MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491
SHA3-384 hash:	2fa9acc6afa3afd1ed3e8dc8594bdcb8a81f98b484ed6e78b95b80b7fdf352343211bae4fb8e157468ed691563898e51
SHA1 hash:	0578b541a79b38140e8f8ddaa2abbbc94a2c5fde
MD5 hash:	7ff54120b12600735efabc6045924eff
humanhash:	kilo-jupiter-xray-michigan
File name:	SECONDFILEEEE.js
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'166 bytes
First seen:	2025-08-12 13:40:35 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	48:7cx4S/wSk1VX1ujeH4sKVZKLWNo+O2TEurLyg:OR/wBCjeHqALV+Oexj
Threatray	179 similar samples on MalwareBazaar
TLSH	T1ED41B48E3D83B0900B97D9D7AD5E4B4BE266DC5C205EE502F122F0D83C6CB79926F664
Magika	javascript
Reporter	abuse_ch
Tags:	AgentTesla js

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=689b4478fca70bd90e8effe0

Tags:

dropper spawn micro

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive obfuscated

Link:

https://www.filescan.io/uploads/689b46039ef4d2ff7cf87254/reports/3e95d08a-4d71-45aa-a558-0c1569adcbce/overview

Verdict:

Malicious

Labled as:

Exploit.HTML

Link:

https://www.hybrid-analysis.com/sample/d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1755360

Signature

JavaScript file contains suspicious strings

JavaScript source code contains functionality to generate code involving a shell, file or stream

JavaScript source code contains functionality to generate code involving HTTP requests or file downloads

Multi AV Scanner detection for submitted file

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

System process connects to network (likely due to code injection or exploit)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491/

Verdict:

Malicious

Threat:

Family.AGENTTESLA

Link:

https://tip.neiki.dev/file/d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-08-12 13:53:39 UTC

File Type:

Text (JavaScript)

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2xtlx7jj2cbx4osgsax34v5l546hycbeqnp75nohsduugi7sgsiq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

821f9b019ac21f81b607e39ef4bd07993ac46e2a604b2a969928f32ff76094dc

AgentTesla

b7a175b599e1849896c9ca2f35c564505c42f190bbedb933af96003c20cf49bb

AgentTesla

b87a9cfde8da07e2c8d391911ba9350ecf8c8b020e934aa8d63ecc5d732021e9

AgentTesla

c19343011218a82e30fcd0682ec99f0f1dd4c8a1b5fa1bc11d5e673e7a7ab2ae

AgentTesla

d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

AgentTesla

error

AgentTesla

+ 169 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

execution

Link:

https://tria.ge/reports/250812-q3p47sdk81/

Behaviour

Command and Scripting Interpreter: JavaScript

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AlphaCrypt

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d5e6bbfd29d0837e3a46902fbe57abef3c7c0824835ffeb5c790e94323f23491

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (FORCE_INTEGRITY)	high

Reviews

ID	Capabilities	Evidence
AUTH_API	Manipulates User Authorization	ADVAPI32.dll::ConvertSidToStringSidW ADVAPI32.dll::ConvertStringSecurityDescriptorToSecurityDescriptorW
SECURITY_BASE_API	Uses Security Base API	ADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetDriveTypeW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleW KERNEL32.dll::ReadConsoleW KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::FindFirstFileW KERNEL32.dll::RemoveDirectoryW KERNEL32.dll::SetDllDirectoryW
WIN_USER_API	Performs GUI Actions	USER32.dll::PeekMessageW USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample