MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6447792486b2abbbeedcef93e06d60091b1786623099a2533a3723d5debf7e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments

SHA256 hash: d6447792486b2abbbeedcef93e06d60091b1786623099a2533a3723d5debf7e1
SHA3-384 hash: 9cea922d405edf4e84f0b269551cc94ea4aae29edba9e222c6260405c703a8e75fbd3990950c68c4baa59718b536b7ea
SHA1 hash: 0ecbd3e26dd7461fb771247e26b6accad692c51b
MD5 hash: 85dea697633ca621ff7761dc3778ff2b
humanhash: sierra-mike-papa-magazine
File name:Remittance Copy.2026-19-6.pdf.JS
Download: download sample
Signature AgentTesla
File size:3'321'761 bytes
First seen:2026-06-19 12:36:56 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 98304:FPGwgPBbMJ+ohAlYOLoRBXnB4NrckeJkx4mBmwa:1X66JC4mBmn
Threatray 401 similar samples on MalwareBazaar
TLSH T13BF57C844664FB4AD4A8CB719C0F6FE98A2F9447EE20DC03371A96798B09FC637445B7
Magika javascript
Reporter James_inthe_box
Tags:AgentTesla exe js

Intelligence


File Origin
# of uploads :
1
# of downloads :
200
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
81.4%
Tags:
spawn lien blic hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug base64 dropper evasive obfuscated obfuscated packed repaired
Verdict:
Malicious
File Type:
js
First seen:
2026-06-18T22:54:00Z UTC
Last seen:
2026-06-21T10:07:00Z UTC
Hits:
~1000
Detections:
HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic
Gathering data
Threat name:
Win32.Trojan.Egairtigado
Status:
Malicious
First seen:
2026-06-19 04:26:16 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla collection discovery execution keylogger spyware stealer trojan
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments