4_7_2021 phishing attacks

 



(1)

 

Sender ip

113.196.61.199

From

"Jean Clark" <service@m2.pay2go.com>"

Subject

"Payment Confirmation 04948392"

Attachment

"Payment Confirmation.img"

MD5

252556c05551372633042fcc7b142d54

SHA256

a20ab7a4f9d752a616bf2fee4c0aab0565ac9d8e442b483cb8eaa1e726103405

Family

Formbook

 

(2)

 

Sender ip

198.251.79.161

From

"Gerente de carga de DHL <pagos.fletes@dhl.com>"

Subject

"=?UTF-8?Q?Confirmaci=C3=B3n_de_env=C3=ADo_DHL_Express=23?="

Attachment

"Documentos de DHL..PDF.....gz"

MD5

e5ac41a9c6bb08961ec44ad4b201e2a8

SHA256

908b44db519efa5b664ade3863effe7d10d0e71498a57c24cb898e295cdaa49e

Family

AgentTesla

 

(3)

 

Sender ip

139.99.167.178

From

"Greg <gkontouzoglou@emproslines.com>"

Subject

"RE: OVERDUE INVOICE"

Attachment

"JANUARY OVERDUE INVOICE.arj"

MD5

6e74ee737021356a410d16ee3f974205

SHA256

01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a

Family

RevCodeRAT

 

(4)

 

Sender ip

199.10.31.238

From

"Roy Asghar <saslam@pseb.org.pk>"

Subject

"=?UTF-8?B?UmU6IOWbnuWkje+8mlB1cmNoYXNlIE9yZGVy?="

Attachment

"PURCHASE ORDER.gz"

MD5

f8f00ad041221c5225fb1487b0bfff72

SHA256

cef4f9e5b0c16f4e0778d04dff1616f74408682c923821aaf9aee9c47b867535

Family

Formbook

 

 

(5)

Sender ip

199.10.31.238

From

"Kathy <Kathy@oceanstar-inc.com>"

Subject

"Payment Confirmation // Swift Copy"

Attachment

"IMAGE01.gz"

MD5

12f29988615ba1b851b1b5a528f446fd

SHA256

549f145325d458b0f9f66368926ea22167fb6825f7c5146e68361c28071179c9

Family

Formbook

 

(6)

Sender ip

159.65.108.171

From

"sg.payment.operations-jpmorgan <sg.payment.operations-jpmorgan@335.eryfj.ml>"

Subject

"Remittance Information"

Attachment

"SG1_000000123205044_1.pdf.gz"

MD5

a8719cafb919bb69ea5928611d748c8f

SHA256

8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e

Family

AgentTesla

 

 

 

 

(7)

Sender ip

159.65.108.171

From

"sg.payment.operations-jpmorgan <sg.payment.operations-jpmorgan@335.eryfj.ml>"

Subject

"Remittance Information"

Attachment

"SG1_000000123205044_1.pdf.gz"

MD5

a8719cafb919bb69ea5928611d748c8f

SHA256

8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e

Family

AgentTesla

 

 

(8)

Sender ip

185.222.58.104

From

Allen.nilvik@163.com

Subject

Urgent Inquiry from Nilvik International

Attachment

Specification 01012_pdf.7z

MD5

2479d696a8cc14b898ab0b02bbfde8e4

SHA256

83a946ca558da288b427ca8efcf9a557632641fb0b8c3e278d014646ea7aac1e

Family

Unknown

 

 

 

(9)

Sender ip

193.252.22.212

From

info <noreply11003263@operacrorg.onmicrosoft.com>

Subject

Télécharger votre relevé fiscal

Attachment

ID638927302.js

MD5

6c71cbaba924e6472a18f002d9f84cb8

SHA256

b1cbe8f45e1df356c8fab495500f1476298ffedce26cabe3b67a7e8f878f72c3

Family

Unknown

 

 

(10)

Sender ip

45.133.1.167

From

afkim kimya <satis@afkim.com.tr>

Subject

Re: Yeni sorgu

Attachment

doc20192910887888001990.r00

MD5

02af62d99e4813a452be33a859fc9e8d

SHA256

9221fe9d8b10dded0ffe2545b8e249b3110834324ae3fff763066f944454473b

Family

SnakeKeylogger

 

 

 

(11)

Sender ip

91.212.89.55

From

namangan@akmt.uz

Subject

Fwd: B/L is wrongly

Attachment

B of L - way bill return.rar

MD5

568fa7becac49bd0989b0aace4ed86d0

SHA256

df1f19f5e23dfa70466d8fc1df2ca5e699cdbe7a2c83e077914f4ec74445088e

Family

Formbook

 

(12)

Sender ip

203.133.181.17

From

Jaeho Lee <coat8023@daum.net>

Subject

KHE RFQ No. PG6432 PROJECT Reactor/ Heat exchangers/ Materials/Equipment _KOC JURASSIC PRF Algeria

Attachment

PG6432 KHE SHELL-RFQ-Project.cab

MD5

44a7fe299bb64d278bb22d6256c651e0

SHA256

2ccd14ce326ef6916b4d7daeb220bd498ca46f52c0f4ddd1855f21cd984221cc

Family

Formbook

 

 

 

 

(13)

Sender ip

160.119.102.133

From

Martin Václavek <cc.goh@mizuwell.com>

Subject

URGENT ORDER REQUEST

Attachment

RFQ4734.zip

MD5

b3c6206c87d1bd8676efb1765c8c0989

SHA256

4c3bbfc3b926616efe05cab622cd9a8f270a2223a5dc8911900577947cc5d087

Family

AZORult

 

(14)

Sender ip

167.99.239.109

From

Damia/Navegacion SHIPPING <chew@cidc.com.my>

Subject

RE: DRAFT BL: BP899088885776 / NEW SHIPMENT (Draft Dispatch Documents)

Attachment

BL84995005038483.zip

MD5

5c3c47d30b92f01c319250946ae86961

SHA256

2c23f2c834f6d9fe89f0cde03a516eea04b945b464eae3f042e0a47fb2390a05

Family

Formbook

 

 

 

 

(15)

Sender ip

192.249.126.31

From

mail@policelife.com

Subject

EMERGENCY REPORT

Attachment

Download Report.06.05.2021.iso

MD5

90c76319bb8aeca124f93cce3f457fde

SHA256

4ceefacac5bb3d0f14563d1a884ddc4c48d41b4aa3f2a573e3449fc4f2f635f0

Family

Unknown

 

 

(16)

Sender ip

103.125.190.192

From

Natalie Tan NTAN@vikingcorp.com

Subject

PROFORMA INVOICE FOR PAYMENT URGENT!!!

Attachment

PROFORMA INVOICE.zip

MD5

099aaca5ff44fcc163a8fefebabc58c8

SHA256

d26e919fb8d6afdb6c24176ae3c33672e24a7dc9a759b9493b8a88c027613016

Family

SnakeKeylogger

 

 

 

 

(17)

Sender ip

111.93.252.4

From

zheng yunxia(鄭蘊俠) <zhengyunxia@jctrans.net>

Subject

Re: 答复: 答复 // New Order //93478944//1*20'GP//PTSHASE20060117

Attachment

New Order.gz

MD5

0b60cb4adbd7eee0f3b9a4fb32dc8dfa

SHA256

dca570fb7c9d0514639060f7230cf92f8b851c071bebe8d79b66ad5d8bbe1481

Family

Formbook

 

 

(18)

Sender ip

185.121.120.26

From

PRE-PAYMENT SWIFT COPY FOR INSTALLMENT <sales6@joyiqi.com>

Subject

SALINAN SWIFT PRA-PEMBAYARAN UNTUK PEMASANGAN

Attachment

SALINAN SWIFT PRA-PEMBAYARAN UNTUK PEMASANGAN.iso

MD5

3a20237e5ee90c6cf326477daee17bd8

SHA256

d0d8d8eb59807b54198aa881e835099cfa7abf9a1f8f28751862264931741f04

Family

Formbook

 

(19)

Sender ip

43.252.212.107

From

Damia/Navegacion SHIPPING <contactus@bloommaze.com>

Subject

RE: DRAFT BL: BPGUC21001161 / NEW SHIPMENT (Draft Dispatch Documents)

Attachment

BL836477488575.zip

MD5

c8f8c392bd5d2d53168ec6ac9c5d62dd

SHA256

a34d50edbd87c99b41bc37b2059011d778a15eb07ab66065e8eed5cd15f378fa

Family

Formbook

 

(20)

Sender ip

112.213.89.104

From

Nguyen Thi Kim Ngan <sales.ngannguyen@khanghy.com.vn>

Subject

NEW APRIL QUOTATION

Attachment

APRILQUOTATIONQQO2103060_SAMPLES_KHANG HY_CO_CORPORATION.arj

MD5

ddd5b29a63ccca6f031d825f09f3bec8

SHA256

612e53f0e6a50c86e316bdc0600ddb89f7e5b51a26c879248adcc59c65524ef9

Family

AgentTesla

 

 

(21)

Sender ip

154.16.145.158

From

DHL Express Shipment <dcc@dccsa.co.za>

Subject

AWB: #76659011 DH-EXPRESS SHIPMENT

Attachment

DHL_SHIPMENT_ADDRESS_CONFIRMATION_00000001.zip

MD5

b3a2891aa9ed727b531fab9055550c4e

SHA256

526bc2e829b771d094b6c6d8a17aa2b8111e5291ca345a313a56fecd7a63b7c2

Family

AgentTesla

 

(22)

Sender ip

89.31.76.247

From

Pham Thanh Tung <fo@gachmpdtamt.com>

Subject

RE RE: RE RE: RE RE: RE RE: RE RE: RE RE: order

Attachment

taiwan.zip

MD5

2e4785bd10fa399ea41c1eb38fff3edc

SHA256

1317178c535deac0cd5402fb944ed65542281da1a9d1c4e37c65287d108e6b0e

Family

Formbook

 

 

 

 

(23)

Sender ip

103.89.91.236

From

shahabamorico@gmail.com

Subject

RE;REQUEST FOR QUOTATION

Attachment

QUOTATION.zip

MD5

144ed9c7b681b58e6fb69a86aedbb859

SHA256

af345ba105bdf6a7015248d032984f79afef8b19e700235578522d279322801b

Family

Unknown

 

(24)

Sender ip

203.159.80.43

From

Accounts Dept <accounts@judingtech.com>

Subject

Fw: Re: Payment Advice / Bank Details

Attachment

Payment Advice.jpg.zip

MD5

6e0beff439e2905df31ab9d6a0d076e3

SHA256

2633901f3823c7c26a73a2041eb78cbe6f7a8c4afdcedea30cd840e515dc76f7

Family

RemcosRAT

 

 

 

 

 

(25)

Sender ip

185.222.58.148

From

Finance Department <finance@jonyeng.com>

Subject

FW: SWIFT Transfer (103) 000OUTQ080519103

Attachment

000OUTQ080519103.pdf.7z

MD5

e3dfc7314c31a6ffb488a9325f62ce94

SHA256

d8eba15b26d5652ed7cf6a67ec0f3b847fe7179aafdd414d092d25163eed9b3e

Family

Unknown

 

 

(26)

Sender ip

185.121.120.163

From

postmaster@axxin.co

Subject

PO#98796427521

Attachment

PO.zip

MD5

6048f1059131a6c980fdba17c9053818

SHA256

180ecd0e9a58eb360d20333cbb0778ef8bdfbd31a1512b257256bf850dd41ff2

Family

AgentTesla

 

 

 

(27)

Sender ip

104.168.202.229

From

jrt@carasollimited.pw

Subject

CARASOL LIMITED GROUP PRESENTATION

Attachment

CARASOL LIMITED GROUP PRESENTATION.rar

MD5

a71d3dabb71f27cc04a540bc810be5e2

SHA256

64bcb9c87f3e818a09349cbacce624de54bf7668e0d340912a017b5e9a35efe6

Family

AveMariaRAT

 

 

(28)

Sender ip

185.121.120.165

From

Chunhua Biyu<postmaster@seasonmedical.co >

Subject

Export department:sales inquiry

Attachment

Quotation.zip

MD5

dfc61d7aa5d2f2d7bf68a08749d39324

SHA256

5bd732ff0414ba8034f553e571b6f2cbeafeeae28c552b364e7ffc49854163cf

Family

Formbook

 

 

 

(29)

Sender ip

185.121.120.165

From

Chunhua Biyu<postmaster@seasonmedical.co >

Subject

Export department:sales inquiry

Attachment

Quotation.zip

MD5

dfc61d7aa5d2f2d7bf68a08749d39324

SHA256

5bd732ff0414ba8034f553e571b6f2cbeafeeae28c552b364e7ffc49854163cf

Family

Formbook

 

 

(30)

Sender ip

43.252.212.107

From

Damia/Navegacion SHIPPING <contactus@bloommaze.com>

Subject

RE: DRAFT BL: BPGUC21001161 / NEW SHIPMENT (Draft Dispatch Documents).

Attachment

BL8846545545363.zip

MD5

3a3c31db80f66c72d3d2b955b36d8362

SHA256

90d344562158255d4b094a2e157cd1196b4248bf01584d6c10f1ae33caf9ac70

Family

Formbook

 

 

(31)

Sender ip

104.168.200.175

From

Antonella Lattarulo <jrt@dropboxer-asia.pw>

Subject

Arifashayan 2020 06_04_RFQ

Attachment

Arifashayan_2020_06_04_RFQ.rar

MD5

5d707a4553f073324b1b849b3f891e89

SHA256

63bf325ba69681027e3ecfe828b993abe799ed0bc43c15617668abbdaa9db55b

Family

AveMariaRAT

 

(32)

Sender ip

45.95.168.230

From

Marina Malzew <info@blazefierce.live>

Subject

Re: RFQ- PO#-33202100

Attachment

RFQ040820.zip

MD5

ed5ff6866b115f070e80160b8d10bf0f

SHA256

d4abf50f9fd0aee8e6ada5a478e2d84d37d010ed92239705a7438f4a3c9a5435

Family

AgentTesla

 

 

 

 

(33)

Sender ip

8.36.41.118

From

DEKRA Industrial (Guangzhou) Co., Ltd. <info@dekra.com.cn>

Subject

new PO (ref: #1422) DEKRA // PI: Confirmation

Attachment

Confirmation_1422 DEKRA order,pdf.iso

MD5

35b9c2fb113b341da994a9eeeb65e920

SHA256

b2886305c4aa1e643de11d41f285e4de2712801e20e5030a32c36c62f6f1f3d7

Family

SnakeKeylogger

 

(34)

Sender ip

179.96.211.130

From

Tomomi YADA(Ms.)<postmaster@avail-tokyo.co.jp>

Subject

05.04.2021 PAYMENT SWIFT

Attachment

swift copy.rar

MD5

c29756a81b175c8a45063f034614200c

SHA256

77d633bb04f17dd1a4fd81ffed1f20b7e2844a0f67f16b57a6c565e429d3fc3d

Family

Unknown

 

 

 

 

(35)

Sender ip

82.223.243.188

From

李安妮 <support@elpeloton.net>

Subject

RE: Reservation

Attachment

รายละเอียดบัตรเครดิต.rar

MD5

de58e733f0feac7c8d0f9b5dec828185

SHA256

ae544fc1c3293473d4261360fa739819decfe531c900f085e555fb4afaf15847

Family

Formbook

 

 

(36)

Sender ip

165.232.130.32

From

Ying TANG <ying.tang@rina.org>

Subject

Outstanding invoices

Attachment

Outstanding invoices.rar

MD5

c4493e8cbd3c6718b4012ac630724c35

SHA256

bc53bbf6cd255b5bf3b06b5234fb1c733e1fbbc022828e20805fb89ea451e666

Family

AgentTesla

 

 

 

 

(37)

Sender ip

111.90.139.164

From

Chery Ch <Cherych@hbtovs.com>

Subject

Attached selected items and confirmed copy of Order and Sales Contract Draft for your reference.

Attachment

ORDER6798ERA-LBT.rar

MD5

b1f71045eff99bbdc181370889664581

SHA256

e2054a668969a178ed46aa1de4630da4d397bd2cdb0cef98d4cabba80403ed08

Family

Formbook

 

(38)

Sender ip

143.198.208.26

From

Savelie Raischi <contact@samigo-trade.com>

Subject

Previous inq

Attachment

QUOTATION JANUARY_ALFA-NISTRU_20210129-20293083020234.lzh

MD5

a06c39d7735e3d7cb21fa826d3fe25f1

SHA256

edec093ec0a70e58da54a9020c8f55298d3425e4c597fead5c96f94b7dba0a80

Family

AgentTesla

 

 

(39)

Sender ip

87.237.54.126

From

MEGA ICBC Singapore Branch <OBSSGP@megabank.com.tw>

Subject

Credit Advice - Global E-Banking Transaction, CUST ID:c431xxx0,

Attachment

Credit Advice -TT6635993652908.PDF.img

MD5

e67df1e7a4ac3610c63ebf43ce57c328

SHA256

9b96d29bf6c5183b4ab838883d42b2bf936eee44dd1a714240ce21277b85bde7

Family

AZORult

 

(40)

Sender ip

87.237.54.126

From

MEGA ICBC Singapore Branch <OBSSGP@megabank.com.tw>

Subject

Credit Advice - Global E-Banking Transaction, CUST ID:c431xxx0,

Attachment

Credit Advice -TT6635993652908.PDF.img

MD5

e67df1e7a4ac3610c63ebf43ce57c328

SHA256

9b96d29bf6c5183b4ab838883d42b2bf936eee44dd1a714240ce21277b85bde7

Family

AZORult

 

 

(41)

Sender ip

198.251.79.161

From

"ANTONIO ARROYO antonio.arroyo@corcimex.com

Subject

"RE: pago vencido de febrero y marzo#"

Attachment

"factura y datos bancarios.PDF.gz"

MD5

73bd07ee6d0c65ad0133fd69d3dd32ad

SHA256

610842f5e809996227396485a6577f350a0402cacab2ab431854ed97b83f5bc0

Family

Unknown

 

(42)

Sender ip

198.251.79.161

From

"ANTONIO ARROYO antonio.arroyo@corcimex.com

Subject

"RE: pago vencido de febrero y marzo#"

Attachment

"factura y datos bancarios.PDF.gz"

MD5

73bd07ee6d0c65ad0133fd69d3dd32ad

SHA256

610842f5e809996227396485a6577f350a0402cacab2ab431854ed97b83f5bc0

Family

Unknown

 

 

 

 

(43)

Sender ip

184.106.54.73

From

Ryan Rangel <lance.elpidama@bigfrog.com>

Subject

94733253533 LRMS PO# LRMS

Attachment

Track1Z16301.doc

MD5

3b293561854d9ad8d99f8cf2f37ec521

SHA256

1e472b9de49871cbf3a381b560312a55163a196213329fdae34f4bbae6dd9d20

Family

Unknown

 

Malware Analyst : Mahmoud El Menshawy

Contact me : mahmoudmorsy372@gmail.com

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more