MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced
SHA3-384 hash: 4d629649ecb3e15db24a0213c97d47a6aecef7771ea5b0124468446a6fc4c905debe26a9029b6062414d526d42eba7ff
SHA1 hash: 04618431cf75b803c7d84058527ed618ce138ef8
MD5 hash: 7b4561477757da0c8df47044978f5c14
humanhash: mockingbird-don-india-lithium
File name:2602181 AR Down Payment Invoice Yccnet.JS
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'343'046 bytes
First seen:2026-06-29 12:33:59 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 98304:1HkmFkfcUNGxaQfz3JMGa5H2VsWuYMJv5oEnr5F7K1bVzuBnUmkFjA:1LLez5ttv5oEr5F7AVzuBnYjA
Threatray 211 similar samples on MalwareBazaar
TLSH T1F7F5E8109768A1776125E7AC953BDE78944F600318EACF1A349ED328B91CD4B97C8BF3
Magika javascript
Reporter James_inthe_box
Tags:AgentTesla exe js

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.31320.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a42664f86bc95245bfaa246
Tags:
agenttesla lien
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
agenttesla anti-debug dropper evasive masquerade obfuscated obfuscated packed repaired
Link:
https://www.filescan.io/uploads/6a42664ce1921c73c4dfc347/reports/8b895540-cfe2-40e8-977d-db9c5236c97f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced
Verdict:
Malicious
File Type:
js
First seen:
2026-06-27T07:51:00Z UTC
Last seen:
2026-06-29T09:31:00Z UTC
Hits:
~1000
Detections:
Trojan.Win32.Agent.sb Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan-Dropper.Script.Generic Trojan.Win32.Shellcode.sb Trojan-PSW.Win32.Stealer.sb Trojan-Dropper.JS.SDrop.sb HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced/results?tab=lookup
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced
Gathering data
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced/
Verdict:
Malicious
Threat:
Family.DONUTLOADER
Link:
https://tip.neiki.dev/file/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced
Threat name:
Script-JS.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2026-06-27 12:02:32 UTC
File Type:
Text (JavaScript)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hin6okrqseswc7h47lkrmxdcdroqcscjkk7sb3kx2uepawt7twq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
donutloader
Create hunting rule
Similar samples:
0fa25fe613da2ec00cd97ac83ccf8e5b510a423ff460be030d71cdc48befc06f
AgentTesla
1497f3ac5cea6ff1326aff8c3e774fe5a67dff656d1fb9e212307bad5300d9fe
AgentTesla
22664b468509d5a3ef8d156c623b64fd1acf1ebb19d175af6990cfac6178b557
AgentTesla
5060df36d2b6701839279f5ac009ecf132a4659afd568eafcfa3a215a2b734e8
AgentTesla
700bbe8a6f8d93252ba474406f233d41e3fe702c33ef0563f25abba14192424d
AgentTesla
76e089a21b93f2349ca1dacfd8d4fae4b57702f302103a83ca7c0d988991100e
AgentTesla
a9b214ea5cedfdd223453ad06fde148028ab31f0e6d44a37551dc1e2425125f5
AgentTesla
f8361430fa1ff9d98d30ce69d66fe7863ed9d0b9437c2373c83e627bfaae8145
AgentTesla
+ 201 additional samples on MalwareBazaar
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:donutloader collection execution keylogger loader spyware stealer trojan
Link:
https://tria.ge/reports/260629-prw8psdv61/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Detects DonutLoader
Family: AgentTesla
Family: DonutLoader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/d1d0df395184892b0be7e7d6a8b2e310e2e80a424a95f9076abea84782d3fced

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments