MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 18


Intelligence 18 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
SHA3-384 hash: 9aac7d402e8817f97856af0df738b61567411a702fe98ade5d257ca6e90059f58ba828ac4052f076a34d29b0515db449
SHA1 hash: 831406c99c7f0fc1f6f7521a35df90e2e8a4f435
MD5 hash: e49346735116f8fbc5033091612364db
humanhash: lima-pip-south-chicken
File name:a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'061'896 bytes
First seen:2026-02-05 15:08:08 UTC
Last seen:2026-02-05 15:26:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'794 x AgentTesla, 19'692 x Formbook, 12'274 x SnakeKeylogger)
ssdeep 24576:qstarDPVyMrJZtN3mN9okCtvTiwZD14t9Up7ajmPdKi:0rTBrJZtN3AMOw3f
Threatray 3'616 similar samples on MalwareBazaar
TLSH T1F835126DFE016E16CA7D0F77D013151843B08523AA72FAE9AACD44E10EFAB98CD4D653
TrID 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.0% (.EXE) Win64 Executable (generic) (10522/11/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.2% (.EXE) Win32 Executable (generic) (4504/4/1)
1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
Reporter adrian__luca
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
HU HU
Vendor Threat Intelligence
Malware configuration found for:
DeepSea
Details
DeepSea
DeepSea decrypted strings
Link:
https://research.acce.ciphertechsolutions.com/results/147a956d-5019-4517-afe9-787092ca51c1/
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
Verdict:
Malicious activity
Analysis date:
2026-02-05 17:12:52 UTC
Tags:
auto-startup stealer ultravnc rmm-tool exfiltration smtp agenttesla
Link:
https://app.any.run/tasks/62c4a38b-b963-42e4-a762-792c3229e3b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/51919/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6984b283ae5379bb6609c0c3
Tags:
agenttesla virus msil smtp
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expired-cert invalid-signature krypt obfuscated packed signed vbnet
Link:
https://www.filescan.io/uploads/6984b26e981ff1d38a4a0165/reports/daed453e-29a4-488a-a0a8-43eaeeb148a9/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
Result
Gathering data
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-13T23:38:00Z UTC
Last seen:
2026-02-05T04:37:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78/results?tab=lookup
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e80785b5-8faf-4b62-aaa4-30f3c849e05c
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.45 Win 32 Exe x86
Link:
https://app.malva.re/file/e49346735116f8fbc5033091612364db
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2026-01-14 03:51:32 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
29 of 36 (80.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uoj26bfqld2p5ljkbmedsrahkecelaemalwyvz7ybqs3ovqtpv4a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
13aba9fcbf2494eb657177fbe83279c1313e7791f1086d9d1460cb66b5eff4e5
AgentTesla
31dd3e8d2700af11c4a5e14defb93a8ef1891f8801d6e8bc5ed35e106a072e64
AgentTesla
56e0cfc0fb789f7d8d7cef0b8497eef95563f46bb383d5f38061347657eaa445
AgentTesla
6d9b7e45f0ac13266800021b0ed41d95a69746f2596511680223525bb1fde745
AgentTesla
87c9b23d3ac3e48910f9d204708f95d337fab4161b5fc8a9a32735cfe7b8d83d
AgentTesla
a89d88037e6e7321b7da02290aab0139ddf7be1b697388dcc28fba708304682f
AgentTesla
eb87b3dc43401ecf721197d64f818cd03e9283f04d02eb2ca4680c3356f29fcf
AgentTesla
f11026574c1ad05a8eb43f8a267b8dc11ce7f981f32a4c72f0675e6141e898f4
AgentTesla
+ 3'606 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery keylogger spyware stealer trojan
Link:
https://tria.ge/reports/260205-sh684ahs2g/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Drops startup file
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Agenttesla family
Unpacked files
SH256 hash:
6b0bce55348781e327af6e4190091275ca1fe669f9b89714eb50f21cd9568298
MD5 hash:
77848bef9774a485208e5a6e52b06133
SHA1 hash:
14d42057d395f315b925a5586c2c059b21df0894
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/a1b8aac6-a25e-4843-b7f3-504ae983e606/
SH256 hash:
6a3d0e2e98b1cf28a0547aca0e88a20e251d94e0df7a5808769a2882e58dda11
MD5 hash:
da428eda04a2259a02bcf3120c34715c
SHA1 hash:
34c754c85eebd4c749bab5b24f1a8d3a5f5ebd8a
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/a1b8aac6-a25e-4843-b7f3-504ae983e606/
Parent samples :
392f6b46f45bad21bf7e18de9d62f46651516f7e1b89e2581a1e4e7f71df141b
f3302bb5ac2840ebf927880eb4ba71b2669d7f3f9a261ade6505b2081edef0c7
cc07b7fc44aba3906470be4b5a285b6e17b4c67f706e4afa6fc694392481c9ae
5ac6244e4e561e0db75d436f895369ac7b8927b3726ad7f89e795c8aea4ba017
dc868203fe63fc8e75865fcfe43849fc1a4fd6a845416dee9497834b158669eb
172c3076e5d6bfe9089a1e092d1286e77337bc3680db32539e3a7bf69b7d0560
a9748173bb602313b8b1fc6eb71d4036ad98ba25c19b360326dd74cfd71c6522
4eef5964d4be888f65a3410d0f60fd3559021aff06bf1448c919e294b7ecb72e
77be2ee5c55a9c5f20b6522fb6fbd174465481ad60b5143c95ee31e16fccaf8e
27ec2b5eec31bcba30eb7c61b6d0cd60bb36716a397bdcb40f2061866519cb02
e81a2db8cb80396874720064cdfbf62901b1e6b96e8395d6a9846bf930f7efa0
eef6a2be2d108d13d18f38a61013bab9be3290a8a8f1a2ef1b632731367372d0
a8997f7b77f90d348f1a55cde634f4e89a6cbef5f5914391663f31e69a244275
76f762eb047d0d10398cbb7ae345988ff147fbf7816f16a328ac909b441df8aa
349b61d701a6e950a1a43bbef90b398f2a078a64a008f9dfcd431b1ead6127b1
41fd49ca52f66d1ed07fe95fc4ffd2555b085c3d5490f9baee74887af9438d99
a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
dcaeccf5a7ac997efe13a9ad9660fb1defa37bfd85f551679a4b06d611f1cec3
SH256 hash:
6111bd3faadc16f2f39d8cdc6c8742e1dabc4c899ce15c5780ff52f862071f5c
MD5 hash:
9021e660a5f356b96fc7410bc133ce77
SHA1 hash:
9c2b5ab169a3ca17fe63e0f34aa13f091b4ba12c
Detections:
win_agent_tesla_g2
Create hunting rule
AgentTesla
Create hunting rule
Agenttesla_type2
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
Link:
https://www.unpac.me/results/a1b8aac6-a25e-4843-b7f3-504ae983e606/
Parent samples :
ea7a7f6d060fe712bdd88ad09e4eddfbfd5d33fe9389c1b29374b3e913da4984
a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
946a4a365d4616d821da6f4d2c36d54ca850d6a659e755152324e2f5c6c9ff64
60ef1afae839bd774d59f78c2866dad57a397db6f1c3a8432d3daa39985e040c
0ff209e9b8f4d38bf80c68879b414775ab28bc151aced58d2c6c4de220e313ca
SH256 hash:
7780ad23d267012beb097d86713f96bb7e0b154098f2683644bedc351ac8538e
MD5 hash:
6c705b8115b6f44e27d1c35c7fe4924a
SHA1 hash:
f51e734f305db8a5de86d14c28241205062727e6
Link:
https://www.unpac.me/results/a1b8aac6-a25e-4843-b7f3-504ae983e606/
SH256 hash:
a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78
MD5 hash:
e49346735116f8fbc5033091612364db
SHA1 hash:
831406c99c7f0fc1f6f7521a35df90e2e8a4f435
Link:
https://www.unpac.me/results/a1b8aac6-a25e-4843-b7f3-504ae983e606/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a393af04b058f4fead2a0b08394407510445808c02ed8ae7f80c25b756137d78

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_7c1118cbbadc95da3752c46e47a27438
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/51919/

Comments