MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb
SHA3-384 hash: ca5b0bacc878d45915eb6f94e865fecb7edb1810901e709e4f39ba56dac7140a30776a22218e83d684b61fb69768b308
SHA1 hash: 9e5d5769805e73cc211c03cd49fb8f35612decdc
MD5 hash: 7f8ea0df17ad7196e1bf4154aad01978
humanhash: black-cola-avocado-spaghetti
File name:SO# A56DX04471.js
Download: download sample
Signature AgentTesla
Create hunting rule
File size:325'718 bytes
First seen:2026-04-07 12:08:35 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:XoLwDYT3dDDnTNNZwK45C4ouvXKoLBt+0G4TQyi8J432p3Rn:4Lw8ZDDnTNNZPwC0K+I964qp
Threatray 3'708 similar samples on MalwareBazaar
TLSH T1F464CF42E2F91014B8FF5F98857A85815976FE662E2ED4EC14180C6C8A68F46CDF3B37
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika txt
Reporter James_inthe_box
Tags:AgentTesla exe js

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
US US
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.JS.Starter.147.32191.28384.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d3c9e06a61012f6acf60a6
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
repaired
Link:
https://www.filescan.io/uploads/69d4f40e00ad3636940dcd94/reports/c8c6c6f4-e1e1-4ab8-90d0-344bdf9305ce/overview
Verdict:
Malicious
Labled as:
TR/VBS.Obfuscated
Link:
https://www.hybrid-analysis.com/sample/fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb
Verdict:
Malicious
File Type:
js
First seen:
2026-04-06T02:23:00Z UTC
Last seen:
2026-04-09T07:34:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb/results?tab=lookup
Score:
7%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb/
Threat name:
Win32.Trojan.Qwexlafiba
Create hunting rule
Status:
Malicious
First seen:
2026-04-06 09:22:13 UTC
File Type:
Text (JavaScript)
AV detection:
10 of 37 (27.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kewxxt6lmg7qzryxzaa6pahxretczhccqhmak7rgbpp4couu7fq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
11bf8c110a1318e8cf0d72d634fdc6a9a012586d782bda04c64cb58a45bd997c
AgentTesla
4c21680fbb3fd1374847b398856522357b7a388ec559ac4a583487a4929b365e
AgentTesla
55321417acdb619425cdcc1b1efce657f8a570cf013897bfbafef3232270970c
AgentTesla
8b0b3f6815884eb2899048e83b6e496b85024abaf2931ac98f255f8207f6e47e
AgentTesla
afe92b2d15043b10ec2fde12c06a011bf7f4e1eba1fc142aa8eebe157730e4b7
AgentTesla
c140797c9149ceb0cc39430a291caa6dfc2f92cd07d5b6b15cf6758f7093d7b3
AgentTesla
cc97f068f53b20a3072d5c63553609d02916716fcc9f4f333a173a5a3c0aa830
AgentTesla
ce8cdbdac7f2dc6b5b8068a910e3309c97bf897904753447ed842d4fef60cdb6
AgentTesla
de1f0c95e384774d387b2249b92d7e231a7a5f6c530d94453ca154fcc7d88155
AgentTesla
error
AgentTesla
+ 3'698 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla execution keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/260407-pbtgwagt9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
AgentTesla
Agenttesla family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fa896bde7e5b0df86638be400f3c07bc493164e2140ec02bf1305efe09d4a7cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments