Phishing Attacks 22_4_2021
(1)
|
Sender ip |
103.133.105.111 |
|
From |
"Jon Crofts
<Jon.Crofts@metpro.co.uk>" |
|
Subject |
"NEW ENQUIRY/RFQ: ALUMINIUM DOOR
CLOSER (120421PR1)" |
|
Attachment |
"NEW ENQUIRYRFQ ALUMINIUM DOOR
CLOSER (120421PR1).pdf.zip" |
|
MD5 |
d84244993a95e56ac988080fac8305ec |
|
SHA256 |
3966c11050646120a2c30e1f3bd7db0d8f0cb38ba8f586b1d8656d46a2b30b09 |
|
Family |
AgentTesla |
(2)
|
Sender ip |
45.126.132.42 |
|
From |
"Lucio USVARDI Area Manager
<gogon@designpartnersindonesia.com>" |
|
Subject |
"RE:Fw: C.O.A of Materials
Placebo" |
|
Attachment |
"C.O.A of Materials
Placebo.PDF.gz" |
|
MD5 |
d009073229a4241314aee30ec3a65001 |
|
SHA256 |
bebaf132c73e03c11cd32a3551abf02369edd8ee465e36701331502717340a66 |
|
Family |
Loki |
(3)
|
Sender ip |
66.154.111.122 |
|
From |
"jurubina@unireka.com" |
|
Subject |
"Quotation Request - PR No :
PR0078966" |
|
Attachment |
"QUO-131.zip" |
|
MD5 |
92f35e58db10d6aa177527e27e2734d8 |
|
SHA256 |
d22b3e746e42bfada3fe6b73b03d5e2443caf1a9090120ac9385e49bb72297c2 |
|
Family |
AgentTesla |
(4)
|
Sender ip |
92.204.132.28 |
|
From |
"Edwin Fernandes
<edwin@dtamaritime.com>" |
|
Subject |
"Fw: Revise Quotation.." |
|
Attachment |
"REVISE QUOTATION 21.04.2021.pdf
(113K).rar" |
|
MD5 |
6b989d90c73fa32a2cbeb1b051644d4c |
|
SHA256 |
3638135eb0f487e5b5b003d1f090554b0f6fe96ac90da04a1ff683156b164bd7 |
|
Family |
AgentTesla |
(5)
|
Sender ip |
195.140.213.112 |
|
From |
"SALES"
<sales@lgpartner.ch>" |
|
Subject |
"Top Urgent" |
|
Attachment |
"IMG_001 IMG_SCAN.JPG.iso" |
|
MD5 |
0d2ecb25207eff31ec77d7e6f075ec0e |
|
SHA256 |
3f7e3dd0a5d0ae1fd5e216b360ed459a0304251378cb3818353495b50fef5094 |
|
Family |
AgentTesla |
(6)
|
Sender ip |
185.222.57.227 |
|
From |
"Jackson Li <sales
<sales@sonata-china.com>>" |
|
Subject |
"=?UTF-8?B?Q2FibGV0ZWNoIOaMieWPkei0p+aXpeacnyAyMDIxMDQxMA==?=" |
|
Attachment |
"CONTRACT AGREEMENT_PDF.gz" |
|
MD5 |
37f5814b503eef70598272cb87c7d5f9 |
|
SHA256 |
6b900a5501a9c5da08a1b8f879fc05ba4753f03374278673e85990ad0678f097 |
|
Family |
Formbook |
(7)
|
Sender ip |
62.113.202.77 |
|
From |
"<sales@bz-united.com>" |
|
Subject |
"First Deposit Payment" |
|
Attachment |
"First Deposit Payment
pdf.7z" |
|
MD5 |
92a636d278c4d158e558c49a59274188 |
|
SHA256 |
b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082 |
|
Family |
Unknown |
(8)
|
Sender ip |
199.10.31.238 |
|
From |
"purchase@sulfert.com" |
|
Subject |
"FW: 100,000 MT / New Order" |
|
Attachment |
"PROFILE SULFERT
2021_pdf.rar" |
|
MD5 |
eaab9ac59fb0a7631ed6260f0be91bdf |
|
SHA256 |
f73fd03534d33ba3fae1a599de9cae587a34fe060457fdab954e79a0ab2f52ff |
|
Family |
AgentTesla |
(9)
|
Sender ip |
199.10.31.238 |
|
From |
purchase@sulfert.com |
|
Subject |
"FW: 100,000 MT / New Order" |
|
Attachment |
"SPECS SULFERT 2021_pdf.gz" |
|
MD5 |
d7e9f85b97417e101ebf465be8b13980 |
|
SHA256 |
7a4d26da454cc9824a18163b646184d0f4389e0be9d54fe7b7c2014720983243 |
|
Family |
AgentTesla |
(10)
|
Sender ip |
45.137.22.133 |
|
From |
"Pavan Vairagi
<Pavan.Vairagi@securemeters.com>" |
|
Subject |
"FW: PURCHASE ORDER" |
|
Attachment |
"PO-20210420.zip" |
|
MD5 |
609d38c0908dd52b9a518ced1c75dd5c |
|
SHA256 |
3a16d9865825143e0057c45f70a11f80461f200314a70108a48ab9b683d58a92 |
|
Family |
SnakeKeylogger |
(11)
|
Sender ip |
103.133.105.111 |
|
From |
"Marvin Feig
<sales@goodearthlighting.com>" |
|
Subject |
"solar panel poly 150wt -" |
|
Attachment |
"solar panel poly 150wt
.pdf.ace" |
|
MD5 |
2a0f779aa58b9d4d1d45afaa7a622a92 |
|
SHA256 |
309f12d31a2d8b4bf96dc06a8f24de554f5b8f215142bff8d4515168379a07d2 |
|
Family |
Unknown |
(12)
|
Sender ip |
103.133.105.111 |
|
From |
"Peter Fu
<sales@steelsino.com>" |
|
Subject |
"ALuminum COIL FOR ROOFING" |
|
Attachment |
"Quotation Sheet_Alloy 3003 H24
Coils.pdf.gz" |
|
MD5 |
82e46548a114eb13882c42e5d09bf8a3 |
|
SHA256 |
5827f03812579d03fbad772d4eed718a22261845ba8545f29121d685b5b17e0c |
|
Family |
Unknown |
(13)
|
Sender ip |
199.10.31.238 |
|
From |
"katrina.maranan@havelockone.com" |
|
Subject |
"TT Copy for Invoices" |
|
Attachment |
"TT Copy 042121_pdf.rar" |
|
MD5 |
e6264c1c8eb6ddc57844fdbeb5aee075 |
|
SHA256 |
6bcc69eb5c764b973bfb388c1342797592cace15893300327e96cf6db9af4bed |
|
Family |
AgentTesla |
(14)
|
Sender ip |
199.10.31.238 |
|
From |
"Dilara
AYGUN<dilara.aygun@betaavm.com.tr>" |
|
Subject |
"RE:Quotation 301086" |
|
Attachment |
"Quotation 301086.gz" |
|
MD5 |
1cb6b382ecf9e5a7e73ef765afa403ab |
|
SHA256 |
c53f78a0aba8697e91d16c70d04d7e11e6d92db7a780a14d4a945aca1a2f85e8 |
|
Family |
AgentTesla |
(15)
|
Sender ip |
185.222.58.156 |
|
From |
"T. HALK BANKASI A.S."
<EKSTRE@halkbank.com.tr>" |
|
Subject |
"T.HALK BANKASI A.S. 22.04.2021
Hesap Ekstresi" |
|
Attachment |
"Halkbank,pdf.7z" |
|
MD5 |
283f56b2202aff5f76755895d231afb2 |
|
SHA256 |
a04e7268712f8d0b4b75e58ef1a60b4a3bc3fe4c06780a5df6b8207d2237a6cb |
|
Family |
SnakeKeylogger |
(15)
|
Sender ip |
185.222.57.90 |
|
From |
"<quality@amproinc.in>" |
|
Subject |
"GS_ PO NO.186/2021" |
|
Attachment |
"GS_ PO NO.1862021.zip" |
|
MD5 |
1eadad01709a0294e51f5b64462059fc |
|
SHA256 |
399a8f899ba8d8ef02ecfd588fcbe4c0e85d59d8a51bb3127dc3e5fc451d278b |
|
Family |
AgentTesla |
(16)
|
Sender ip |
195.140.213.112 |
|
From |
"Accounts"
<accounts@lgpartner.ch>" |
|
Subject |
"Payment" |
|
Attachment |
"SWIFT COPY OF PAYMENT
MT103.IMG.zip" |
|
MD5 |
a55afd6e585084cd5c35e32b2b489773 |
|
SHA256 |
11c6387d2869e52d861cb081815414553074c4f7bc0a1b874c62e7519e6deb07 |
|
Family |
SnakeKeylogger |
(17)
|
Sender ip |
185.222.57.157 |
|
From |
"info@pesqueracristiansen.com" |
|
Subject |
"RE: BALANCE TRANSFER SWIFT
COPY.." |
|
Attachment |
"SWIFT COPY..r00" |
|
MD5 |
98871cc928cc252d84a5d639a0045910 |
|
SHA256 |
d8cd6b1f85451943300fa7f62c715b4abd03ee80286032ab3301e5e0b9910753 |
|
Family |
AgentTesla |
(18)
|
Sender ip |
185.222.57.162 |
|
From |
"Supriya M
Rao<sandeep.more@wipro.com>" |
|
Subject |
"PO#5300008762. NEEDED
URGENTLY" |
|
Attachment |
"PO#5300008762.zip" |
|
MD5 |
b879907f82b37e4018bd4153e0815dd6 |
|
SHA256 |
e8629b7e780aa86a7e337c9227b03b50eb35de4b0e425ef65d14c8cdf930888d |
|
Family |
AgentTesla |
(19)
|
Sender ip |
103.133.105.111 |
|
From |
"Trikora Ibnu
<sales@saranaprimalestari.com>" |
|
Subject |
"RE:NEW ORDER
INQUIRY_B3003H24" |
|
Attachment |
"NEW ORDER INQUIRY_B3003H24
.pdf.gz" |
|
MD5 |
659a98070ab17f593972e5dc7935f89d |
|
SHA256 |
d6eb294a8b844315cca29121d513bdabd61c0d435985da372aa648eabeaeeb28 |
|
Family |
Unknown |
(20)
|
Sender ip |
185.222.57.90 |
|
From |
"<sanjeev.shukla@bioayurveda.in>" |
|
Subject |
"Fwd: GS_ PO NO.186/" |
|
Attachment |
"GS_ PO NO.186.zip" |
|
MD5 |
f376efc82aa255d4386aa5a075caca1d |
|
SHA256 |
5c15e5ea3fcf134533d9bb93f5151a3cdff568c10a5d0d8422a947774f1882ff |
|
Family |
AgentTesla |
(21)
|
Sender ip |
199.10.31.238 |
|
From |
"purchase.sulfert@naver.com" |
|
Subject |
"FW: 100,000 MT / New Order" |
|
Attachment |
"PROFILE SULFERT
2021_pdf.rar" |
|
MD5 |
530985a290a1bc57e9f0ae2b14a165b1 |
|
SHA256 |
11fb443dac1bf246e4fc62ae592ebee7ddac2fa669f1e2d1fb5a7a225a1b6072 |
|
Family |
Unknown |
(22)
|
Sender ip |
199.10.31.238 |
|
From |
"purchase.sulfert@naver.com" |
|
Subject |
"FW: 100,000 MT / New Order" |
|
Attachment |
"SPECIFICATIONS SULFERT
2021_pdf.gz" |
|
MD5 |
cefc42320a29734bb40ab7d5c818b920 |
|
SHA256 |
4b52a85f4341b3dc98a940b4612f765fefab009915845fb9d72ee756091a0442 |
|
Family |
AgentTesla |
(23)
|
Sender ip |
134.119.177.15 |
|
From |
"SALES
<sales-06@minewe.com>" |
|
Subject |
“PRODUCT INQURIES /invoice .P.O" |
|
Attachment |
"purchase of new order
,PO.rar" |
|
MD5 |
9accad1e5b0cfe201bc7107a7d0139d4 |
|
SHA256 |
99d31be3d16970d6e399c8b9aee32f90221c6354cd2f18ab79ecaf02c4e50b17 |
|
Family |
AgentTesla |
(24)
|
Sender ip |
199.10.31.238 |
|
From |
"katrina.maranan-havelockone@naver.com" |
|
Subject |
"TT Copy for Invoices" |
|
Attachment |
"TT copy 220421_pdf.rar" |
|
MD5 |
e4d9aa046633fa53cd5c287ff5c0784d |
|
SHA256 |
8f9da06b2e19a4bb10cde882ee9da87993ecea391a06bf055348525ea11a668c |
|
Family |
Unknown |
(25)
|
Sender ip |
45.85.90.228 |
|
From |
"nsyawesh@huntoil.com" |
|
Subject |
RFQ |
|
Attachment |
"Invitation from -Hunt Oil Middle
East-.pdf (433K).rar" |
|
MD5 |
ea52d23c1fcf0f471f4fed84dea046d6 |
|
SHA256 |
2daa0975e061cb55724ea804ed29c819da5d133bae9bb6a82e2cf2def4d9ad05 |
|
Family |
Formbook |
(26)
|
Sender ip |
51.195.135.77 |
|
From |
"Jenifer"
<jennifer@dragontech-group.com>" |
|
Subject |
Invoice |
|
Attachment |
Invoice.zip |
|
MD5 |
4cc2f5a585feb6909c7064c39dac4025 |
|
SHA256 |
0d67090a6357de558de01fe6319da800a7133d82ce995bcb338a173b4064b587 |
|
Family |
AgentTesla |
(27)
|
Sender ip |
185.222.57.88 |
|
From |
"=?UTF-8?B?ICJKb3NlcGhpbmV7RGFuY28gQ2FwaXRhbMKgTHRkfSAi?=
<enver.doko@comtrade-ks.com>" |
|
Subject |
"RE: STATEMENT OF ACCOUNT" |
|
Attachment |
"statement�of�account�as at 31.03.2021-8948030038889393.exe.gz" |
|
MD5 |
4465ebdd46d195f48ce479aa28b62773 |
|
SHA256 |
5031d522eaaf840d063fb7403845181e9cd47e941be7b59b3e72d22e2e6f840a |
|
Family |
AgentTesla |
(28)
|
Sender ip |
185.222.57.88 |
|
From |
"=?UTF-8?B?ICJKb3NlcGhpbmV7RGFuY28gQ2FwaXRhbMKgTHRkfSAi?=
<enver.doko@comtrade-ks.com>" |
|
Subject |
"RE: STATEMENT OF ACCOUNT" |
|
Attachment |
"statement�of�account�as at 31.03.2021-8948030038889393.exe.gz" |
|
MD5 |
4465ebdd46d195f48ce479aa28b62773 |
|
SHA256 |
5031d522eaaf840d063fb7403845181e9cd47e941be7b59b3e72d22e2e6f840a |
|
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment