MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
SHA3-384 hash: 023020bf613ce199aab5fe911ec291ad1743d096b70aa504f3238dae284ee7b82e53e6de1225eda2a8d3a277d8dd3125
SHA1 hash: b277428e4adc3d9b2e58477e7093b8c078739d66
MD5 hash: dab66a82f2bd4a77ed52c048634b8615
humanhash: oklahoma-football-neptune-diet
File name:InevitablyDraggingHilfiger_BloombergNightclubEvidence.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:67'072 bytes
First seen:2026-06-17 01:35:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:4mreqKm+tiCX7oBurIPvVz5hyLNKhpbrfOTtJ3LjtbLJeN1OR+Oi+hArILtH1l0t:4N2Ru01wEhpeTtxnRVgOR+OXT5VlQ
Threatray 3'645 similar samples on MalwareBazaar
TLSH T14A637C0DBBC49B31D6EF877DB87249061571E26B5A03D78A4CC460B90B337D48B697E2
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
dhash icon 819191c4c6616396 (1 x AgentTesla)
Reporter BastianHein
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
_f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808.exe
Verdict:
Malicious activity
Analysis date:
2026-06-17 01:43:08 UTC
Tags:
stealer ip-check evasion agenttesla
Link:
https://app.any.run/tasks/2aa07c3a-611f-4a14-9b19-3e539ff14450

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71012/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a31fa2b1a97308eef89c200
Tags:
phishing emotet lien
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Connection attempt
Verdict:
Malicious
Labled as:
IL:Trojan.Injector
Link:
https://www.hybrid-analysis.com/sample/f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
Gathering data
Score:
3%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
Gathering data
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
Threat name:
Win64.Hacktool.Redthtz
Create hunting rule
Status:
Malicious
First seen:
2026-06-17 01:40:51 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
11 of 36 (30.56%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6fvrcmtypkezddtkihgshsxkeafjpngo5we655kv6aguhrhm7aea._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
06e9c47043312490c3fb042cd61a8960f303a48d9c535f1352dc4ee3c4eb2ff5
AgentTesla
093b27955f0d326ed5ebd547ff0400edcac29446125c691615cb6e353d4a6e34
AgentTesla
1f641beb2d66a3ffb622b07ff14f2d3a6e914545ea3914d89eb666ab5383e529
AgentTesla
2246004dbcefa75c28b2b0dde6004e5fa6427179dfb000b014e2915361ae444b
AgentTesla
5a31b27b8a41ba3387f060f9ebe9353e1fbab6b23e6b8f9ba8fb364c3c8ed5ba
AgentTesla
5fa383da92c7ab2154eb294ca812caa8aa5a028f7e4bbf9b9e61cc923c68b66e
AgentTesla
a5903b21a481d11fd8ac07ba5ec097c300f40e247906a0ce2f05f6edccb7630d
AgentTesla
dece042526daa8eabbffdfc46effc6bbf6fbd1dd6c93aaba5bb4bf308c3c6e97
AgentTesla
error
AgentTesla
f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
AgentTesla
+ 3'635 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/260617-b1yw1ahs9l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
outlook_office_path
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: AgentTesla
Unpacked files
SH256 hash:
f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808
MD5 hash:
dab66a82f2bd4a77ed52c048634b8615
SHA1 hash:
b277428e4adc3d9b2e58477e7093b8c078739d66
Link:
https://www.unpac.me/results/053beb3d-55a5-4990-b9e8-624ae9be0734/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f16b1132787a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f16b1132787a89918e6a41cd23caea200a97b4ceed89eef555f00d43c4ecf808

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:Win_FakeInstaller_PythonShellcodeLoader_Crepectl_2026
Create hunting rule
Author:SixHands
Description:Detects the analyzed fake installer sample using .key config, XOR key, and Python/fiber shellcode loader traits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/71012/

Comments