced95279da42f45824abd8533875040
AgentTesla
93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
AgentTesla
d6a676ac2fedead7999ed8250543e38da6096cc6efd3c7517d49d6b090ffbec2
AgentTesla
df6da3ee9daf4cfd9047fa531202f860f6296e009f2f4eb0c1e2905cea319b09
AgentTesla
error
AgentTesla
+ 3'836 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250625-fsr6psen2t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/90a091b5-e097-4612-b7a6-366e67e2e6b1
Unpacked files
SH256 hash:
db347d4a372a9862d5bba212f4a160eea023370e90d0de14b85a76ae37ead8ed
MD5 hash:
db899b1b5371b7f5bc2b261aacefe507
SHA1 hash:
4f7cc62e811af3b8c67080073fb4d395d953f41c
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/c1a65a9c-7ed5-4972-8534-61a3e5a937cd/
Parent samples :
93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
ae818fd422d1eba54edfdbb1043f749b9931038157e3db1675d7c17fff3d1169
f532b6d77041027a94bfbc117759218899faad1441e4f60b57197d0a687b9240
0bfb0b841074e05c24408075a90c89647429199cf37b4970a0e17b49e334c857
2d06ef67a6250a1efe8d4f219b9838328d2a6b706c30ba1bb574fa8f36848969
8ff46bf774cf4df83894570294999b7f02f67014a4d3280c092f41a049097f4a
SH256 hash:
4c70fccac60c231f66bd6561cfee2ad93092a9584b52c4d95c2b24d7c3cacd0e
MD5 hash:
7bad91e42acbc96c14af2ddbd9206b95
SHA1 hash:
b4e49d96668e55ad986563d76c038c1ad116e3ce
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c1a65a9c-7ed5-4972-8534-61a3e5a937cd/
SH256 hash:
93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f
MD5 hash:
4293335fd96d6cc38a44cdac07672feb
SHA1 hash:
d4282847f396be2bbcb2b6bf04300a253f9893dc
Link:
https://www.unpac.me/results/c1a65a9c-7ed5-4972-8534-61a3e5a937cd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 93dddc36d04545478110085efaee314f834dc776c39d426cc72ec7ae3d804b1f

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/10986/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments