MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 15


Intelligence 15 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa
SHA3-384 hash: a10b44cedcf0128d57bcbe7cd1d2d1bcd54f5ab33cb0cc74a18adfc4036e9fbb04a86bb548219d882252395d248c13b7
SHA1 hash: f9d09b1dd9d953564b843eda037e6c034aa49593
MD5 hash: 5a87e945e3fafc42b324efc7980e849a
humanhash: fish-arizona-november-east
File name:Teklif Alma-Elekt Malz. sip. AMP282104-2 DİŞİ 2P() 2000 adet.z.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:485'376 bytes
First seen:2025-09-12 07:43:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'636 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 12288:UKqOZQ84G8CoKsXWgzbuRk9zWnx16yc7:7RQG0fNEozuGN
Threatray 1'329 similar samples on MalwareBazaar
TLSH T1D8A4D0141229DA06E0764FF11A71E2B41F78AE9AE822D31B8FC97ECF7436B509D45383
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter abuse_ch
Tags:AgentTesla exe geo TUR

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
SE SE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
TeklifAlma-ElektMalz.sip.AMP282104-2D2P2000adet.z.exe
Verdict:
No threats detected
Analysis date:
2025-09-12 07:47:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/aeebf78c-8b89-44fe-9741-218a02bd40b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27090/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c3cf41b2005259887a0387
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a process with a hidden window
Sending a custom TCP request
Creating a window
Adding an exclusion to Microsoft Defender
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/68c3cf6a732879482927c11e/reports/ff2a456a-8088-4740-ac6c-11ad1562bbd0/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-11T10:43:00Z UTC
Last seen:
2025-09-11T10:43:00Z UTC
Hits:
~1000
Detections:
Trojan.MSIL.Taskun.sb Trojan.MSIL.Inject.sb HEUR:Trojan.MSIL.Taskun.gen VHO:Trojan.MSIL.Inject.gen PDM:Trojan.Win32.Generic HEUR:Trojan.MSIL.Injector.gen
Link:
https://opentip.kaspersky.com/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa/results?tab=lookup
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0fdb429f-b568-415f-8bc3-e265b7b579d4
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1776242
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Antivirus / Scanner detection for submitted sample
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa/
Verdict:
Malicious
Threat:
Trojan.MSIL.Taskun
Link:
https://tip.neiki.dev/file/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2025-09-11 14:20:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
18 of 23 (78.26%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vvb5bg6m4jwkdmwg4wto5fx4xmd7oecre2rna6xwfckxnj7w72va._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
56f83bfe28f6d3cfae33f45b37d90f68077ec5abdcb1274718cffd01321afe0c
AgentTesla
79ee7e3483bb6b0aa47f3fb7eb00f5f2d997122917ac02d8205ed4caa595ff09
AgentTesla
a85b7578e700e44701c5d209f2508af54766db163063d2a41f14012249ca7991
AgentTesla
bb8b6590ca5c65bf55bb227ac601636414ec7c1fa1f9a603840f57e45f8f8994
AgentTesla
error
AgentTesla
f3026acc73c9537b343f2aec9eda1b51ce1eb304a15fcbdb95d88a291c2c248c
AgentTesla
+ 1'319 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250912-jk595sbn8s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/92653ef4-3516-4d55-a0f0-95547519cf9f
Unpacked files
SH256 hash:
12dda0cd3b378fbced3071df357733426bb09e47c31fcc3ba6273650f67895dc
MD5 hash:
773c55854eb467033abb78bc2b667f80
SHA1 hash:
54bfd694185cd257abb4ee6b477dba12b971b9b9
Link:
https://www.unpac.me/results/4087a7e3-07f6-4ef7-bceb-174b6f5cd3ca/
SH256 hash:
723cfc278e334de589c75f7edd771e0c1734383bd3496b758ed5edfe5435e637
MD5 hash:
73e8231b3eba31344b5c923b468aed62
SHA1 hash:
a5ed0dfc734cb5bbef30adb7ae98a9171e669ffd
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/4087a7e3-07f6-4ef7-bceb-174b6f5cd3ca/
SH256 hash:
ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa
MD5 hash:
5a87e945e3fafc42b324efc7980e849a
SHA1 hash:
f9d09b1dd9d953564b843eda037e6c034aa49593
Link:
https://www.unpac.me/results/4087a7e3-07f6-4ef7-bceb-174b6f5cd3ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ad43d09bcce26ca1b2c6e5a6ee96fcbb07f7105126a2d07af6289576a7f6feaa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/27090/

Comments