Phishing Attacks 26_4_2021

 



(1)

Sender ip

45.137.22.56

From

"Mike Yang<Yang@acgbahamas.com>"

Subject

"fwd: Re: outstanding invoices"

Attachment

"outstanding invoices pdf.7z"

MD5

07b4a4b24f0cfad258497c689a8a93fe

SHA256

0505d6f20405f635068b46f0adc82e65ea574da428e4b8fd256c64a9ecf237fe

Family

Formbook

 


(2)

Sender ip

185.222.57.157

From

"crew@morningbrew.com"

Subject

"RE: Invoice & Packing list for Approval (20-21/197)"

Attachment

"Invoice & Packing.r00"

MD5

21a70f72f2295a0485d7e0a5c8ada771

SHA256

cf65bb00d5f1fc805c74ccaa290027265bc293b07cfd58717948739fe7200dba

Family

AgentTesla

 

(3)

 

Sender ip

185.222.57.162

From

"Supriya M Rao<sandeep.more@wipro.com>"

Subject

"PO#5300008762. NEEDED URGENTLY"

Attachment

"PO#5300008762.zip"

MD5

232fa3693aad6d87354244a9898b1059

SHA256

229abf4d35db6de67ef6dbf60b79dc0f07f1e25a0b957ed5b7f26b17f16f82f4

Family

AgentTesla

 


(4)

 

Sender ip

103.89.91.93

From

"DHL Express Inc<contact@dhl.com>"

Subject

"DHL NOTICE OF ARRIVAL Reff:O/59548/178980"

Attachment

"DHL Receipt_pdf.gz"

MD5

7b094e768f6fa1a49b5c5004636d6759

SHA256

f99d20b93c7da8516997054bd7888d2584e69a9d6ca569a721d740a3e1a0a678

Family

Loki

 


(5)

Sender ip

45.137.22.71

From

"Probona Info <info@probona.com.tr>"

Subject

"New Order"

Attachment

"confirm this order and sign PI.gz"

MD5

299e8942daf3479234843c5327676e5e

SHA256

bc429aca6dcf6a9b2315f7cdf4465ceb8a4f5ded220c7c6ef2c6781d5d5dafc4

Family

Formbook

 

(6)

Sender ip

45.137.22.71

From

"Sanjoy Das Chowdhury <kconsourcing@gmail.com>"

Subject

"HSBC 6265( Box) - Payment proof"

Attachment

"HKHSBC1D23297029-T01 Payment proof.7z"

MD5

79eefcf4ce0ca0922e31005393d9b15d

SHA256

641c83fb32cfb7415be602df2b934059f88b340a956efcc95cbd74f9e76dfb33

Family

SnakeKeylogger


(6)

Sender ip

45.137.22.57

From

"yeevon.lim@asmlogistics.com.sg"

Subject

"Amended Purchhase Order Follow Up"

Attachment

"Amended Purchhase Order Follow Up.zip"

MD5

5e7b7e99854ec413703f910f53b82432

SHA256

6a699c86232d7e3a6173aed0357555ecd214ec1cea38884bc81289ce0610d6b9

Family

AgentTesla


(7)

Sender ip

185.222.58.156

From

"Sales <sales@nietco.ae>"

Subject

"RE: ENQUIRY NOVA/1181/04/26/JJ RFQ"

Attachment

"ENQUIRY-NOVA11810426JJ-RFQ.r00"

MD5

407a815448b1b8e42753d74c02aa09eb

SHA256

f5ec1341d631452ee16446197912ed2845475a2b6b902466a74ed544dd5a9be7

Family

SnakeKeylogger


(8)

Sender ip

165.227.239.191

From

"MAERSK LINE" <info@803.xorox.ga>"

Subject

"Maersk Booking Confirmation and Telex release"

Attachment

"Booking Confirmation.gz"

MD5

a3b9bdb7305ef28e933533bd6b87d8bf

SHA256

682dda0201be9106ffab1fc5c99adce763099cf29af848ccba7ac86971cbf1e3

Family

Loki


(9)

Sender ip

185.222.57.216

From

"trend@latrendexports.com"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(10)

Sender ip

185.222.57.216

From

"trend@latrendexports.com"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(11)

Sender ip

138.128.160.2

From

Charlotte Elijah <info@erapres.com.tr>

Subject

PROFORMA INVOICE#4902

Attachment

PROFORMA INVOICE#4902.pdf.zip

MD5

36a821d735296e196510d4372f4bad72

SHA256

f3bed53b374e76a80c611fed1383fda4a6c5eea0ede45cf6391bf2aa6cde9c37

Family

Unknown


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021