MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c
SHA3-384 hash:	09499c294ae2752704896d709f464e8fdf561496e2f2a4e3bbff6bc623f43e43f4ac625c79d498bd73a974380c18853d
SHA1 hash:	fb786c5270273fd7792f6550d07d0b9df0c512e3
MD5 hash:	d244a98d96cdc337dff5d8eec36016d2
humanhash:	victor-foxtrot-south-fruit
File name:	FRIDASYconstraints.vbs
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	62'652 bytes
First seen:	2025-08-08 15:11:32 UTC
Last seen:	2025-08-09 12:34:21 UTC
File type:	vbs
MIME type:	text/plain
ssdeep	384:6Kws5K6qn28Cas1wGWpD52wQBfvHjeNwkJEecawVf7CtMN1r2QewpJNHQWpEcawM:nYZBVLv1vflXpMhiUH3nq
Threatray	3'810 similar samples on MalwareBazaar
TLSH	T11153BAB456151F02B4911A722B41B9CC4F36F23289CC2B2A5BCF6FC666E4F5CEC5391A
Magika	vba
Reporter	pr0xylife
Tags:	AgentTesla vbs

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/19704/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=689613ae1e8a59ee04e78118

Tags:

obfuscate xtreme spawn

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 evasive obfuscated obfuscated overlay powershell threat

Link:

https://www.filescan.io/uploads/689613ac9ef4d2ff7cf2c103/reports/9cf69e02-6a17-49ee-80e6-0a98fda9547f/overview

Verdict:

Suspicious

Labled as:

VBS/Agent.CEJ2

Link:

https://www.hybrid-analysis.com/sample/d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c

Verdict:

Malware

YARA:

3 match(es)

Tags:

Batch Command DeObfuscated Html PowerShell PowerShell Call VBScript WScript.Shell

Link:

https://app.malva.re/file/d244a98d96cdc337dff5d8eec36016d2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c/

Verdict:

Malicious

Threat:

NetTool.PowerShellUA.HTTP

Link:

https://tip.neiki.dev/file/d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c

Threat name:

Script-WScript.Spyware.Negasteal

Status:

Malicious

First seen:

2025-08-08 15:12:24 UTC

File Type:

Binary

AV detection:

10 of 22 (45.45%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2jkzd4dcp6mi5xhlcl6233zq4sufnmp2afxrabb434rxtlbdjmwa._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery execution keylogger spyware stealer trojan

Link:

https://tria.ge/reports/250808-skx37shp3s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

AgentTesla

Agenttesla family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d25591f0627f988edceb12fdadef30e4a856b1fa016f10043cdf2379ac234b2c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/19704/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample