MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c
SHA3-384 hash: 43e2b156db052c11b2770a5371ec09ce3bbf24b2e8a55e3f8fd6876c6bd3e871808bc76f095296efcb76b6d96077e771
SHA1 hash: 01fad1d4423e358737fed5246e115de74806eab2
MD5 hash: 958d9b4299993dad215fa389db0a0808
humanhash: undress-juliet-whiskey-high
File name:958d9b4299993dad215fa389db0a0808.js
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'932 bytes
First seen:2026-03-24 09:06:15 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:9bCArNyn8AOR0DCkEEY+chDgSPbJj3YU0g9TBkIO9QentUJzJSVZ4fMzP:9bCApyn8Aq0D1EEY7kSuU9CtOotU1JSR
Threatray 3'697 similar samples on MalwareBazaar
TLSH T12E746B4653F9400CF5F34F49AB7A10604AB7BE9A1C39C46D16AD240D5AF3A18D8BA7F3
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika autohotkey
Reporter abuse_ch
Tags:AgentTesla js

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69c2541c390b996474132fa0
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
repaired
Link:
https://www.filescan.io/uploads/69c254102000fc76c3fbe75a/reports/a2358d97-2cd2-4bac-a6f4-bd81b126cf76/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c
Verdict:
Malicious
File Type:
js
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c/results?tab=lookup
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1888123
Signature
Bypasses PowerShell execution policy
Check if machine is in data center or colocation facility
Contains functionality to log keystrokes (.Net Source)
Creates an undocumented autostart registry key
Found malware configuration
Joe Sandbox ML detected suspicious sample
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suricata IDS alerts for network traffic
Suspicious execution chain found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
WScript reads language and country specific registry keys (likely country aware script)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Powershell decode and execute
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1888123 Sample: lww69X2r8S.js Startdate: 24/03/2026 Architecture: WINDOWS Score: 100 25 ip-api.com 2->25 27 i.postimg.cc 2->27 39 Suricata IDS alerts for network traffic 2->39 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 8 other signatures 2->45 8 wscript.exe 1 2->8         started        11 svchost.exe 1 1 2->11         started        signatures3 process4 dnsIp5 47 JScript performs obfuscated calls to suspicious functions 8->47 49 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->49 51 Suspicious execution chain found 8->51 53 WScript reads language and country specific registry keys (likely country aware script) 8->53 14 conhost.exe 8->14         started        29 127.0.0.1 unknown unknown 11->29 signatures6 process7 signatures8 55 Bypasses PowerShell execution policy 14->55 17 powershell.exe 15 19 14->17         started        process9 dnsIp10 21 ip-api.com 208.95.112.1, 49682, 80 TUT-ASUS United States 17->21 23 i.postimg.cc 162.249.168.129, 443, 49681 PUREVOLTAGE-INCUS United States 17->23 31 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 17->31 33 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 17->33 35 Creates an undocumented autostart registry key 17->35 37 3 other signatures 17->37 signatures11
Score:
55%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c
Threat name:
Script.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2026-03-24 07:22:08 UTC
File Type:
Text (JavaScript)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kuzbif5m3nqzijonzqnr57hgk74kk4gpae4jpp5273zsgitqs4ga._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
638a1726e770addef6a1c4fa36332fc1183d2e8434b5f47c91df5c14ef7ae68e
AgentTesla
7101b18d8de608de1c618f221e5bbab6c95973b0a1088c28f384ba3e9c008488
AgentTesla
86eee13b0f15128914c9ac0b54a99f4f22a5a755593ad7ee846fdc886e3d5683
AgentTesla
b6435d167628a91820c8440d2fbf10fe6f823e64c33a597eca56021322c47bb4
AgentTesla
ce8cdbdac7f2dc6b5b8068a910e3309c97bf897904753447ed842d4fef60cdb6
AgentTesla
d5f36995dfc44e102f37faa200f0bbb4cffe348a658fd8a3ee019168b1caf9ce
AgentTesla
error
AgentTesla
+ 3'687 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla execution keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/260324-k2zz5agx5n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
AgentTesla
Agenttesla family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments