MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd
SHA3-384 hash:	c5561df2af9f35b288d38b30e1f9fc86b71873c3a694f97e67cfc10a5fa255ab287cf2c97ad6bd858234bb00e0d901b0
SHA1 hash:	1c7fee115add47cfcbf0b52cc4dadaab49822cd6
MD5 hash:	50acfe04895576bffcb090a21818f4f8
humanhash:	sink-california-dakota-enemy
File name:	b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	830'464 bytes
First seen:	2026-05-08 13:17:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'930 x AgentTesla, 19'824 x Formbook, 12'310 x SnakeKeylogger)
ssdeep	12288:fAUzInAUz9QNHiUpp85QQzvVgpk8IAoG6ILHrZfI:fD+9epkQSEk8IAoG6I/t
Threatray	1'289 similar samples on MalwareBazaar
TLSH	T19505E0316E821614D67E1F79C05231296BB8CD476286E71FAEEE31B50E727C6CB0F891
TrID	73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win64 Executable (generic) (6522/11/2) 4.5% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

151

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/34b9e290-3044-4a04-858d-d48d96b9b7c7/

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-05-08 19:38:17 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cec3a37d-26fb-45d2-b28a-4903214a2f23

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/65272/

Detection(s):

Win.Packed.Malwarex-10059342-0

Gathering data

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

crypt obfuscated obfuscated vbnet

Link:

https://www.filescan.io/uploads/69fde36d2fcb905ec2888227/reports/5a7f5a8e-a04e-4ab2-b37f-7f5f0bae5f64/overview

Verdict:

Malicious

Labled as:

Trojan.MSIL.Basic.8

Link:

https://www.hybrid-analysis.com/sample/b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-04-15T12:28:00Z UTC

Last seen:

2026-05-10T00:12:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd/results?tab=lookup

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b993b99b-584b-4ffd-b296-b4968737b2cc

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd/

Threat name:

ByteCode-MSIL.Spyware.Negasteal

Status:

Malicious

First seen:

2026-04-15 18:56:52 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 36 (69.44%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wovq3tk2uiwmwycwnmndtri5xacm3h4mtl3wf6wl3qelwqnhwdgq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

1d2db76233b09e357be8dd7324f6b7dff6a9f8082e12ba057508c478d6523e01

AgentTesla

7ac6aca27080b1a7a5c212363ef2ab61e5a34ef7f14ff2a83648bd1c77200011

AgentTesla

d2bbb4a1976cda4875e34682da19d64d1e54a5042cd79ddbf92e3da931d8ce28

AgentTesla

+ 1'279 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/260508-qlf5zads3r/

Behaviour

System Location Discovery: System Language Discovery

.NET Reactor proctector

Unpacked files

SH256 hash:

b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd

MD5 hash:

50acfe04895576bffcb090a21818f4f8

SHA1 hash:

1c7fee115add47cfcbf0b52cc4dadaab49822cd6

Link:

https://www.unpac.me/results/416aa032-5895-421e-8c00-999568c6ce09/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/65272/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample