MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e
SHA3-384 hash: 7450a20bb31ff462dae2132fbdefb7a1e385b75028824f197d8713243516d7426263a36a229996c2102f4fdc07066df6
SHA1 hash: 431be94afedff3277858c9aec1f1fc34ef82807d
MD5 hash: 51473b164b51a41ba4e8245ee14cf698
humanhash: berlin-six-ten-alanine
File name:Invoice Copy.js
Download: download sample
Signature AgentTesla
Create hunting rule
File size:140'768 bytes
First seen:2025-05-17 14:37:25 UTC
Last seen:2025-10-14 15:41:22 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 384:xgR0tGuQWuRTxxp7tivHtuAQiQTetXaxXrTj/k8qUeywtTkUC9aCDQPtgek8a5tb:Teh
Threatray 3'421 similar samples on MalwareBazaar
TLSH T1A0D343A94A51D7106B11392B247CF05C1D38B1DBAD428F2B1D9AC6B3F8049E911FB7DB
Magika javascript
Reporter abuse_ch
Tags:AgentTesla detarcoopmedical-com js

Intelligence

File Origin
# of uploads :
2
# of downloads :
465
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.DownLoader.7189.22648.7948.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68289f3b375681df7c1a16fb
Tags:
obfuscate xtreme virus lien
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 evasive masquerade obfuscated overlay powershell
Link:
https://www.filescan.io/uploads/68289f610de036ed65aa9855/reports/18cec220-85ac-4ee2-b3f7-04a8cd834eb4/overview
Verdict:
Malicious
Labled as:
SVM:TrojanDownloader/JS.Nemucod
Link:
https://www.hybrid-analysis.com/sample/8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1692916
Signature
Found suspicious powershell code related to unpacking or dynamic code loading
Found Tor onion address
JavaScript source code contains functionality to generate code involving a shell, file or stream
Joe Sandbox ML detected suspicious sample
JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e/
Threat name:
Script-JS.Spyware.Negasteal
Create hunting rule
Status:
Suspicious
First seen:
2025-05-17 13:01:02 UTC
File Type:
Binary
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qgmkz2l4n6i4v3e47swxtqwcsdmcnnjybtfb64hwymvsunwwxbxa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
07a75cdd85c71401db2a2113bf4f1745a1f14b245bce04ee14b5627b1a1f3dbc
AgentTesla
16edb0616999e8de73e3abbd4affbce262b75c5d018f59398f1c4271b2e61d76
AgentTesla
1723b52fb0a05e96e165eda1385729bc64d02ae86afaaa3d1661637ec2d27192
AgentTesla
36714617ab3acacb11df096fb64e7ced344b241ebfdd501a60077c931c89577a
AgentTesla
41220d0304516a04981dfea3b403bed3924ef4efd6a478b4020dfab8f84f44c8
AgentTesla
61d6d15b22aed7572cca9b5785f07f02eec562a4142c2fb8605dabc89d7710b5
AgentTesla
7c9332df56fc0061fc832475af43d1c94636a5f8710011b3952dc98716f20899
AgentTesla
866c916a2040b1c1c987ec0c50f8a98e799fe1870a4ebc1ea82863b6e5541b4f
AgentTesla
c35922ffe621f1719e7346a3fa7ba779766c44481ed2ad785782cc7bf693376c
AgentTesla
e89b634d136f2f8225bda5976d9df792dacec6b9df7a49e6a41dade2dcfc29c8
AgentTesla
error
AgentTesla
+ 3'411 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/250517-rzzd5svns9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
AgentTesla
Agenttesla family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8198ace97c6f91caec9cfcad79c2c290d826b5380cca1f70f6c32b2a36d6b86e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments