Agent Tesla - Malware Samples
148 samples tracked (rolling 30 days)
Last updated: 2026-04-17
This page lists the most recent Agent Tesla malware samples collected from MalwareBazaar. Each entry includes the SHA256 hash (linked to the MalwareBazaar sample page), original file name, file type, size, and VirusTotal detection rate where available. Samples are updated daily and retained for a rolling 30-day window.
How to Use This Data
Security teams can use these hashes in several ways. Import them into your SIEM or EDR platform to detect known Agent Tesla variants in your environment. Cross-reference file names against your email gateway logs to identify phishing campaigns delivering this family. The file type distribution reveals which delivery formats are currently in use - a shift from .exe to .msi or .js may indicate the operators are adapting to your defenses. Samples with low or missing VirusTotal detection rates are the most dangerous - these are fresh variants that may bypass signature-based protection.
About the Data
All samples are sourced from MalwareBazaar, a free malware sample sharing platform operated by abuse.ch. Detection rates come from VirusTotal. This data is provided for defensive purposes only. For the latest Agent Tesla indicators of compromise including C2 servers and domains, see the IOC page.
| SHA256 | File Name | Type | Size | Detection | First Seen | Country |
|---|---|---|---|---|---|---|
| bf2b734d1cb30d91... | Nómina de ABRIL de 2026 56474783.vbs | vbs | 2.5 MB | 20/61 | 2026-04-17 | - |
| 5fec327401ff89b2... | NEW ORDER 46474.vbs | vbs | 3.1 MB | 18/61 | 2026-04-17 | - |
| 24853fefd3befc10... | ZENITH SOA 07-04.JS | js | 5.7 MB | 16/59 | 2026-04-17 | - |
| dc8cf522fa384259... | Solicitud de cotización - RFQ adjunta.js | js | 1.3 MB | 16/40 | 2026-04-17 | - |
| c2ffe85aec4fa6a6... | Credit Note A12345-045_20260403_pdf.js | js | 1.5 MB | 17/58 | 2026-04-17 | - |
| bd71fc1f8aa88867... | 4201022043.PDF.js | js | 33.1 KB | 19/57 | 2026-04-17 | - |
| 535ebd25b817bf90... | CHECKLIST EXPEDIENTE SANTANDER.js | js | 1.4 MB | 20/58 | 2026-04-17 | - |
| 6184bb1d65ed1915... | MoneyCorp transaction_4-17-26.pdf.js | js | 1.4 MB | 24/57 | 2026-04-17 | - |
| 6bdcccd6ccb6b651... | Nuevo pedido urgente.js | js | 1.4 MB | 18/47 | 2026-04-17 | - |
| e9344245c5768fd8... | Order Confirmation.js | js | 242.4 KB | 22/62 | 2026-04-17 | - |
| ed830693d6acceae... | Estado de cuenta.exe | exe | 560.0 KB | - | 2026-04-17 | - |
| b510efb2ba6dab57... | ANG FORM MODIFICATIONBANK DETAILS_pdf.js | js | 2.2 MB | - | 2026-04-17 | - |
| 7ac6aca27080b1a7... | transferencia interbancaria (BBVA).exe | exe | 2.4 MB | 38/71 | 2026-04-16 | - |
| 91aec6948b9366f7... | Informe_Nomina_Consolidado_Abril_2026_Final.pdf.UU | rar | 34.0 KB | 24/62 | 2026-04-16 | - |
| aa9a26dbe5fcfab9... | Notificacion de envio de DHL FACTURA CONOCIMIENTO DE EMBARQUE.exe | exe | 560.0 KB | 51/72 | 2026-04-16 | - |
| 394d2b1ddf9136ae... | CMC PRM SOA MARCH 20TH 2026.hta | hta | 2.2 MB | 8/61 | 2026-04-16 | - |
| 8e0350a63f2f0f98... | NEW_ORDER028348567.exe | exe | 399.1 KB | 29/72 | 2026-04-16 | - |
| 98472b134ae42713... | transferencia interbancaria (BBVA).exe | exe | 556.0 KB | 49/72 | 2026-04-15 | - |
| 6f2d24d940e83558... | 20260415-03841.js | js | 22.2 KB | 9/57 | 2026-04-15 | - |
| 54606f52cc55c899... | Pre-alert.js | js | 303.7 KB | 4/46 | 2026-04-15 | - |
| c34d450925e87b99... | HT02528_8w77.js | js | 1.4 MB | 15/62 | 2026-04-15 | - |
| c16b9549139f0b8f... | Inquiry.JS | js | 5.9 MB | 10/61 | 2026-04-15 | - |
| 5870431bba2eb9f6... | PAYMENT RECEIPT.js | js | 1.3 MB | 20/62 | 2026-04-15 | - |
| 9d27ae295284736c... | Solicitud de cotización - RFQ adjunta.js | js | 1.3 MB | 10/35 | 2026-04-15 | - |
| 566c49c5bc4d5edd... | docx.JS | js | 5.7 MB | 8/62 | 2026-04-15 | - |
| bf70216afcd00c6f... | 文档82524.exe | exe | 5.0 MB | 43/72 | 2026-04-15 | - |
| 966db77aadcffd5a... | 966db77aadcffd5a26f558080d931473816f2c823105899226b78d513f9a9fa5.tar | tar | 2.1 MB | 18/62 | 2026-04-15 | - |
| d2905e367942c640... | quotation.exe | exe | 1.1 MB | 48/67 | 2026-04-15 | - |
| 0d653099e96f69fa... | SJGCPJXFHDPFTDJI.zip | zip | 3.7 KB | 14/64 | 2026-04-15 | - |
| a5bcd997e541d7fb... | Nuovo ordine.JS | js | 6.4 MB | 11/56 | 2026-04-15 | - |
| d210faa70538372c... | Nuovo ordine.tar | tar | 2.1 MB | 16/63 | 2026-04-15 | - |
| 6c2025959b77c395... | 6c2025959b77c3958ef1f80b06a633edc649631b3d96536df1efa0f7b85cee2c.tar | tar | 10.6 KB | 15/56 | 2026-04-15 | - |
| 517ce010c5a304a7... | fibulae.afm.js | js | 347.6 KB | - | 2026-04-15 | - |
| 3a9019bc4d0b7731... | IMG20260415-02271.js | js | 22.7 KB | - | 2026-04-15 | - |
| 86aaf69bc8b82fde... | n20260415-03841.tar | tar | 10.4 KB | - | 2026-04-15 | - |
| fe5195961a44ebda... | PO-012447.JS | js | 5.7 MB | 7/62 | 2026-04-15 | - |
| 3a99e7cdc5000d4d... | ORDEN DE COMPRA.js | js | 409.3 KB | 18/58 | 2026-04-15 | - |
| 2ae11e2017204b95... | COTIZACIÓN DEL PRODUCTO.js | js | 1.4 MB | 9/57 | 2026-04-15 | - |
| 3359619c9f75f1c0... | POENGG032.js | js | 1.4 MB | 18/59 | 2026-04-15 | - |
| 3879be5488a07314... | Nuevo pedido, mayor volumen.js | js | 1.3 MB | 21/59 | 2026-04-15 | - |
| 2eb0e981d79aa840... | PI.js | js | 246.4 KB | 8/61 | 2026-04-15 | - |
| 6e47778ad5046be5... | Transaction_Payment_Confirmation_4-14-26.js | js | 1.4 MB | 17/62 | 2026-04-15 | - |
| 9bc212887407c19f... | EX770068372396.PDF.vbs | vbs | 500.7 KB | 17/59 | 2026-04-15 | - |
| 1598957a65b6264b... | XL-83635.vbs | vbs | 17.9 KB | 11/62 | 2026-04-15 | - |
| 3c6fd17b9f959fcb... | HT0-3673.vbs | vbs | 17.9 KB | 11/62 | 2026-04-15 | - |
| 3ce21e396cd19b8c... | urjcwiyk.JS | js | 5.7 MB | - | 2026-04-15 | - |
| 16f765586b9c9e51... | e-dekont.js | js | 384.5 KB | - | 2026-04-15 | - |
| 66aae0218e3375fb... | DHL TELEX GUIA 1Z4815906897663406 Confirmación de envío 1Z481590689766666.vbs | vbs | 2.7 MB | - | 2026-04-15 | - |
| a53596af683dd07d... | Nómina de ABRIL de 2026 14848483.vbs | vbs | 2.8 MB | - | 2026-04-15 | - |
| 04479c87f9174eec... | Consulta de compra NPI202604007.vbs | vbs | 2.8 MB | - | 2026-04-15 | - |
| 6f9fb70c2f5b6704... | GENNEXCORPS LIFESCIENCES SMF TRADING.JS | js | 5.7 MB | - | 2026-04-15 | - |
| 74164a66eb155d2e... | MV_GARDENIA_K_VESSEL_PARTICULARS (5).exe | exe | 649.5 KB | - | 2026-04-15 | - |
| ace4105ecee76b1e... | BANK_PAYMENT_SWIFT00938456.exe | exe | 649.5 KB | - | 2026-04-15 | - |
| 40bfdb62bcd0ad5f... | NEW_PURCHASE_ORDER029345.exe | exe | 649.5 KB | - | 2026-04-15 | - |
| fd090a601c7e1d26... | Cotizacion_247_20260_Pdf.js | js | 1.4 MB | - | 2026-04-14 | - |
| 594f877327f37b0f... | nFormulario_de_.tar | tar | 25.6 KB | - | 2026-04-14 | - |
| 2c8bdb1697334d41... | Purchase Order 2684.js | js | 1.4 MB | - | 2026-04-14 | - |
| 0473d5c52ecebd5b... | NOVA COMANDA 79862.js | js | 1.4 MB | - | 2026-04-14 | - |
| beda707c37b8ac68... | beda707c37b8ac685d3676e6deb491cf45277c39d80cab10b6b9d67c0ec2efd9 | exe | 1.5 MB | - | 2026-04-14 | - |
| c8e7131b8bbbfa36... | CopiaDelPagamento14042026.exe | exe | 636.4 KB | - | 2026-04-14 | - |
| 77391131a0a0da51... | nCopiaDelPagamento14042026.tar | tar | 640.0 KB | - | 2026-04-14 | - |
| d05f34f96070e283... | PO 86438.JS | js | 5.9 MB | 11/62 | 2026-04-14 | - |
| 61633f15878a2dbc... | Comprobante de pago (TRANSFERENCIA).xml.vbs | vbs | 2.7 MB | 5/58 | 2026-04-14 | - |
| 4549500a13d2e4ee... | orden de compra.js | js | 1.4 MB | 21/61 | 2026-04-14 | - |
| 218f94564cd1173b... | 13042026_1047_11042026_RFQ_PURCHASE_ORDER0834576834.zip | zip | 1.4 MB | 37/67 | 2026-04-13 | - |
| 458006548ab9c613... | New Order 96342#.exe | exe | 980.4 KB | 43/72 | 2026-04-13 | - |
| 59221ef93ad609df... | New_Order96342.iso | iso | 1.5 MB | 32/63 | 2026-04-13 | - |
| 78417f6462aba815... | offlinejs.js | js | 1.4 MB | 28/62 | 2026-04-13 | - |
| e3299b434ea8094b... | new order pdf.rar | rar | 971.7 KB | 26/62 | 2026-04-13 | - |
| 2a66517cedacb808... | ORDINI.exe | exe | 564.0 KB | 41/71 | 2026-04-13 | - |
| 0cacede7d5990b1b... | szd53x7t.rar | rar | 144.1 KB | 33/64 | 2026-04-13 | - |
| fc0fabde06751d72... | transferencia interbancaria (BBVA).exe | exe | 552.0 KB | - | 2026-04-13 | - |
| 8a115a360f3bd26e... | Bookings_134.vbs | vbs | 17.3 KB | - | 2026-04-13 | - |
| f245d3cca0205ddf... | ORDER_SPECIFICATION 073_2820.vbs | vbs | 17.2 KB | - | 2026-04-13 | - |
| d2ec143140403176... | Purchase Order.JS | js | 5.9 MB | - | 2026-04-13 | - |
| d79596639850225c... | SALE CONTRACT PO.XJ210821Q.JS | js | 5.9 MB | - | 2026-04-13 | - |
| b4b2def9b20e63ab... | Transaction_Payment_Confirmation_4-13-26.pdf.js | js | 1.4 MB | - | 2026-04-13 | - |
| 590375790628820d... | New Purchase Order PO#8776374647863 pdf.JS | js | 5.9 MB | - | 2026-04-13 | - |
| 9a787f39692d131a... | Telex swift copy.JS | js | 5.9 MB | - | 2026-04-13 | - |
| b22c56c0c809bda9... | Quotation_Request_Documents_SERWIS_KOP.pdf.JS | js | 5.9 MB | - | 2026-04-13 | - |
| e4ca434fb241974f... | PO G2605-3445.exe | exe | 1.2 MB | 44/72 | 2026-04-12 | - |
| ce06a5de9e128121... | Proforma Invoice 0098374848464847434.js | js | 61.3 KB | 24/62 | 2026-04-09 | - |
| 028024acb1f34b3b... | PO-05870.bat | bat | 196.0 KB | 4/48 | 2026-04-09 | - |
| 765e69564a235c9e... | Vessel_Main_Specifications (5).exe | exe | 969.0 KB | 46/72 | 2026-04-09 | - |
| 9cf9403b0141d986... | NEW REQUEST FOR NCT Holland BV.js | js | 61.4 KB | 23/62 | 2026-04-09 | - |
| 642687daf4a3bd20... | NOVA COMANDA 79862.js | js | 2.5 MB | 24/61 | 2026-04-09 | - |
| 97dfe97161a223b7... | Request for quotation.js | js | 61.1 KB | 25/62 | 2026-04-09 | - |
| dbd1ec2ef6ad2c7e... | POG2605-3445.js | js | 1.4 MB | 11/62 | 2026-04-09 | - |
| 9ca5bd830644a955... | SO-615-S200425.JS | js | 4.0 MB | 12/62 | 2026-04-09 | - |
| 565f109e265be6d6... | offlinejs.js | js | 1.3 MB | 19/61 | 2026-04-09 | - |
| d2bc3ce27c2b61a4... | Outstanding Invoice & Statement.js | js | 1.4 MB | 9/46 | 2026-04-09 | - |
| d3493a68bd93d1a4... | PO0852026.js | js | 407.4 KB | 11/60 | 2026-04-09 | - |
| cb8d00a44cfd8bc6... | Nómina de ABRIL de 2026-987587854.vbs | vbs | 2.6 MB | 13/61 | 2026-04-09 | - |
| d6921719449e803c... | April 2026 payroll 8484738383.js | js | 1.8 MB | 17/41 | 2026-04-09 | - |
| 20ad64d0aadcdac6... | 6Kv1C4MS24fVFPcc.js | js | 316.5 KB | 18/60 | 2026-04-09 | - |
| b2c9f62883835341... | INVOICE COPY.js | js | 408.0 KB | 23/62 | 2026-04-09 | - |
| 3a3d2ed1e6bf9cd0... | Doc_0122_04_07_pdf.vbs | vbs | 17.2 KB | 22/62 | 2026-04-09 | - |
| d9a37b7365943efa... | IMG20260407-00371.js | js | 154.6 KB | 5/54 | 2026-04-09 | - |
| c580c9599b54360d... | 20260407-00325.js | js | 155.4 KB | 20/51 | 2026-04-09 | - |
| b01dd3b637e30813... | DELIVERYNOTE-DHL-ARRIVAL850123324624623569354868707.vbs | vbs | 2.7 MB | 11/62 | 2026-04-09 | - |