Phishing Attacks 25_4_2021
(1)
Sender ip |
45.137.22.94 |
From |
"Fadi Tahboub <fadi.tahboub@rehau.com>" |
Subject |
Re: Shipmen |
Attachment |
"INV+PACKING LIST.gz" |
MD5 |
39e343d80ab4d1e666174259ddace5cd |
SHA256 |
e48f98656c4a21311cb99be0dc4066da0ff01bcce271339b60233945b7c8bb09 |
Family |
Formbook |
(2)
Sender ip |
45.137.22.56 |
From |
"Export
department<Saludos@alkuhaimi.com>" |
Subject |
"Shipping documents" |
Attachment |
"shipping document PDF.7z" |
MD5 |
c797fc48467257693a93b67c64ed2dcf |
SHA256 |
85ce611551377829b136b41ca0e67aaf83a27cd616f39e524dbeb715bada4667 |
Family |
Formbook |
(3)
Sender ip |
37.49.225.172 |
From |
"abuse@enom.com" |
Subject |
"Purchase Order nr 49834" |
Attachment |
"Purchase Orde.pdf.r09" |
MD5 |
c85fe498d24b0a589ecd3fea9fc2a163 |
SHA256 |
5eb4b586d432be9a5f9e26f10480ccfcb204ab1225b4d5852aae1c66c6ee2211 |
Family |
AgentTesla |
(4)
Sender ip |
62.36.20.210 |
From |
"Protect.DocuSign"
<eperezmora@eresmas.com>" |
Subject |
"Please DocuSign. " |
Attachment |
"Documents_1344549788_1549269731.xls" |
MD5 |
b410380eee2661e27e61ee04f278df0a |
SHA256 |
8cd05deb5574997e63ba125d13fb3fbddbc1cbb41125102a2f6828f0f0e0bdb4 |
Family |
SilentBuilder |
(5)
Sender ip |
45.143.147.194 |
From |
"Annie Ayala
(DHL)<Annie.Ayala@dhl.com>" |
Subject |
"Pre-Alert SEA,S2101467572, HBL#
MNLA08005,MNL-PKG, lgpartner.c” |
Attachment |
"HBL# MNLA08005.zip" |
MD5 |
13e4ebd118104aecc20af5ac544a4593 |
SHA256 |
d32d6337382ae655e091952291c03f13be611b859fe3cfacb18c803e964131e2 |
Family |
Unknown |
(6)
Sender ip |
unknown |
From |
"Ahmed Akram
<ahmed.akram@mediaminds.biz>" |
Subject |
"Re: Updated SOA" |
Attachment |
"SOA.gz" |
MD5 |
6f376ceb23bf3cd21666a9682367c665 |
SHA256 |
c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
Family |
Formbook |
(7)
Sender ip |
45.137.22.71 |
From |
"Ahmed Akram
<ahmed.akram@mediaminds.biz>" |
Subject |
"Re: Updated SOA" |
Attachment |
"SOA.gz" |
MD5 |
6f376ceb23bf3cd21666a9682367c665 |
SHA256 |
c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
Family |
Formbook |
(8)
Sender ip |
45.137.22.71 |
From |
"Ahmed Akram
<ahmed.akram@mediaminds.biz>" |
Subject |
"Re: Updated SOA" |
Attachment |
"SOA.gz" |
MD5 |
6f376ceb23bf3cd21666a9682367c665 |
SHA256 |
c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
Family |
Formbook |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment