MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e
SHA3-384 hash:	d864fd0e389814445cc8eea52aa5d06c691dcf8466cc1611ec2d65fe48ba09414a68cc3f5a1c842c36a0c391a8c53ba5
SHA1 hash:	09fded1a6d8fa600ef544ede4afad3c84e25f07f
MD5 hash:	f40dc6f22c1e0c0ffd116b1d5c2391e6
humanhash:	item-stairway-sodium-cup
File name:	PO-2022KL0106.js
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	374'506 bytes
First seen:	2026-04-01 15:31:12 UTC
Last seen:	2026-04-01 15:40:02 UTC
File type:	js
MIME type:	text/plain
ssdeep	6144:hMM4yPLhnXJVDkxrRWGC3wR1AEAo+dttn2Dk5zKd5Y73WYtkn7gkYVM6AYKRh/RG:hMGDhnXj+4GCARyEAJ3t2QxKd5omekny
Threatray	3'716 similar samples on MalwareBazaar
TLSH	T1F0845A0297F98408F5F74F58AA7A10A14A77BE561D39C06C16A9250E1BF3A18CCF5BF3
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	vba
Reporter	abuse_ch
Tags:	AgentTesla js

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

118

Origin country :

SE

Vendor Threat Intelligence

ACCE

Gathering data

CyberFortress Clean

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cd3a4e6363ca5d27f0a2ba

Tags:

n/a

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

repaired

Link:

https://www.filescan.io/uploads/69cd3a4500ad36369409c9c9/reports/719cfab3-c2cc-45a6-900c-43d4d28021fd/overview

Hybrid Analysis Unknown

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

js

First seen:

2026-03-31T03:55:00Z UTC

Last seen:

2026-04-03T07:19:00Z UTC

Hits:

~100

Detections:

PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e/results?tab=lookup

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1892288

Signature

Bypasses PowerShell execution policy

Creates an undocumented autostart registry key

Joe Sandbox ML detected suspicious sample

JScript performs obfuscated calls to suspicious functions

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious PowerShell Parameter Substring

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

WScript reads language and country specific registry keys (likely country aware script)

Yara detected Powershell decode and execute

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Susipicious

Score:

54%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e

Malva.RE

Gathering data

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e/

Neiki Family.AGENTTESLA

Verdict:

Malicious

Threat:

Family.AGENTTESLA

Link:

https://tip.neiki.dev/file/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e

ReversingLabs TitaniumCloud Script-JS.Trojan.Heuristic

Threat name:

Script-JS.Trojan.Heuristic

Alert

Create hunting rule

Status:

Malicious

First seen:

2026-03-31 07:51:45 UTC

File Type:

Text (JavaScript)

AV detection:

7 of 36 (19.44%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jqqwqd53h7itoschwomikzjcgv5xuoeoyvm2yssygsd2jeu3gzpa._file

Threatray agenttesla

Verdict:

malicious

Label(s):

agenttesla

Alert

Create hunting rule

Similar samples:

55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c

AgentTesla

7101b18d8de608de1c618f221e5bbab6c95973b0a1088c28f384ba3e9c008488

AgentTesla

8b0b3f6815884eb2899048e83b6e496b85024abaf2931ac98f255f8207f6e47e

AgentTesla

afe92b2d15043b10ec2fde12c06a011bf7f4e1eba1fc142aa8eebe157730e4b7

AgentTesla

b6435d167628a91820c8440d2fbf10fe6f823e64c33a597eca56021322c47bb4

AgentTesla

c140797c9149ceb0cc39430a291caa6dfc2f92cd07d5b6b15cf6758f7093d7b3

AgentTesla

ce8cdbdac7f2dc6b5b8068a910e3309c97bf897904753447ed842d4fef60cdb6

AgentTesla

error

AgentTesla

+ 3'706 additional samples on MalwareBazaar

Hatching Triage agenttesla

Result

Malware family:

agenttesla

Alert

Create hunting rule

Score:

  10/10

Tags:

family:agenttesla execution keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/260401-sx6wwadx3l/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Checks computer location settings

Registers new Windows logon scripts automatically executed at logon.

Badlisted process makes network request

AgentTesla

Agenttesla family

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e