Phishing Attacks 25_4_2021

 




(1)

Sender ip

45.137.22.94

From

"Fadi Tahboub <fadi.tahboub@rehau.com>"

Subject

Re: Shipmen

Attachment

"INV+PACKING LIST.gz"

MD5

39e343d80ab4d1e666174259ddace5cd

SHA256

e48f98656c4a21311cb99be0dc4066da0ff01bcce271339b60233945b7c8bb09

Family

Formbook

 


(2)

Sender ip

45.137.22.56

From

"Export department<Saludos@alkuhaimi.com>"

Subject

"Shipping documents"

Attachment

"shipping document PDF.7z"

MD5

c797fc48467257693a93b67c64ed2dcf

SHA256

85ce611551377829b136b41ca0e67aaf83a27cd616f39e524dbeb715bada4667

Family

Formbook

 

(3)

 

Sender ip

37.49.225.172

From

"abuse@enom.com"

Subject

"Purchase Order nr 49834"

Attachment

"Purchase Orde.pdf.r09"

MD5

c85fe498d24b0a589ecd3fea9fc2a163

SHA256

5eb4b586d432be9a5f9e26f10480ccfcb204ab1225b4d5852aae1c66c6ee2211

Family

AgentTesla

 

(4)

 

Sender ip

62.36.20.210

From

"Protect.DocuSign" <eperezmora@eresmas.com>"

Subject

"Please DocuSign. "

Attachment

"Documents_1344549788_1549269731.xls"

MD5

b410380eee2661e27e61ee04f278df0a

SHA256

8cd05deb5574997e63ba125d13fb3fbddbc1cbb41125102a2f6828f0f0e0bdb4

Family

SilentBuilder

 


(5)

Sender ip

45.143.147.194

From

"Annie Ayala (DHL)<Annie.Ayala@dhl.com>"

Subject

"Pre-Alert SEA,S2101467572, HBL# MNLA08005,MNL-PKG, lgpartner.c”

Attachment

"HBL# MNLA08005.zip"

MD5

13e4ebd118104aecc20af5ac544a4593

SHA256

d32d6337382ae655e091952291c03f13be611b859fe3cfacb18c803e964131e2

Family

Unknown

 

(6)

Sender ip

unknown

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


(7)

Sender ip

45.137.22.71

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


(8)

Sender ip

45.137.22.71

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021