MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b
SHA3-384 hash:	9466a11159ec947b97c7e6d1e6bed24118e338124ee23722f604d07b8fc112657d0f1cd96d2eadebf813b710d4f666c5
SHA1 hash:	0af498c6c9e734208354930097164626eeb85425
MD5 hash:	e5eadc202e9611c6219a73f820211d89
humanhash:	mississippi-papa-victor-tango
File name:	MT103_Euro_162,024.40 _ March - July 2025.js
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'166 bytes
First seen:	2025-08-12 13:40:30 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	48:7cx4S/wSk1VX1ujeH4sKVZKLWNo+OMTEurLyg:OR/wBCjeHqALV+Ocxj
Threatray	181 similar samples on MalwareBazaar
TLSH	T16B41B48E3D83B0900B9799D7AD5E4B4BE226DC5C205EA502F022F0D83C6C779926F6A4
Magika	javascript
Reporter	abuse_ch
Tags:	AgentTesla js

Intelligence

File Origin

# of uploads :

1

# of downloads :

49

Origin country :

SE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=689b446bfca70bd90e8effd7

Tags:

dropper spawn micro

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive obfuscated

Link:

https://www.filescan.io/uploads/689b45ea9ef4d2ff7cf87226/reports/2ab475b5-624b-4440-89e6-1ba24708dd55/overview

Verdict:

Malicious

Labled as:

Exploit.HTML

Link:

https://www.hybrid-analysis.com/sample/160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1755361

Signature

JavaScript file contains suspicious strings

JavaScript source code contains functionality to generate code involving a shell, file or stream

JavaScript source code contains functionality to generate code involving HTTP requests or file downloads

Multi AV Scanner detection for submitted file

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

System process connects to network (likely due to code injection or exploit)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b

Gathering data

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b/

Verdict:

Malicious

Threat:

Family.AGENTTESLA

Link:

https://tip.neiki.dev/file/160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-08-12 13:49:58 UTC

File Type:

Text (JavaScript)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cyh7l2st562yfzh5bbi553opc6iqfjuj5uqvdthgumq2pmzpzvfq._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b

68ad50d49315a68f6107433dc8fe62450dbf8770a3def940670606b7f1793cfa

b7a175b599e1849896c9ca2f35c564505c42f190bbedb933af96003c20cf49bb

b87a9cfde8da07e2c8d391911ba9350ecf8c8b020e934aa8d63ecc5d732021e9

c19343011218a82e30fcd0682ec99f0f1dd4c8a1b5fa1bc11d5e673e7a7ab2ae

d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

+ 171 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

execution

Link:

https://tria.ge/reports/250812-q3ey8sdk8x/

Behaviour

Command and Scripting Interpreter: JavaScript

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/160ff5ea53efb582e4fd0851deedcf179102a689ed2151cce6a321a7b32fcd4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample