Phishing Attacks 21_4_2021

 












(1)

Sender ip

45.137.22.71

From

"Jashpal Singh <stantech@eim.ae>"

Subject

"RE: LPO-SCREEN MESH"

Attachment

: "LPO PRECISION MESHES 2352104321QQ.pdf.r11"

MD5

740d0fb7a4addd333ba056dea2fabf3a

SHA256

528af553a32a89601588f39b35e8b2714cd479bc47648b007a564136485e3e0e

Family

Formbook

 

(2)

Sender ip

195.231.66.125

From

"Nguyen Phuong Thuy <thuy.sa@ctcbio.com.vn>"

Subject

"New Order"

Attachment

(New order - List of New Order).zip

MD5

32246920e52fd4ef5cc1bd49811a2344

SHA256

40a337fe26c8929fa7d4cb2c750b03d160d1ce1addc9ea0f7abfb71c242a07f0

Family

ModiLoader

 

(3)

 

Sender ip

185.136.163.190

From

"Louis Morgan Groups<osoriandres33@ymail.com>"

Subject

"Order List"

Attachment

"Order List.zip"

MD5

c3c073bdc64b2ae06490024e9f0d1c63

SHA256

823f97c8ef07b2edfa84d898cf7987a0c18bc742fb458aeb99c97f49ad3fe64b

Family

AgentTesla

 

(4)

 

Sender ip

45.137.22.71

From

"Echo Wu <quinn.gtf@gmail.com>"

Subject

"update prices of attached items"

Attachment

"update order of attached items.r00"

MD5

8f0088d768489196c279a1c8adc70a20

SHA256

a32bb58209626c22868278a90a0956495039289cf88d33d085419b9a8259266f

Family

Unknown

 

(5)

Sender ip

185.222.57.157

From

"info@pesqueracristiansen.com"

Subject

"RE: BALANCE TRANSFER SWIFT COPY.."

Attachment

"SWIFT COPY..rar"

MD5

cf8fe5bfba132a425f4b79f1247e8554

SHA256

181ee3a7d7eed5331b58011e1088533b45734c5f7928dd4b4cc78ac3def5f90b

Family

AgentTesla

 

(6)

Sender ip

185.222.57.171

From

"n.kharaishvili@ltb.ge"

Subject

"order #127"

Attachment

"NA090900000.LzH"

MD5

0b934403f656857cffcff32823b6f8de

SHA256

d0dde788e773c61239053ee6dffff5e83043310ef27efac0f6d8275af0971b57

Family

NanoCore


(7)

Sender ip

45.137.22.71

From

"T. HALK BANKASI<EKSTRE@halkbank.com.tr>"

Subject

"T.HALK BANKASI A.S.Hesap Ekstresi"

Attachment

"Halkbank,doc 00100210210.r11"

MD5

9a900a84e85e6bfe1ac6e55873aa262a

SHA256

256ddf8556d759c829d9ebfb85e2ec242b3bf94d38f2cbf9edfb5c780973a256

Family

Formbook

 


(8)

Sender ip

142.4.18.137

From

"cindy@medicalstaffinginnovations.com"

Subject

“PI OUI899484 BOX .PAKE"

Attachment

"OUI.899484... BOX.gz"

MD5

842a0115077cd223a12d31d352498924

SHA256

92ec45e9b52f0cb624e34c317a8c4f122acb9ba62be1ff6088625d96e555ddb8

Family

unknown

 

 

(9)

Sender ip

185.222.57.157

From

"info@pesqueracristiansen.com"

Subject

"RE: BALANCE TRANSFER SWIFT COPY.."

Attachment

"SWIFT COPY..r00"

MD5

f489aa535f8096ab6b278616ef4c4484

SHA256

8e47a1d341da073d6d19310578ee44144f0d86d1b50613b631ec0a2688204ed1

Family

AgentTesla

 

 


(10)

Sender ip

185.222.58.156

From

"=?UTF-8?B?xLBNTcSwQg==?= <immib@immibhaber.org>"

Subject

"Payment_Swift_TT_Copy_Original.pdf ///Re: Instructions for Payment"

Attachment

"Payment_Swift_0096986854748574.r00"

MD5

8303923a596fd9cbcc7ffe4caa2ea8c8

SHA256

17967badb8bb0e2240386e286f05c9c00bcd74a991f5230ea20b2db610d8cc07

Family

SnakeKeylogger


(11)

Sender ip

185.222.57.162

From

"Naney Jasmin Estrada(Ms.)<info@midwaywholesalebz.com>"

Subject

"RE:Proforma IO108090"

Attachment

"Proforma IO108090.zip"

MD5

4885ff083ce141b9ca9110bff8219723

SHA256

b2eadc92f226dcdda1217fc2548ccba1479c8e50bd24b25123215a926aacf7a5

Family

AgentTesla

 


(12)

Sender ip

45.156.23.236

From

"Steve Park" <nelle@gusikowski.ml>"

Subject

"RE: Overdue Charge Payment"

Attachment

"Bank Details.rar"

MD5

7a8c59a4794d9ec5a8b0256f5e339bd5

SHA256

3e4dfe7c5416c432107685e308c803d888df1f5d78949a11c535ee926216c635

Family

SnakeKeylogger

 

(13)

Sender ip

51.89.208.80

From

"emily.r@appraisal-property.com"

Subject

"Appraisal Loan Report."

Attachment

"Appraisa-reportl11002275444900.zip"

MD5

e8ca9498986b1c304ad639874335339f

SHA256

6fdcc4b886c1ddcd5a76bfb4f8c79cf39f7c3c3fbe08cee92fa5a8eeafc57e43

Family

RemcosRAT

 

 

(14)

Sender ip

103.133.105.111

From

"Atina Wu <sales@gmeesolar.com>"

Subject

"*URGENT SUPPLY* QUOTE B1020363"

Attachment

"QUOTE B1020363.PDF.gz"

MD5

adfcfecea283e97f3cda3be4baffa7e9

SHA256

104f4489ec8b1b693b839dc39082f5f07e569be7728dbd3e0d8172a76f6dce68

Family

Formbook

 


(15)

Sender ip

45.137.22.57

From

"surendra@saisanket.com"

Subject

"RE: PAYMENT COPY"

Attachment

"Payment.zip"

MD5

d6ea4160f408cce8aae4a84d37d9e921

SHA256

40697fea925326e0b55469750354352c0c7d36f7abe00699e013e55e9afeae2d

Family

AgentTesla

 

 

(15)

Sender ip

185.222.57.90

From

"<quality@amproinc.in>"

Subject

"GS_ PO NO.186/2021"

Attachment

"GS_ PO NO.1862021.zip"

MD5

1eadad01709a0294e51f5b64462059fc

SHA256

399a8f899ba8d8ef02ecfd588fcbe4c0e85d59d8a51bb3127dc3e5fc451d278b

Family

AgentTesla

 

(16)

Sender ip

93.189.41.228

From

"BlueLinx Holdings <Watson@localmoverquotes.com>"

Subject

"DocuSign: Equipment #9517"

Attachment

"inv_1021910698_364846394.rar"

MD5

5ad1b1fa3cff6f806797b77545461fd0

SHA256

730deb695698a67f2b135c9b836b112f03d2b94ad9cc1bb9d38513b2a8bbf7bd

Family

Quakbot

 

(17)

Sender ip

82.194.90.139

From

"sekretary <bogdanov_BY@mail.ru>"

Subject

"=?UTF-8?Q?=D1=81=D1=87=D0=B5=D1=82-=D0=BF=D1=80=D0=BE=D1=84?=

=?UTF-8?Q?=D0=BE=D1=80=D0=BC=D0=B0?="

Attachment

"счет-проформа pdf.zip"

MD5

d625f80e4f8359aa969eef872133ad03

SHA256

083a56cd6197597aae81782b47d6aaead5b6ec08245b6603845aaa425645dd1e

Family

FormBook

 


(18)

Sender ip

62.113.202.77

From

"Rahmatullah khan"<sales@smoresteel.com>"

Subject

"Update of PI AAAQ pending orders0308 D2101002610 air shipment"

Attachment

"pending orders0308 D2101002610 pdf.7z"

MD5

7d9224e610eab56f6a2276a8f31f8cc7

SHA256

c76e376abdeb8103dc00f7c3b68cdf6a685cc5578269b83edc249fa0693cb973

Family

FormBook

 

(19)

Sender ip

93.189.41.228

From

"BlueLinx Holdings <Watson@localmoverquotes.com>"

Subject

"DocuSign: Equipment #9517"

Attachment

"inv_1021910698_364846394.rar"

MD5

5ad1b1fa3cff6f806797b77545461fd0

SHA256

730deb695698a67f2b135c9b836b112f03d2b94ad9cc1bb9d38513b2a8bbf7bd

Family

Quakbot








Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more