MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 789843148af8202a575e81a00bb855e9c35f26fc8a1fb3b422bc75a257eac6bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments

SHA256 hash: 789843148af8202a575e81a00bb855e9c35f26fc8a1fb3b422bc75a257eac6bf
SHA3-384 hash: 213e939d6506b92bfa1ddfc9dcace7b5970ea23e7aff1521aabcc31701df3847ab21fec3d9af29f3465189ac6cb3eb38
SHA1 hash: b9bc21fbee2371a3db57c0d00defbb36162d0b21
MD5 hash: d18e57e802f8c3984588077736aa6a12
humanhash: south-coffee-steak-mississippi
File name:invoice_2026 & packing list.JS
Download: download sample
Signature AgentTesla
File size:5'841'289 bytes
First seen:2026-07-14 09:44:04 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 98304:Crfmol5lybTXdR15xxHob7UgPnC3Jw3KXQp97G8g:Cru+5s/1/xIM0UM9W
Threatray 222 similar samples on MalwareBazaar
TLSH T1A146F803A957910BA74E475E99B2F6C9E81A2D2BF4136447B02CDC68E3DBD5372AD033
Magika txt
Reporter JAMESWT_WT
Tags:AgentTesla ftp-enogcaen-br-com js

Intelligence


File Origin
# of uploads :
1
# of downloads :
139
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
90.2%
Tags:
spawn lien blic hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug downloader dropper evasive masquerade obfuscated obfuscated packed repaired xloader
Verdict:
Malicious
File Type:
js
First seen:
2026-05-31T11:06:00Z UTC
Last seen:
2026-07-16T06:00:00Z UTC
Hits:
~10000
Gathering data
Threat name:
Script-JS.Trojan.Cryxos
Status:
Malicious
First seen:
2026-05-31 16:54:50 UTC
File Type:
Binary
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Result
Malware family:
donutloader
Score:
  10/10
Tags:
family:agenttesla family:donutloader collection execution keylogger loader spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Detects DonutLoader
Family: AgentTesla
Family: DonutLoader
Malware family:
DonutLoader
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments