Agent Tesla - Malware Samples
345 samples tracked (rolling 30 days)
Last updated: 2026-05-08
This page lists the most recent Agent Tesla malware samples collected from MalwareBazaar. Each entry includes the SHA256 hash (linked to the MalwareBazaar sample page), original file name, file type, size, and VirusTotal detection rate where available. Samples are updated daily and retained for a rolling 30-day window.
How to Use This Data
Security teams can use these hashes in several ways. Import them into your SIEM or EDR platform to detect known Agent Tesla variants in your environment. Cross-reference file names against your email gateway logs to identify phishing campaigns delivering this family. The file type distribution reveals which delivery formats are currently in use - a shift from .exe to .msi or .js may indicate the operators are adapting to your defenses. Samples with low or missing VirusTotal detection rates are the most dangerous - these are fresh variants that may bypass signature-based protection.
About the Data
All samples are sourced from MalwareBazaar, a free malware sample sharing platform operated by abuse.ch. Detection rates come from VirusTotal. This data is provided for defensive purposes only. For the latest Agent Tesla indicators of compromise including C2 servers and domains, see the IOC page.
| SHA256 | File Name | Type | Size | Detection | First Seen | Country |
|---|---|---|---|---|---|---|
| d50dc6ec340746e7... | transferencia interbancaria (BBVA).exe | exe | 1.1 MB | 52/70 | 2026-05-08 | - |
| d26af8ac0a12fcb6... | MPM DETAILS 08.vbs | vbs | 18.6 KB | 11/61 | 2026-05-08 | - |
| a2544365eb8d51ef... | a2544365eb8d51efa9c27d98abfe60bc5e97ed6d232986f419fb3ef78c2b5696 | exe | 879.5 KB | 54/70 | 2026-05-08 | - |
| b3ab0dcd5aa22ccb... | b3ab0dcd5aa22ccb60566b1a39c51db804cd9f8c9af762facbdc08bb41a7b0cd | exe | 811.0 KB | 55/71 | 2026-05-08 | - |
| 5e8267e4935b9120... | 5e8267e4935b9120c2e4eb894b6f8748abb94b87adbfc900ad9ccc921b015c86 | exe | 809.0 KB | 54/70 | 2026-05-08 | - |
| 812ff46e29476def... | 812ff46e29476def51ad85f7ab0f7dd0ba46d978fa30850a938f001e55850958 | exe | 247.0 KB | 56/69 | 2026-05-08 | - |
| 9d195832da9b639b... | 9d195832da9b639bdd4fed66ae46abf2b1c502dd04968298815612b5f730bd60 | exe | 240.0 KB | 59/70 | 2026-05-08 | - |
| 446768b90ef97909... | 446768b90ef97909bcf2541486c74d9a657bf52111b1f3b20d165e0a4637e6ac | exe | 240.0 KB | 59/70 | 2026-05-08 | - |
| a99fa4567648892c... | a99fa4567648892c79ed2d9b9f3421dfb3ac8c0ca270ee27a49c0d67ca955054 | exe | 1.4 MB | 53/71 | 2026-05-08 | - |
| e0964b455d755a2c... | e0964b455d755a2c229ed9c7de3f7607213eb5664eb9d4b1bb69585f0405b932 | exe | 1.1 MB | 53/70 | 2026-05-08 | - |
| 394eef4c157e698b... | 3a6a0ab3db459924004565bdd50e5882bd5ea586174f525ec7e60b363ac6809c | exe | 1.1 MB | - | 2026-05-08 | - |
| 217c329b02cfddda... | 217c329b02cfdddaca6fa28289b873f9411287589bc73e9c83c952f5f39b4b2e | exe | 437.0 KB | - | 2026-05-08 | - |
| 3a6a0ab3db459924... | 3a6a0ab3db459924004565bdd50e5882bd5ea586174f525ec7e60b363ac6809c | exe | 586.0 KB | - | 2026-05-08 | - |
| d2580cc8671622a3... | d2580cc8671622a3de8659e4d7bcaab6a3b7a49e9cd619e2d19148133ce69693 | exe | 438.9 KB | - | 2026-05-08 | - |
| 790c53a59a8052ba... | 790c53a59a8052ba22dd877b3ded8db7253726074ad0c32ce0c6e1b895a82960 | exe | 1.5 MB | - | 2026-05-08 | - |
| c5b6815d50de3d03... | c5b6815d50de3d03fd763a0293f696b38b827ce6a08f879dc6f84a664317609f | exe | 1.5 MB | - | 2026-05-08 | - |
| f3906768c0969816... | f3906768c0969816dbc4ff20bc5ffb5a2bf97dbcd4bd94e105dfef32fb6cd63d | exe | 240.0 KB | - | 2026-05-08 | - |
| addc3ba270598abe... | addc3ba270598abeca0bc80477b9a9b0fa0107bacc7535e250fe7996eea96115 | exe | 240.0 KB | - | 2026-05-08 | - |
| 5cb180fc0e45f841... | 5cb180fc0e45f841c9c5dd90746b288cee30a7b3c04a8dd1384e169ef509ba41 | exe | 237.0 KB | - | 2026-05-08 | - |
| d2ba388812286877... | d2ba388812286877fbf0d5eac45f0637ad30a2c26b60878263c0ce7e6919a51a | exe | 1.1 MB | - | 2026-05-08 | - |
| 63730a04620bca56... | 63730a04620bca56f24de059c6b02a375f7d7a86e6cd299b9886a130a74cbf5c | exe | 240.0 KB | - | 2026-05-08 | - |
| 15d9a13a2816d734... | 15d9a13a2816d734cbc64b2318e49b6cad4e17c77157bbb956e985a084662372 | exe | 233.5 KB | - | 2026-05-08 | - |
| 8132870454a1a168... | 8132870454a1a16859a93c7f863186702278859f9d8c83de54816fed2c5911a5 | exe | 240.0 KB | - | 2026-05-08 | - |
| 4c71fcd0f1afdcab... | 4c71fcd0f1afdcab34d9b9e8701b64c9fd8326eaf31d6e24bf6a828baabc91ed | exe | 1.2 MB | - | 2026-05-08 | - |
| 2f295e50760e14d6... | 2f295e50760e14d62c5789c91bb916c82c7c29874adcc184f2184ae6d0b601d8 | exe | 237.0 KB | - | 2026-05-08 | - |
| dd195c81158735a1... | dd195c81158735a156fd0132539c05fd3046451bf81acb0a49c68424b252bbd4 | exe | 237.0 KB | - | 2026-05-08 | - |
| e8fb87b0c14477db... | e8fb87b0c14477db9bb441865d5d401bc6fe0ea103852b9d4c9d17e07e6b855c | exe | 233.5 KB | - | 2026-05-08 | - |
| fb5cf522b8bf772d... | fb5cf522b8bf772dfdabc57b8283778303f2d0e8067a78a5ef4b358fa62cbbcf | exe | 237.0 KB | - | 2026-05-08 | - |
| 2706716e9372377e... | MPM DETAILS 02.vbs | vbs | 17.3 KB | - | 2026-05-08 | - |
| 49db8e3c17ce4c1f... | Faktur Kiriman Mei dan April.vbe | vbe | 50.6 KB | - | 2026-05-08 | - |
| 8a50e77e71dcb8c9... | BIK1911486_20260507.js | js | 70.9 KB | - | 2026-05-08 | - |
| 4c139287c612e99f... | HGJO9876789.JS | js | 3.3 MB | - | 2026-05-08 | - |
| f5911ffc5481244d... | Payment.JS | js | 3.8 MB | - | 2026-05-08 | - |
| f9e2a9d27926c288... | DOCX.js | js | 36.4 KB | - | 2026-05-08 | - |
| 8b8ca853a36d772f... | SWIFT COPY.JS | js | 3.2 MB | - | 2026-05-08 | - |
| 0c2e62e767632890... | SWIFT COPY.rar | rar | 1.1 MB | - | 2026-05-08 | - |
| 3b96167959ddd108... | Comprobante de pago (PAGOS DE LA BBVA).exe | exe | 949.0 KB | - | 2026-05-08 | - |
| 0f14964c2ef739e4... | Inquiry For Quotation.exe | exe | 914.0 KB | - | 2026-05-07 | - |
| b8b42222a84599be... | 20260507-002815.js | js | 350.2 KB | 4/59 | 2026-05-07 | - |
| 09783fa659755aba... | Factura de pago_FAC-2026INV0507B_pdf.exe | exe | 1.1 MB | 37/70 | 2026-05-06 | - |
| ce88a6ba648105ba... | Ogooo crypted.exe | exe | 896.5 KB | 46/70 | 2026-05-06 | - |
| ba5667043566050e... | quotation.exe | exe | 918.0 KB | 48/68 | 2026-05-06 | - |
| 4d7e7e33d21e8fce... | RFQ 206.JS | js | 3.2 MB | 9/60 | 2026-05-06 | - |
| 23fb715b157db7e9... | Bank Details.JS | js | 3.2 MB | 18/56 | 2026-05-05 | - |
| 0042f2aeb3ffdda7... | MPM DETAILS.vbs | vbs | 16.3 KB | 26/58 | 2026-05-05 | - |
| f1eb6a131e6e6244... | Orden de compra.exe | exe | 1.0 MB | 41/63 | 2026-05-05 | - |
| c38ce940408c9ec3... | Quotation. [RFQ 28042026].exe | exe | 924.5 KB | 45/68 | 2026-05-05 | - |
| 30aaf6117b38d0cf... | New Order PO7656-05-04 Confirmation PI Request_pdf.js | js | 3.2 MB | 17/58 | 2026-05-05 | - |
| d161b22dd5396846... | Booking_confirmation.js | js | 2.1 MB | 8/44 | 2026-05-05 | - |
| e82e0cdbbd2c4d1f... | New_Order_0825.js | js | 35.9 KB | 25/56 | 2026-05-05 | - |
| 4daa6f80afcb090e... | Booking_confirmation.js | js | 2.4 MB | 14/58 | 2026-05-05 | - |
| 3e05bf9d50234c3b... | Booking_New_78 (1).vbs | vbs | 17.0 KB | 25/60 | 2026-05-05 | - |
| b93d524c1d169826... | RFQ#2617-3089 Data Sheet.rar | rar | 4.9 MB | 6/61 | 2026-05-05 | - |
| 2d97b013295699f2... | factura.exe | exe | 900.5 KB | 39/59 | 2026-05-04 | - |
| 9ae26cc6991960a5... | PO#7A68D20.js | js | 404.5 KB | 21/59 | 2026-05-04 | - |
| 5ef2622fd50d4bfa... | STAR APHRODITE.JS | js | 3.8 MB | 8/59 | 2026-05-04 | - |
| 82e69580ffd35180... | Request for Quotation_pdf_.JS | js | 3.8 MB | 10/59 | 2026-05-04 | - |
| 0f32723cc94b58c7... | SecuriteInfo.com.FileRepMalware.93763227 | exe | 278.0 KB | 13/64 | 2026-05-04 | - |
| ac7b40b43f0ff44f... | Order4884000-100393884849-00949599059.exe | exe | 295.1 KB | 30/70 | 2026-05-04 | - |
| 52dfa8dfe734f2c5... | Order4884000-100393884849-00949599059.tar | tar | 300.0 KB | 12/60 | 2026-05-04 | - |
| 74b74a44654abaa5... | msedge_elf.dll | exe | 1.6 MB | 23/67 | 2026-05-04 | - |
| e26d72f2cffa2589... | apphost.exe | exe | 12.6 MB | 39/71 | 2026-05-01 | - |
| 4a2b467d82386119... | Nota de credito A12345-045_20260403_pdf.scr.exe | exe | 1.0 MB | 24/43 | 2026-04-30 | - |
| 1bcef2581d32b1f6... | transferencia interbancaria (BBVA).exe | exe | 905.0 KB | 45/71 | 2026-04-30 | - |
| ecf3df65f1cedcfb... | ps_hOPsODWIDoNG_1777557350732.ps1 | ps1 | 1.0 MB | 12/62 | 2026-04-30 | - |
| 5c42ae22ed7aede2... | Bank slip.js | js | 1.4 MB | 11/61 | 2026-04-30 | - |
| d7708b90c0cbdb51... | d7708b90c0cbdb51cdcefb0611814025ef38bcd328adcf6e71f7800941368b3b.zip | zip | 1019.6 KB | 7/65 | 2026-04-30 | - |
| 59830d1c568bd43c... | Quotation. RFQ # 28042026.bat | bat | 146.7 KB | 14/61 | 2026-04-30 | - |
| fcdc9dc5e0611111... | ps_jtyDeIATCYsX_1777549472909.ps1 | ps1 | 1.0 MB | 9/62 | 2026-04-30 | - |
| 9aa087f314de89ae... | New Order 26OF-03091.rar | rar | 1013.3 KB | 14/55 | 2026-04-30 | - |
| b5369b3e51c2da6d... | New Order 26OF-03091.js | js | 1.5 MB | 13/47 | 2026-04-30 | - |
| 7d61c99238da9f8e... | Po90596934T9TUTJTT.exe | exe | 534.2 KB | 23/70 | 2026-04-30 | - |
| b6f014a30776ee28... | 20260430-77923.js | js | 358.7 KB | 2/60 | 2026-04-30 | - |
| 51733c13babc03c1... | IMG20260430-00692.js | js | 357.7 KB | 4/60 | 2026-04-30 | - |
| b68bf218f8c5281b... | cosco110093456798765.exe | exe | 527.0 KB | 31/71 | 2026-04-30 | - |
| b76e2a42b82dbfab... | PO-10045_2026-04-30.exe | exe | 546.9 KB | 20/70 | 2026-04-30 | - |
| 2446f05639a644c1... | ca983e4f99b29b2706d0a255148ea04831a05454.gz | gz | 550.0 KB | 18/63 | 2026-04-30 | - |
| bd819115bc8e6f34... | mpclient.dll | exe | 1.4 MB | 22/71 | 2026-04-30 | - |
| 0c14d699e3a268a0... | ps_siB1QD91BhCP_1777486468964.ps1 | ps1 | 1.0 MB | 15/62 | 2026-04-29 | - |
| 7e29c0706f165318... | Transferencia bancaria correspondiente a la factura 204A con fecha 28032026.js | js | 1.5 MB | 15/61 | 2026-04-29 | - |
| 3546f7131eec3d31... | Transferencia bancaria correspondiente a la factura 204A con fecha 28032026.rar | rar | 995.1 KB | 14/62 | 2026-04-29 | - |
| cc3e0b23600bdcb5... | ps_gYdiu7dmKWRR_1777465687660.ps1 | ps1 | 299.7 KB | 12/62 | 2026-04-29 | - |
| 9f8a5b64565e4bda... | New Order list_pdf.exe | exe | 862.0 KB | 49/71 | 2026-04-29 | - |
| 2b5063957a9c4107... | QS48890.js | js | 38.5 KB | 24/61 | 2026-04-29 | - |
| 736a4eb5d2963b75... | Quotation. RFQ # 28042026.bat | bat | 146.7 KB | 8/61 | 2026-04-29 | - |
| 244c62ef5913051f... | Yak_Final.cmd | cmd | 4.1 MB | 2/61 | 2026-04-29 | - |
| 2b6459d295e4969b... | BANK_PAYMENT_ADVICE09345.JS | js | 3.0 MB | 5/61 | 2026-04-29 | - |
| 13a62292bc7cca51... | msedge_elf.dll | exe | 1.7 MB | 29/68 | 2026-04-29 | - |
| f09d61b53f6c256a... | PO.Scanned document.js | js | 38.5 KB | 22/61 | 2026-04-28 | - |
| b58f9968eaed4850... | ps_IrOzYWoKxXse_1777395258665.ps1 | ps1 | 945.1 KB | 9/62 | 2026-04-28 | - |
| 8b8307812d5a8ec3... | SCS0503-042826-0305.js | js | 18.2 KB | - | 2026-04-28 | - |
| 730a0ee8f653c776... | hbngtterwmnmjcvedcdpoetyrhwexc.js | js | 1.3 MB | 9/60 | 2026-04-28 | - |
| 1ed47310c92f94b4... | SCS0503-042826-0305.tar | tar | 20.0 KB | 5/60 | 2026-04-28 | - |
| 6e40a294a8bc83a9... | 20260428-00326.js | js | 19.1 KB | 2/60 | 2026-04-28 | - |
| 68cb2ed7cdf127b1... | copia de factura.bat | bat | 56.5 KB | 22/61 | 2026-04-28 | - |
| 1aa4452c75576466... | PI FG00947001 TechnosoundREF 26008.hta | hta | 2.3 MB | 13/60 | 2026-04-28 | - |
| 646fbc1fad26ad07... | Po.0968978AGTH68886869.exe | exe | 758.8 KB | 44/66 | 2026-04-28 | - |
| c1809985bc96ceb0... | PO NO. POD00000917 .exe | exe | 725.0 KB | - | 2026-04-28 | - |
| 5300e3303b8d3213... | Quote 240145.exe | exe | 959.5 KB | - | 2026-04-28 | - |
| 7389bea975cfb69d... | msedge_elf.dll | exe | 2.3 MB | - | 2026-04-28 | - |