MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec
SHA3-384 hash:	6b13e86a2b8480af14169dd936c32e698d44037cae0ff639d4f359caa7f7fe9078456b0254dd30f16b796eaadeb76183
SHA1 hash:	5e6a687d4f8ccba5b518ded14d8187e26d12d077
MD5 hash:	8713845503127184d11604072b5de0dc
humanhash:	uranus-india-wolfram-artist
File name:	HGJO9876789.JS
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	3'472'966 bytes
First seen:	2026-05-08 10:30:40 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	98304:hTqmwrFs0CmgB12NWJ1vGUoKwSgQqbZ+5BLCGkXXrUMtPLiAeepLc9V2nWD1:1Os9hBoN0ToBSgQq1+nLCGkHAMtTiRe+
TLSH	T177F5294927DAA5337768EB9C8236ED30990E501314CADF28356EE238351DD57E31BAE3
Magika	javascript
Reporter	abuse_ch
Tags:	AgentTesla js

Intelligence

File Origin

# of uploads :

# of downloads :

112

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.31320.UNOFFICIAL

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug dropper evasive formbook lolbin obfuscated obfuscated packed persistence repaired schtasks

Link:

https://www.filescan.io/uploads/69fdbb5f792fe2d217adca6e/reports/528ee3f5-24d3-41ac-91db-e6298bd19939/overview

Verdict:

Suspicious

Labled as:

JS/Obfus.A.gen

Link:

https://www.hybrid-analysis.com/sample/4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec

Verdict:

Malicious

File Type:

First seen:

2026-05-08T03:43:00Z UTC

Last seen:

2026-05-10T06:33:00Z UTC

Hits:

~100

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic Trojan-Spy.Stealer.FTP.C&C Trojan-PSW.Agensla.TCP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan-Dropper.Script.Generic

Link:

https://opentip.kaspersky.com/4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1910633

Signature

Found potential dummy code loops (likely to delay analysis)

JavaScript source code contains functionality to generate code involving a shell, file or stream

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Download SVG

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec/

Verdict:

Malicious

Threat:

Family.DONUTLOADER

Link:

https://tip.neiki.dev/file/4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec

Threat name:

Script-JS.Spyware.Negasteal

Status:

Suspicious

First seen:

2026-05-08 10:31:53 UTC

File Type:

Binary

AV detection:

8 of 24 (33.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jqjzfb6gcluz6cfay2hn5lobgh4pn6szfmpwqcb54t2kxngfchwa._file

Result

Malware family:

donutloader

Score:

10/10

Tags:

family:agenttesla family:donutloader discovery execution keylogger loader persistence spyware stealer trojan

Link:

https://tria.ge/reports/260508-mkhevsfy3v/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Looks up external IP address via web service

Checks computer location settings

Executes dropped EXE

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Detects DonutLoader

Family: AgentTesla

Family: DonutLoader

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4c139287c612e99f08a0c68edeadc131f8f6fa592b1f68083de4f4abb4c511ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample