MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5
SHA3-384 hash: 24b9bbfa20bc8e6884f7d83a9ff9e655999d8af3735ec8d75ba2f16961779e96a5639668ce315e1b82a6a5e83d67b621
SHA1 hash: 1326b6bec18dee375ba4a30a5d0127f3f14bc179
MD5 hash: f212d1ac866ed073a6ee1dbb87335e09
humanhash: autumn-low-violet-berlin
File name:All_Tender_Documents_Al_Sahel_Contracting.js
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'242 bytes
First seen:2025-08-05 08:35:05 UTC
Last seen:2025-08-05 08:40:43 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 48:R4mOOERaMwT3liXn8u5Jy7eT/N74UbBYhUq+s0etEgBh+TEHRG3:GVwA5JyaT174YumN3qxwUg3
TLSH T11A4175DDB94171C107571A979C4B8B47E326DD28649EDA10F122F4D43C2C738DA6FB91
Magika javascript
Reporter cocaman
Tags:AgentTesla js

Intelligence

File Origin
# of uploads :
5
# of downloads :
67
Origin country :
CH CH
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Obfus-2583.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6891c25a1e8a59ee04e57d13
Tags:
dropper virus spawn
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1750371
Signature
JavaScript file contains suspicious strings
JavaScript source code contains functionality to generate code involving a shell, file or stream
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
JScript performs obfuscated calls to suspicious functions
Multi AV Scanner detection for submitted file
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: WScript or CScript Dropper
System process connects to network (likely due to code injection or exploit)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5
Gathering data
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxvhboi7rjsocz6fexidaqbcpmtd7lcbygtohh7f2qvhq4duu3kq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
error
AgentTesla
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/250805-khak5asrv8/
Behaviour
Command and Scripting Interpreter: JavaScript
Blocklisted process makes network request
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3dea70b91f8a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AlphaCrypt
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c8fade9a9a9c7ff763d9914b3cba1131870b62e1a9b5ba5be421cc6ff245b94a

AgentTesla

Java Script (JS) js 3dea70b91f8a64e167c525d03040227b263fac41c1a6e39fe5d42a787074a6d5

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 c8fade9a9a9c7ff763d9914b3cba1131870b62e1a9b5ba5be421cc6ff245b94a
  
Dropped by
MD5 3ed065f6839dd9e0a80b5e3822b5feef
  
Dropped by
SHA256 356333d636d97b2f899c2547fcd584682e11dc7b912d23c6d99a1f9eddf74e98
  
Dropped by
MD5 96781ada1ed109a22821be497c5c8f73

Comments