MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee4de5d784964681a4daddc1e45f04310e4d3ed224a6522ac7fadf669d524da9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ee4de5d784964681a4daddc1e45f04310e4d3ed224a6522ac7fadf669d524da9
SHA3-384 hash:	b19c6efb3b96bde54f4ec56d20800994cb7a6d1cddfc21cbb3e3b393722c7a7aa12e469046a6447a0dacfc6c3295ea92
SHA1 hash:	e5419a6e14f0aae336ca9d27c6c3d482cb315943
MD5 hash:	23292695a67836c834641b6ade4a99fb
humanhash:	fillet-vermont-golf-pip
File name:	New Order 1-4-2021_PDF.gz
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	421'473 bytes
First seen:	2021-04-01 07:28:17 UTC
Last seen:	Never
File type:	gz
MIME type:	application/x-rar
ssdeep	6144:b8UdKb0pkwS/jNWhjzNnuqojV33IRKAdz/e5HMsa5i3qRK8neAaLBOskUgOMJMtK:xs0FeRc25HMLM2KHAaLEskoMOt69
TLSH	3194239EEEAEE8D77D1F7D0C772289BD3F0AC193C6A496AD04D29671D04478C2CB0295
Reporter	abuse_ch
Tags:	gz

abuse_ch

Malspam distributing unidentified malware:

HELO: agarwalpipe.com
Sending IP: 45.144.225.211
From: Elie Abdel Ahad <ritesh@agarwalpipe.com>
Subject: Re: NEW ORDER
Attachment: New Order 1-4-2021_PDF.gz (contains "New Order 1-4-2021_PDF.exe")