Phishing Attacks 26_4_2021
(1)
Sender ip |
45.137.22.56 |
From |
"Mike
Yang<Yang@acgbahamas.com>" |
Subject |
"fwd: Re: outstanding
invoices" |
Attachment |
"outstanding invoices
pdf.7z" |
MD5 |
07b4a4b24f0cfad258497c689a8a93fe |
SHA256 |
0505d6f20405f635068b46f0adc82e65ea574da428e4b8fd256c64a9ecf237fe |
Family |
Formbook |
(2)
Sender ip |
185.222.57.157 |
From |
"crew@morningbrew.com" |
Subject |
"RE: Invoice & Packing list
for Approval (20-21/197)" |
Attachment |
"Invoice & Packing.r00" |
MD5 |
21a70f72f2295a0485d7e0a5c8ada771 |
SHA256 |
cf65bb00d5f1fc805c74ccaa290027265bc293b07cfd58717948739fe7200dba |
Family |
AgentTesla |
(3)
Sender ip |
185.222.57.162 |
From |
"Supriya M Rao<sandeep.more@wipro.com>" |
Subject |
"PO#5300008762. NEEDED
URGENTLY" |
Attachment |
"PO#5300008762.zip" |
MD5 |
232fa3693aad6d87354244a9898b1059 |
SHA256 |
229abf4d35db6de67ef6dbf60b79dc0f07f1e25a0b957ed5b7f26b17f16f82f4 |
Family |
AgentTesla |
(4)
Sender ip |
103.89.91.93 |
From |
"DHL Express
Inc<contact@dhl.com>" |
Subject |
"DHL NOTICE OF ARRIVAL
Reff:O/59548/178980" |
Attachment |
"DHL Receipt_pdf.gz" |
MD5 |
7b094e768f6fa1a49b5c5004636d6759 |
SHA256 |
f99d20b93c7da8516997054bd7888d2584e69a9d6ca569a721d740a3e1a0a678 |
Family |
Loki |
(5)
Sender ip |
45.137.22.71 |
From |
"Probona Info
<info@probona.com.tr>" |
Subject |
"New Order" |
Attachment |
"confirm this order and sign
PI.gz" |
MD5 |
299e8942daf3479234843c5327676e5e |
SHA256 |
bc429aca6dcf6a9b2315f7cdf4465ceb8a4f5ded220c7c6ef2c6781d5d5dafc4 |
Family |
Formbook |
(6)
Sender ip |
45.137.22.71 |
From |
"Sanjoy Das Chowdhury
<kconsourcing@gmail.com>" |
Subject |
"HSBC 6265( Box) - Payment
proof" |
Attachment |
"HKHSBC1D23297029-T01 Payment
proof.7z" |
MD5 |
79eefcf4ce0ca0922e31005393d9b15d |
SHA256 |
641c83fb32cfb7415be602df2b934059f88b340a956efcc95cbd74f9e76dfb33 |
Family |
SnakeKeylogger |
(6)
Sender ip |
45.137.22.57 |
From |
"yeevon.lim@asmlogistics.com.sg" |
Subject |
"Amended Purchhase Order Follow
Up" |
Attachment |
"Amended Purchhase Order Follow
Up.zip" |
MD5 |
5e7b7e99854ec413703f910f53b82432 |
SHA256 |
6a699c86232d7e3a6173aed0357555ecd214ec1cea38884bc81289ce0610d6b9 |
Family |
AgentTesla |
(7)
Sender ip |
185.222.58.156 |
From |
"Sales
<sales@nietco.ae>" |
Subject |
"RE: ENQUIRY NOVA/1181/04/26/JJ
RFQ" |
Attachment |
"ENQUIRY-NOVA11810426JJ-RFQ.r00" |
MD5 |
407a815448b1b8e42753d74c02aa09eb |
SHA256 |
f5ec1341d631452ee16446197912ed2845475a2b6b902466a74ed544dd5a9be7 |
Family |
SnakeKeylogger |
(8)
Sender ip |
165.227.239.191 |
From |
"MAERSK LINE"
<info@803.xorox.ga>" |
Subject |
"Maersk Booking Confirmation and
Telex release" |
Attachment |
"Booking Confirmation.gz" |
MD5 |
a3b9bdb7305ef28e933533bd6b87d8bf |
SHA256 |
682dda0201be9106ffab1fc5c99adce763099cf29af848ccba7ac86971cbf1e3 |
Family |
Loki |
(9)
Sender ip |
185.222.57.216 |
From |
"trend@latrendexports.com" |
Subject |
"PAYMENT ADVICE FOR OUTSTANDING
SOA," |
Attachment |
"payment advice 0264.rar" |
MD5 |
c2edb5f467db0ac0bf4b40307e36e066 |
SHA256 |
8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a |
Family |
AgentTesla |
(10)
Sender ip |
185.222.57.216 |
From |
"trend@latrendexports.com" |
Subject |
"PAYMENT ADVICE FOR OUTSTANDING
SOA," |
Attachment |
"payment advice 0264.rar" |
MD5 |
c2edb5f467db0ac0bf4b40307e36e066 |
SHA256 |
8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a |
Family |
AgentTesla |
(11)
Sender ip |
138.128.160.2 |
From |
Charlotte Elijah
<info@erapres.com.tr> |
Subject |
PROFORMA INVOICE#4902 |
Attachment |
PROFORMA INVOICE#4902.pdf.zip |
MD5 |
36a821d735296e196510d4372f4bad72 |
SHA256 |
f3bed53b374e76a80c611fed1383fda4a6c5eea0ede45cf6391bf2aa6cde9c37 |
Family |
Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment