MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 15


Intelligence 15 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb
SHA3-384 hash: ffbbc2addb54eb6f67a5343f7c96c3f7c49b4aca04356bce740fde2ef8a283491cd6df71d8c49840c11ff4d4a2a41f02
SHA1 hash: a29a1b998bb9e29264aec16a56bedbcdac1dc030
MD5 hash: 7656cef15342c9d9d20e85d1ec2c3d6e
humanhash: speaker-finch-nineteen-september
File name:new-order95959688968787.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'141'936 bytes
First seen:2025-12-10 19:40:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea4e67a31ace1a72683a99b80cf37830 (74 x GuLoader, 71 x Formbook, 54 x Loki)
ssdeep 12288:UItBqBRz1NqmstXGfqT2xYtGeEGyh/ugcIZ/TfEv/yjqzcAI7cJdDrR39oxIhNhS:hyZkt+YtGpjZbEnyWz3JdDr6knTRURbp
TLSH T1E035F1A3F46891F6C6F86136F147E53F2E0A8EB526018541B3F13F5E36B29A95720B43
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 1899d0e4d4e09919 (5 x AgentTesla)
Reporter amznemu
Tags:AgentTesla exe signed

Code Signing Certificate

Organisation:Pseudogenus
Issuer:Pseudogenus
Algorithm:sha256WithRSAEncryption
Valid from:2025-10-15T03:45:27Z
Valid to:2026-10-15T03:45:27Z
Serial number: adf027b5b25702ee6e729fb51ec4248d211a50
Thumbprint Algorithm:SHA256
Thumbprint: 5ebc38e43789b6f8d7daeac6b93402a1b88cbe7b5e845693f88776cc00ec4b92
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
ID ID
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9824463a-9332-462c-b63e-32729eb56cf8/
Malware family:
guloader
Create hunting rule
ID:
1
File name:
new-order95959688968787.exe
Verdict:
Malicious activity
Analysis date:
2025-12-10 19:32:33 UTC
Tags:
guloader
Link:
https://app.any.run/tasks/89c50d44-473c-40a4-85a6-252c0bedc1e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44214/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6939ccdfbde6a3e5970ff869
Tags:
injection obfusc crypt
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug blackhole installer installer installer-heuristic masquerade microsoft_visual_cc nsis overlay signed
Link:
https://www.filescan.io/uploads/6939ccc9900ee247e8417945/reports/2048fcfa-9cbe-44ba-b972-4f7f570af34c/overview
Verdict:
Malicious
Labled as:
Trojan.PSWStealer
Link:
https://www.hybrid-analysis.com/sample/c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-12-10T04:06:00Z UTC
Last seen:
2025-12-12T04:49:00Z UTC
Hits:
~1000
Detections:
HEUR:Trojan.Win32.Makoob.gen Backdoor.Androm.HTTP.Download Trojan-Downloader.Win32.Minix.sb Trojan.Win32.Inject.sb Trojan.Win32.Guloader.sb Trojan.NSIS.Makoob.sba
Link:
https://opentip.kaspersky.com/c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb/results?tab=lookup
Malware family:
Unlabeled
Create hunting rule
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e3937f0a-b3fa-480d-bbed-f6734397f662
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/7656cef15342c9d9d20e85d1ec2c3d6e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb
Threat name:
Win32.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2025-12-10 07:33:34 UTC
File Type:
PE (Exe)
Extracted files:
39
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yvomgr23hul32cg6xgp25lajx3joucmriwwzqtclpny6nyt3ctvq._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader discovery downloader execution installer keylogger persistence ransomware spyware stealer trojan
Link:
https://tria.ge/reports/251210-ydzaksdn2y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Badlisted process makes network request
Looks up external IP address via web service
Loads dropped DLL
AgentTesla
Agenttesla family
Guloader family
Guloader,Cloudeye
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8c364e48-0693-46ae-a644-d35ff553b771
Unpacked files
SH256 hash:
c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb
MD5 hash:
7656cef15342c9d9d20e85d1ec2c3d6e
SHA1 hash:
a29a1b998bb9e29264aec16a56bedbcdac1dc030
Link:
https://www.unpac.me/results/ca0a2df2-1813-4005-bc72-3d7ba5c5795c/
SH256 hash:
c9f9cf1d69ecc1c2b2c67db4326e4d731d1493dac649f52fcb0249b014af9156
MD5 hash:
2cc79bc05c3e1b8d3fa199a38be74373
SHA1 hash:
f1b663c597b39b3a4271588894df726353dfecec
Link:
https://www.unpac.me/results/ca0a2df2-1813-4005-bc72-3d7ba5c5795c/
SH256 hash:
114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1
MD5 hash:
09c2e27c626d6f33018b8a34d3d98cb6
SHA1 hash:
8d6bf50218c8f201f06ecf98ca73b74752a2e453
Link:
https://www.unpac.me/results/ca0a2df2-1813-4005-bc72-3d7ba5c5795c/
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c55cc3475b3d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ins_NSIS_Buer_Nov_2020_1
Create hunting rule
Author:Arkbird_SOLG
Description:Detect NSIS installer used for Buer loader
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe c55cc3475b3d17bd08deb99faeac09bed2ea099145ad984c4b7b71e6e27b14eb

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/44214/

Comments