MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49
SHA3-384 hash: 362b6939a01731aaeb28846718a17a848e2ba3064917faebaa1c945eb199748d156abd3b91ee97a2b1ecd697aab9db84
SHA1 hash: 91166b7a660a54f63385eae811e93e28f66c0263
MD5 hash: f9d2151992f2dfced5669d243bcb13fb
humanhash: wyoming-summer-freddie-foxtrot
File name:ec.hta
Download: download sample
Signature AgentTesla
Create hunting rule
File size:43'532 bytes
First seen:2026-03-02 10:54:30 UTC
Last seen:2026-03-02 23:15:59 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:yXRucRuJXFXxCXRXTX+XtXsX/Ru9XUXQBYPeg1TUU:Au0u8utBieg1T/
Threatray 126 similar samples on MalwareBazaar
TLSH T12B13C738CB91CE484FBB55CE2C6E9961542F4AE75A27522CB1ED20D18B14FDE241BB83
Magika html
Reporter JAMESWT_WT
Tags:192-3-176-231 AgentTesla bot8747049877 hta Spam-ITA

Intelligence

File Origin
# of uploads :
3
# of downloads :
400
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Script.SNH-gen.68468964.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a56c9de1f958bf668299e8
Tags:
xtreme shell lien sage
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49/results/dashboard
Payload URLs
URL
File name
http://192.3.176.231/22/9sd9fd0809g7sd8f789g73438g97dsf8g798s7df98g.js
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
powershell powershell pterodo
Link:
https://www.filescan.io/uploads/69a56c9897feb4afd66425e7/reports/fa31c595-288d-421a-9927-6f3a822a7ef7/overview
Verdict:
Malicious
Labled as:
VBS:Electryon.380
Link:
https://www.hybrid-analysis.com/sample/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49
Verdict:
Malicious
File Type:
html
Detections:
HEUR:Trojan.HTA.SAgent.gen HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49
Verdict:
Malware
YARA:
4 match(es)
Tags:
DeObfuscated Html PowerShell
Link:
https://app.malva.re/file/f9d2151992f2dfced5669d243bcb13fb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49/
Verdict:
Malicious
Threat:
Trojan-Downloader.Script.SAgent
Link:
https://tip.neiki.dev/file/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-03-02 10:55:30 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=thdpecpe4sw7gubeoiis64ls5xq2lw7yfhcz2wjujfqfzitjrveq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0daa3fc7e8c657b4e98fbd3be6b56c2c8950224945c5d0d3c10c2e4967637dce
AgentTesla
36c01710f8ff21e4e5a5e72373c419d3fadd9f22de8d7e78b1502e03a42bdd4e
AgentTesla
3dd33674755654a3dc5e182bc04bd1d4bc96cdeec6c1a201819b113e98922b58
AgentTesla
4235c4b9a9b9da916671b5efcd96a137de5a20e203aebfb78feb11d2bf03069e
AgentTesla
49adb2ba0f7b69d65978419b690af6ddca5d176cb143e24860decf5d41f4dedf
AgentTesla
4e6d500ed54ad0ae55137aed25539c0939c541c72677239536448657bd201321
AgentTesla
56a6556d5871d306f66964f17e45e08e2c8f46c86d06214173af069fec4beab0
AgentTesla
9eee104aa1ddc7ab9a4a2e1a9f6020bd01d0f19bfcbeddbae332b1f9b4439c64
AgentTesla
bc4a510046a3fe5f115e3087cb40fd0789f0f0cec4eef02d9c0e6d4930753ed7
AgentTesla
cf098f81d68387d3491794c4f87c2812f5c0af3c5e7262cf90b40882975c930c
AgentTesla
error
AgentTesla
+ 116 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/260302-m1g42adt2d/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Badlisted process makes network request
AgentTesla
Agenttesla family
Malware Config
C2 Extraction:
https://api.telegram.org/bot8747049877:AAEWVgFONiQJBBqfuvj5ARpQ5i_l9-B3HNc/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/99c6f209e4e4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

HTML Application (hta) hta 99c6f209e4e4adf3502472112f7172ede1a5dbf829c59d593449605ca2698d49

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3788553/
  
Delivery method
Distributed via web download

Comments