MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3
SHA3-384 hash: 2e0ba0588b4b52448aa73e5f573d6909ab053f15df877cdc2993a02410ca208e2df4fcaa14223c73a6563dc5073996da
SHA1 hash: e990775bceabda21731c1e119603f5f3be98469a
MD5 hash: 80c69db8fa1d38655b9e016cd047621e
humanhash: two-queen-ohio-zebra
File name:New-order736363637364674.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'117'672 bytes
First seen:2025-12-10 19:40:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea4e67a31ace1a72683a99b80cf37830 (74 x GuLoader, 71 x Formbook, 54 x Loki)
ssdeep 12288:xItBqc0MW13Ky5aq+smuRkohN+L+exvGhTFsZoPdTuRtGn1O8+X08Nfx64nomb:6yc0MW9K+a1+Rkoe+p+GPdTu21OtdNf/
Threatray 2'446 similar samples on MalwareBazaar
TLSH T1FB35E163F46892F5C7F86072F147E63F2A0A9EA156018541B3F13F9E3AB2A755720B43
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 1899d0e4d4e09919 (5 x AgentTesla)
Reporter amznemu
Tags:AgentTesla exe ftp-holzbrenzii-com signed

Code Signing Certificate

Organisation:Carboras
Issuer:Carboras
Algorithm:sha256WithRSAEncryption
Valid from:2025-12-03T10:14:09Z
Valid to:2026-12-03T10:14:09Z
Serial number: 0587a68f6aafa2fb306e2185a865620ad15a4624
Thumbprint Algorithm:SHA256
Thumbprint: d9767401685b279980cdc925195f5f2dafccc8a027e7a82eb4ea321bbdb8e5a5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
ID ID
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6612c76c-32a3-493a-af16-f81e7ed2c658/
Malware family:
n/a
ID:
1
File name:
_fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3.exe
Verdict:
Malicious activity
Analysis date:
2025-12-10 19:45:00 UTC
Tags:
stealer evasion ultravnc rmm-tool
Link:
https://app.any.run/tasks/5fbb008f-a808-4143-aba8-4df3b0383721

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44219/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6939cd1fbde6a3e5970ff93a
Tags:
injection obfusc crypt
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug blackhole installer installer installer-heuristic masquerade microsoft_visual_cc nsis overlay signed
Link:
https://www.filescan.io/uploads/6939cce3cf690d27f3dba966/reports/83b46f11-78bb-4c9b-841c-63d337d441a6/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-12-10T03:45:00Z UTC
Last seen:
2025-12-12T11:55:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Agensla.TCP.C&C Backdoor.Androm.HTTP.Download UDS:DangerousObject.Multi.Generic Trojan.Makoob.HTTP.C&C HEUR:Trojan.Win32.Makoob.gen Trojan-Downloader.Win32.Minix.sb Trojan.Win32.Inject.sb Trojan.Win32.Guloader.sb Trojan.NSIS.Makoob.sba
Link:
https://opentip.kaspersky.com/fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3/results?tab=lookup
Malware family:
Unlabeled
Create hunting rule
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c1aa9b18-b948-445c-a0fc-4d85cc0fa403
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/80c69db8fa1d38655b9e016cd047621e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3
Threat name:
Win32.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2025-12-10 12:03:59 UTC
File Type:
PE (Exe)
Extracted files:
39
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=73n3cxbleaqqnrcsnmastgq742jcwcxyo47h3xmcalrmthc6itjq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
0199de3c22dbb41a7cae1c6d5dfef4733b55fad2c58d59045f9a6093bac350ec
AgentTesla
07f443bca50ef0a5605591e31830f4e14c9b5c1c6d392bc0f12057f88ad4ae5e
AgentTesla
15f59282ba4232125d82540bcaf82e77047b209ca34c092c84061cd43e835ace
AgentTesla
161a1575e84ea9637ad7d7905c008f06b2146dc5d46bb44b76763601d26c39e6
AgentTesla
17c85a64041b0a442cebc9dacd04fb0742ff04939ba716f996f532ff0ff9e592
AgentTesla
5ca2ad629da920bdd3ee4316019a390d254df0bda2918e9fd57ff623d7fba5a3
AgentTesla
9b9fcb296cd4e5539ae24d88a44d1269ab4eafaecf7b4677537f2896527eb840
AgentTesla
abd99bf17b7cf13044a064cfd6d73d38a19706ba46222e05e4893b188fbe9cd9
AgentTesla
acf098d8c20fe81ae8e1375c1097b543f9bf8235d1d20821a7f3893fbcc99a26
AgentTesla
beecd658bfb84b9c4be5988df3743d231c405bc7ef8dce0a0eb5bbce668c7760
AgentTesla
+ 2'436 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader discovery downloader execution installer keylogger persistence ransomware spyware stealer trojan
Link:
https://tria.ge/reports/251210-yeanls1lfk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Badlisted process makes network request
Looks up external IP address via web service
Loads dropped DLL
AgentTesla
Agenttesla family
Guloader family
Guloader,Cloudeye
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9d57080b-651b-425b-b666-c838e31947cf
Unpacked files
SH256 hash:
fedbb15c2b202106c4526b01299a1fe6922b0af8773e7ddd8202e2c99c5e44d3
MD5 hash:
80c69db8fa1d38655b9e016cd047621e
SHA1 hash:
e990775bceabda21731c1e119603f5f3be98469a
Link:
https://www.unpac.me/results/392be224-9335-426d-b916-18c458e077eb/
SH256 hash:
c9f9cf1d69ecc1c2b2c67db4326e4d731d1493dac649f52fcb0249b014af9156
MD5 hash:
2cc79bc05c3e1b8d3fa199a38be74373
SHA1 hash:
f1b663c597b39b3a4271588894df726353dfecec
Link:
https://www.unpac.me/results/392be224-9335-426d-b916-18c458e077eb/
SH256 hash:
114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1
MD5 hash:
09c2e27c626d6f33018b8a34d3d98cb6
SHA1 hash:
8d6bf50218c8f201f06ecf98ca73b74752a2e453
Link:
https://www.unpac.me/results/392be224-9335-426d-b916-18c458e077eb/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fedbb15c2b20/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ins_NSIS_Buer_Nov_2020_1
Create hunting rule
Author:Arkbird_SOLG
Description:Detect NSIS installer used for Buer loader
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/44219/

Comments