Phishing Attacks 19_4_2021

 













(1)

Sender ip

185.222.58.156

From

"Edith WANG <edith.wang@bureauveritas.com>"

Subject

"SOA -MARCH 2021"

Attachment

"SOA-MARCH2021.rar"

MD5

2dbf683f40910fdffe5c3b71a02f3030

SHA256

957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21

Family

SnakeKeylogger

 


(2)

Sender ip

199.10.31.238

From

"Mike Jansen" <info@504.nvbo.cf>"

Subject

"RE: NEW ORDER"

Attachment

"New Order No_ 255616_022521_pdf.cab"

MD5

da0cd813f9bb0dc3ee7db5e2beeef902

SHA256

0042b2e4793cd15b7821f64273397d92eb8d2ab2858b4dd484d4bc045581241d

Family

AgentTesla

 

(3)

 

Sender ip

199.10.31.237

From

"Shelter group" <info@504.nvbo.cf>"

Subject

"RE: PURCHASE ORDER"

Attachment

"PO_N00115_Order_pdf.cab"

MD5

69788c9d8586c33fcc7704cfb0714ce6

SHA256

4a1290bd96cd79dd3bb9a2cb06a299725309acaa66c170024d2896b484d55d1d

Family

AgentTesla

 

(4)

 

Sender ip

199.10.31.238

From

"Accounts" <info@504.nvbo.cf>"

Subject

"FW: SWIFT Transfer (overdue payment)"

Attachment

"Payment_slip_000234_pdf.cab"

MD5

9fc20b2276d6b2c4947128e8fda41550

SHA256

6bb9188ee929849131bfbb09b848c3352919e32e2794c5d69448d9f2eee13a72

Family

AgentTesla

 

(5)

Sender ip

66.154.111.122

From

"jurubina@unireka.com"

Subject

"Quotation Request - PR No : PR0078966"

Attachment

"OOO-MPA1.zip"

MD5

ba206a8f25ea668fcee1f3f18f5fad9c

SHA256

84d914a03d4be4280e7182e4835e7fc156b101cb03b567f70e0d11843c2e4d35

Family

AgentTesla

 

(6)

Sender ip

124.29.202.102

From

"Finance Manager <sales@c-accts.info>"

Subject

"Proforma Invoice"

Attachment

"Proforma Invoice.r00"

MD5

ecd3ba0f7f9ce655b539bc56a587fe2b

SHA256

c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa

Family

AgentTesla


(7)

Sender ip

185.222.57.200

From

"Donna Perry//Accounts//" <info@neosug.ch>"

Subject

"Fw: Payment $100,264.30 & $34,893"

Attachment

"Confirmation copy.pdf.ace"

MD5

a93a65637e7057a812b5a23c4bf1ecb2

SHA256

a654e193c6b5e0c6cc2fed521deda32ba5cf3308c0f2310d7889b93748b1d1a9

Family

AgentTesla

 


(8)

Sender ip

84.38.135.208

From

"Andrea Berret <export@novex.it>"

Subject

"Fwd: New Purchase order PO19085121"

Attachment

"New Purchase order.R12"

MD5

ce88c2e352da13935c91e9848e0921f0

SHA256

e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512

Family

Matiex

 

 

(9)

Sender ip

46.101.98.140

From

"DHL EXPRESS" <trackingmail@501.nvbo.cf>"

Subject

"DHL ONLINE SHIPPING PARCEL NOTIFICATION / TRACKING"

Attachment

"DHL_Invoice.gz"

MD5

8bbc63124d8f4c6c3c6630388450a078

SHA256

f6900232dcb9caf4f6193507322f3f8d15ff32fcb6c014fd7a06a4b13fec76ac

Family

AgentTesla

 


(10)

Sender ip

103.99.1.147

From

"Joyce Du" < joyce@transtonetire.com>"

Subject

"WT Flange RFQ"

Attachment

"Drawings_pdf.gz"

MD5

af19a172b75952c8a26ebd79afff620e

SHA256

9baa0da769d40eb2b41b528d6beff487c7603be46d81ad11454ae556169adf99

Family

AgentTesla

 

(11)

Sender ip

139.59.0.209

From

"DHL Express <info.usa@era-contact.com>"

Subject

"DHL Shipment Notification / Delivery Documents"

Attachment

"INV-982982782766.IMG"

MD5

0ec2b8a08087710a8f03291ff487f083

SHA256

6d484397e9e3756569b411c995ea15aa523075f7b31172a956999ffe8c7c2d11

Family

Formbook

 


(12)

Sender ip

185.222.58.156

From

"ABDULLAH <abdullah-jallad@veniciaco.com>"

Subject

"=?UTF-8?B?UkZRLzM0Njkg4oCTIFNVUFBMWSBPRiBNRURJQ0FMIEVRVUlQTUVOVFMgKERFRklCUklMTEFUT1IgLyBUT1VSTklRVUVUIC8gU1VSR0lDQUwgU0VUIC8gTUFOVUFMIEJQIC8gRVhBTUlOQVRJT04gTElHSFQgLyBBVVRPQ0xBVkUgJiBPMiBDWUxJTkRFUikg4oCTIEVOUVVJUlk=?="

Attachment

"RFQ3469,pdf.7z"

MD5

0b55bef1d67f555868441a2a19be4eda

SHA256

1c7f3a2e122fb7bc063f2ac2569e0efc40cb692ca851951c7ad75459bf1ef946

Family

SnakeKeylogger

 

(12)

Sender ip

139.162.7.170

From

"eInvoicing <tntsupport.admin@tnt.com>"

Subject

"TNT Express Invoice: 09004105 - Account: 000011320"

Attachment

"TNT Original Invoice_pdf.gz"

MD5

1cdb21ed0d725270c0888b1810af26ff

SHA256

c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627

Family

SnakeKeylogger

 

 

(13)

Sender ip

185.78.221.145

From

"<info@villaparadise.gr>"

Subject

"RFQ"

Attachment

"RFQ.zip"

MD5

5594453bd768e46d59f342dd618ea850

SHA256

927944aee3bfe730b3710464692e6d1efba0e840d3dd2b76e772150e141a6bde

Family

AgentTesla

 

(14)

Sender ip

185.78.221.145

From

"<info@villaparadise.gr>"

Subject

"RFQ"

Attachment

"RFQ.zip"

MD5

5594453bd768e46d59f342dd618ea850

SHA256

927944aee3bfe730b3710464692e6d1efba0e840d3dd2b76e772150e141a6bde

Family

AgentTesla

 

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more