MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62b5b78f80d371eb50e98ce67a45df37192936498e88f2184366631c95eb81db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments

SHA256 hash: 62b5b78f80d371eb50e98ce67a45df37192936498e88f2184366631c95eb81db
SHA3-384 hash: 1908386b75cd14fde1e7bb2e381f53e1aca5f092b800a7971f9e5a073801241d3bebb52b9691da8525532a4636f42d2d
SHA1 hash: 0d01413b0b092183bb637314bdf9198bccc159fd
MD5 hash: 30311b353d0d58b34e7c1d855479a16e
humanhash: chicken-alpha-oklahoma-low
File name:PO_#3334.js
Download: download sample
Signature AgentTesla
File size:1'845'748 bytes
First seen:2026-06-29 12:40:58 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:HPf0UMLCCb8jP37ZmkmdTnRkUIteM2wKWYfk8Alqu:4/vw
TLSH T1AE85D728DBA24A599761E72A4DFA0446AE4F77933BCBDD0834BF0FCD43125E1A67052C
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika txt
Reporter James_inthe_box
Tags:AgentTesla exe js

Intelligence


File Origin
# of uploads :
1
# of downloads :
148
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
90.2%
Tags:
obfuscate virus shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 conhost obfuscated powershell repaired
Verdict:
Malicious
File Type:
js
First seen:
2026-06-24T02:49:00Z UTC
Last seen:
2026-06-30T01:02:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic
Gathering data
Threat name:
Script-JS.Trojan.Redirector
Status:
Malicious
First seen:
2026-06-24 08:41:17 UTC
File Type:
Text (JavaScript)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla collection defense_evasion execution keylogger persistence spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Obfuscated Files or Information: Command Obfuscation
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
Family: AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments