MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383
SHA3-384 hash: aafb52bee5e08aba70d26d5f09d885dbdc4b9e5dced3f12cb8d0746d983e52f7227a6b76cf479eca52a1eac40142be16
SHA1 hash: a1a5a60ddc0da56550a341a08463f458b74dd22d
MD5 hash: 5feecadf232a069e5b9f9c3ca29ed7ab
humanhash: oxygen-beryllium-spring-table
File name:RICHIESTA DI INFORMAZIONI SUL PRODOTTO_3247845.JS
Download: download sample
Signature AgentTesla
Create hunting rule
File size:7'197'030 bytes
First seen:2026-06-10 13:28:44 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 98304:mIJV6SzDqUU7ep8Y4UTyh9NFCPKvtkzML1APRxCzJP0ZwYCwEgLdlZPKf9J4:BDqD84Jh9NFuyWzOAr+JPawYpLpcJ4
Threatray 196 similar samples on MalwareBazaar
TLSH T1ED7661310354C671C1685EA72A99716D240D4DCFD8F9FB023B6B9BB5027A932E2BB770
Magika javascript
Reporter JAMESWT_WT
Tags:AgentTesla ftp-enogcaen-br-com js Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a29668934eaf30d8ce486bf
Tags:
virus lien blic hype
Verdict:
Malicious
Labled as:
JS/Agent.DLR
Link:
https://www.hybrid-analysis.com/sample/ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383
Verdict:
Malicious
File Type:
js
First seen:
2026-06-07T20:50:00Z UTC
Last seen:
2026-06-11T12:14:00Z UTC
Hits:
~10000
Detections:
BSS:Trojan.Win32.Generic HEUR:Trojan.Script.Generic HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan-Downloader.Script.Generic Trojan-PSW.Win32.Stealer.sb Trojan-Downloader.JS.Cryptoload.sb Trojan.Win32.Shellcode.sb Trojan.Win32.Agent.sb Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb
Link:
https://opentip.kaspersky.com/ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-06-08 03:04:32 UTC
File Type:
Binary
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=76ywlzqomsmjklgwq6bobrtiutgz7prbuulddhjlt2wnza26iobq._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
agenttesla
Create hunting rule
Similar samples:
1497f3ac5cea6ff1326aff8c3e774fe5a67dff656d1fb9e212307bad5300d9fe
AgentTesla
2d6c2f5c0122193732dbb6749994c5e6286e456545e012d47d4ec7f4d5abe7ce
AgentTesla
34e1551055a3db36eea0438f165ab00b60c47e503e8af3f8ecc9aca66c4ffb13
AgentTesla
4f0f7232dc36c768cd481ee494acc71c1de3581e46776d2ab6707ef8b225a3e6
AgentTesla
5060df36d2b6701839279f5ac009ecf132a4659afd568eafcfa3a215a2b734e8
AgentTesla
76e089a21b93f2349ca1dacfd8d4fae4b57702f302103a83ca7c0d988991100e
AgentTesla
8fe592d0af4913f9cc100a369c358bd7463dc94d2d5a1d7e9bf824be2e26b268
AgentTesla
aa0f0b7c3e070ff4c61eb188fb1121a3c7cd553dfe5df8d2f089498e7b08abd7
AgentTesla
b22c56c0c809bda92b3a5d1eb81c035235263e3bd2d126841345bcf1ee43b458
AgentTesla
b853b61b0ac822b0544f86220bf521bb640c2de25d6de7fe1a92bceecebc3c09
AgentTesla
+ 186 additional samples on MalwareBazaar
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:donutloader collection execution keylogger loader spyware stealer trojan
Link:
https://tria.ge/reports/260610-qrj4tacx8l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Detects DonutLoader
Family: AgentTesla
Family: DonutLoader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/ffb165e60e6498952cd68782e0c668a4cd9fbe21a516319d2b9eacdc835e4383

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments