MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 244c62ef5913051fb08d69f1eef5e72dde85afde90e1c5f015965d1e4f089a42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 244c62ef5913051fb08d69f1eef5e72dde85afde90e1c5f015965d1e4f089a42
SHA3-384 hash: 54ae3ffd806a76685722c08e3d4a739a5af25477a642097d259c0c700132442ce9aea2d99a6dcf5319959268050c163b
SHA1 hash: 3b962d637c119a3722584dacff072060cf1265b4
MD5 hash: 922b18dd4d09458db1443b7b6e392dfb
humanhash: quebec-lactose-jupiter-hotel
File name:Yak_Final.cmd
Download: download sample
Signature AgentTesla
File size:4'324'298 bytes
First seen:2026-04-29 08:08:15 UTC
Last seen:2026-04-30 10:19:21 UTC
File type:cmd cmd
MIME type:text/plain
ssdeep 49152:fad/J22W1jG+gr4+Px+nbVRxsfRjgkxV1TqpeBjA:P
TLSH T105168EC26C2B14D0CB4D77CEF7264F8D37588A487A20BEC9B7E96A88371215E9C6D534
Magika pem
Reporter jahlives
Tags:AgentTesla cmd exe-in-archive spamtrap

Intelligence


File Origin
# of uploads :
13
# of downloads :
137
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
certutil cscript lolbin
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-29T02:48:00Z UTC
Last seen:
2026-05-01T06:01:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Win32.Disco.sb Trojan-Downloader.JS.Cryptoload.sb PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic HEUR:Trojan.BAT.Obfus.gen Trojan.Win32.Agent.sb Trojan-PSW.MSIL.Agensla.sb HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan-Downloader.Script.Generic Trojan.Win32.Shellcode.sb Trojan-PSW.Win32.Stealer.sb
Result
Malware family:
donutloader
Score:
  10/10
Tags:
family:agenttesla family:donutloader defense_evasion discovery execution keylogger loader spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Deobfuscate/Decode Files or Information
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Detects DonutLoader
Family: AgentTesla
Family: DonutLoader
Malware family:
DonutLoader
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments