MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9
SHA3-384 hash:	63511a713a2d308d9fee913172f90cc9f9792fe98a258177f8ea59eff237bd20f50bc1724440785efd190df387bbd5fa
SHA1 hash:	2a5c78254b95a2244b22fd800c1c057db135c802
MD5 hash:	b795c1378f42250bd6e900ad0d704938
humanhash:	winner-sodium-pennsylvania-blossom
File name:	NEW ORDER.js
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	62'289 bytes
First seen:	2026-03-31 10:54:38 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	1536:C1edMSznJkVUiaqn4tjqXcqpPJLiHjdU9/WdGfOtZe:cSd4hKdUQxA
TLSH	T18E5373F1816D40B488ED69BE4B19F04ED846DC95B2110568B3E7ACFDF73A4B7CB404AA
Magika	javascript
Reporter	James_inthe_box
Tags:	AgentTesla exe js

Intelligence

File Origin

# of uploads :

# of downloads :

124

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

Sanesecurity.Rogue.0hr.20260330-1432.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cba81d3a18a6e1ddeffc68

Tags:

obfuscate cryxos xtreme shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm fingerprint formbook masquerade repaired

Link:

https://www.filescan.io/uploads/69cba8192346b9da57b31b58/reports/c305e782-a5c6-45f6-b4f6-f4b375a96364/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9

Verdict:

Malicious

File Type:

First seen:

2026-03-30T06:02:00Z UTC

Last seen:

2026-04-01T08:39:00Z UTC

Hits:

~1000

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9/results?tab=lookup

Score:

87%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9

Gathering data

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9

Threat name:

Script-JS.Trojan.Cryxos

Status:

Malicious

First seen:

2026-03-30 08:57:58 UTC

File Type:

Text (JavaScript)

AV detection:

11 of 38 (28.95%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3zr6bwwjzwf74jo7hlwuj7syal7bilyceemlhy2syybi7thz2luq._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery execution keylogger spyware stealer trojan

Link:

https://tria.ge/reports/260331-mz9snact7y/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Badlisted process makes network request

AgentTesla

Agenttesla family

Process spawned unexpected child process

Malware family:

HomeesNETInjector

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/de63e0dac9cd/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/de63e0dac9cd8bfe25df3aed44fe5802fe142f022118b3e352c6028fccf9d2e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample