Phishing Attacks 19_4_2021

 













(1)

Sender ip

185.222.58.156

From

"Edith WANG <edith.wang@bureauveritas.com>"

Subject

"SOA -MARCH 2021"

Attachment

"SOA-MARCH2021.rar"

MD5

2dbf683f40910fdffe5c3b71a02f3030

SHA256

957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21

Family

SnakeKeylogger

 


(2)

Sender ip

199.10.31.238

From

"Mike Jansen" <info@504.nvbo.cf>"

Subject

"RE: NEW ORDER"

Attachment

"New Order No_ 255616_022521_pdf.cab"

MD5

da0cd813f9bb0dc3ee7db5e2beeef902

SHA256

0042b2e4793cd15b7821f64273397d92eb8d2ab2858b4dd484d4bc045581241d

Family

AgentTesla

 

(3)

 

Sender ip

199.10.31.237

From

"Shelter group" <info@504.nvbo.cf>"

Subject

"RE: PURCHASE ORDER"

Attachment

"PO_N00115_Order_pdf.cab"

MD5

69788c9d8586c33fcc7704cfb0714ce6

SHA256

4a1290bd96cd79dd3bb9a2cb06a299725309acaa66c170024d2896b484d55d1d

Family

AgentTesla

 

(4)

 

Sender ip

199.10.31.238

From

"Accounts" <info@504.nvbo.cf>"

Subject

"FW: SWIFT Transfer (overdue payment)"

Attachment

"Payment_slip_000234_pdf.cab"

MD5

9fc20b2276d6b2c4947128e8fda41550

SHA256

6bb9188ee929849131bfbb09b848c3352919e32e2794c5d69448d9f2eee13a72

Family

AgentTesla

 

(5)

Sender ip

66.154.111.122

From

"jurubina@unireka.com"

Subject

"Quotation Request - PR No : PR0078966"

Attachment

"OOO-MPA1.zip"

MD5

ba206a8f25ea668fcee1f3f18f5fad9c

SHA256

84d914a03d4be4280e7182e4835e7fc156b101cb03b567f70e0d11843c2e4d35

Family

AgentTesla

 

(6)

Sender ip

124.29.202.102

From

"Finance Manager <sales@c-accts.info>"

Subject

"Proforma Invoice"

Attachment

"Proforma Invoice.r00"

MD5

ecd3ba0f7f9ce655b539bc56a587fe2b

SHA256

c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa

Family

AgentTesla


(7)

Sender ip

185.222.57.200

From

"Donna Perry//Accounts//" <info@neosug.ch>"

Subject

"Fw: Payment $100,264.30 & $34,893"

Attachment

"Confirmation copy.pdf.ace"

MD5

a93a65637e7057a812b5a23c4bf1ecb2

SHA256

a654e193c6b5e0c6cc2fed521deda32ba5cf3308c0f2310d7889b93748b1d1a9

Family

AgentTesla

 


(8)

Sender ip

84.38.135.208

From

"Andrea Berret <export@novex.it>"

Subject

"Fwd: New Purchase order PO19085121"

Attachment

"New Purchase order.R12"

MD5

ce88c2e352da13935c91e9848e0921f0

SHA256

e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512

Family

Matiex

 

 

(9)

Sender ip

46.101.98.140

From

"DHL EXPRESS" <trackingmail@501.nvbo.cf>"

Subject

"DHL ONLINE SHIPPING PARCEL NOTIFICATION / TRACKING"

Attachment

"DHL_Invoice.gz"

MD5

8bbc63124d8f4c6c3c6630388450a078

SHA256

f6900232dcb9caf4f6193507322f3f8d15ff32fcb6c014fd7a06a4b13fec76ac

Family

AgentTesla

 


(10)

Sender ip

103.99.1.147

From

"Joyce Du" < joyce@transtonetire.com>"

Subject

"WT Flange RFQ"

Attachment

"Drawings_pdf.gz"

MD5

af19a172b75952c8a26ebd79afff620e

SHA256

9baa0da769d40eb2b41b528d6beff487c7603be46d81ad11454ae556169adf99

Family

AgentTesla

 

(11)

Sender ip

139.59.0.209

From

"DHL Express <info.usa@era-contact.com>"

Subject

"DHL Shipment Notification / Delivery Documents"

Attachment

"INV-982982782766.IMG"

MD5

0ec2b8a08087710a8f03291ff487f083

SHA256

6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11

Family

Formbook

 


(12)

Sender ip

185.222.58.156

From

"ABDULLAH <abdullah-jallad@veniciaco.com>"

Subject

"=?UTF-8?B?UkZRLzM0Njkg4oCTIFNVUFBMWSBPRiBNRURJQ0FMIEVRVUlQTUVOVFMgKERFRklCUklMTEFUT1IgLyBUT1VSTklRVUVUIC8gU1VSR0lDQUwgU0VUIC8gTUFOVUFMIEJQIC8gRVhBTUlOQVRJT04gTElHSFQgLyBBVVRPQ0xBVkUgJiBPMiBDWUxJTkRFUikg4oCTIEVOUVVJUlk=?="

Attachment

"RFQ3469,pdf.7z"

MD5

0b55bef1d67f555868441a2a19be4eda

SHA256

1c7f3a2e122fb7bc063f2ac2569e0efc40cb692ca851951c7ad75459bf1ef946

Family

SnakeKeylogger

 

(12)

Sender ip

139.162.7.170

From

"eInvoicing <tntsupport.admin@tnt.com>"

Subject

"TNT Express Invoice: 09004105 - Account: 000011320"

Attachment

"TNT Original Invoice_pdf.gz"

MD5

1cdb21ed0d725270c0888b1810af26ff

SHA256

c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627

Family

SnakeKeylogger

 

 

(13)

Sender ip

185.78.221.145

From

"<info@villaparadise.gr>"

Subject

"RFQ"

Attachment

"RFQ.zip"

MD5

5594453bd768e46d59f342dd618ea850

SHA256

927944aee3bfe730b3710464692e6d1efba0e840d3dd2b76e772150e141a6bde

Family

AgentTesla

 

(14)

Sender ip

185.78.221.145

From

"<info@villaparadise.gr>"

Subject

"RFQ"

Attachment

"RFQ.zip"

MD5

5594453bd768e46d59f342dd618ea850

SHA256

927944aee3bfe730b3710464692e6d1efba0e840d3dd2b76e772150e141a6bde

Family

AgentTesla

 

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021