Phishing Attacks 30_4_2021
(1)
Sender ip |
185.222.57.157 |
From |
"overseas@accountant.com" |
Subject |
"RE: bank details" |
Attachment |
"invoice.r00" |
MD5 |
694146ebade22848a1fe843e4eb31c89 |
SHA256 |
022a5fc68d11d26683f80764a574fcee93eff48f535cbe24ec1e391dc5a0f6c2 |
Family |
AgentTesla |
(2)
Sender ip |
37.49.225.172 |
From |
"<dengkun@sunda.com>" |
Subject |
"Inquiry for Tile" |
Attachment |
"quotation list.zip" |
MD5 |
0600b806027180acb0be2e1472927b65 |
SHA256 |
ad85e7e53c80c6603c55485f3e08c5ffe783de8c9fd2fbd5c6437c8c7333c19b |
Family |
AgentTesla |
(3)
Sender ip |
185.121.120.135 |
From |
"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?=
<sales@besmed.com>" |
Subject |
"RE: QUOTE NEW ORDER- SCAN &
SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##" |
Attachment |
"FW RE TEXGEEK INVOICE &
PACKING LIST - SCAN & SOFT COPY.PDF.gz" |
MD5 |
5568c7156240d414a774d0b2c32b4b31 |
SHA256 |
8050cdb57cf3d39abc295033fe7764033b2a75ed3ced9684f83b09a8cea96ab3 |
Family |
AgentTesla |
(4)
Sender ip |
45.143.147.194 |
From |
"Jenny Zang
<jianggh@yueshengvn.com>" |
Subject |
"Re: Copy of the Invoice
02/2021" |
Attachment |
"Copy of the Invoice
022021.pdf.zip" |
MD5 |
323b85a635bcf4bea3736799390cd9ec |
SHA256 |
05f3ab67f2a2976dd6c879669977569190c44613959d37ad60e576f7ad34525c |
Family |
AgentTesla |
(5)
Sender ip |
45.143.147.194 |
From |
"Jenny Zang
<jianggh@yueshengvn.com>" |
Subject |
"Re: Copy of the Invoice
02/2021" |
Attachment |
"Copy of the Invoice
022021.pdf.rar" |
MD5 |
778490a475d48f5ad510c03e027244b3 |
SHA256 |
e2b2a24e169ca0494983da86a23bae5724d115e03fdc31fe84af6cb0222f52d9 |
Family |
AgentTesla |
(6)
Sender ip |
103.99.1.147 |
From |
"=?UTF-8?B?Iuimg+WGsOWGsCI=?=
<shzhxn.sales7@xinning.com.cn>" |
Subject |
"=?UTF-8?B?UkXkuK3muK/orqLovaY0LzMwIOW3tOilvzYxTTLlkozlt7Topb82MUsy5ou86L2mIChDYXJwb29saW5nIGluIENoaW5hIGFuZCBIb25nIEtvbmcgNC8zMCBCcmF6aWwgNjFNMiBhbmQgQnJhemlsIDYxSzIgQ2FycG9vbCk=?=" |
Attachment |
"第1车
(15:00) 4.30巴西61K2和巴西61M2拼车中港订车.xls.rar" |
MD5 |
6bfa2a7892b9a6678ac6e57b390b7c46 |
SHA256 |
ac2920d92671cc53fb3264b2366932bc826bdbfe91b811376e3a9215571be340 |
Family |
AgentTesla |
(7)
Sender ip |
159.65.165.216 |
From |
"RAVINDRA.G
<Info@806.mxsen.ml>" |
Subject |
"RE: URGENT REQUEST FOR
QUOTATION" |
Attachment |
"IMG_103_65_070501.R01" |
MD5 |
8a4170e9c0af3494d6001420174abef3 |
SHA256 |
d1131005b486989f2ab79910b9f98ce93cd661df498690e0dec257fc53fee9e5 |
Family |
Loki |
(8)
Sender ip |
159.89.149.33 |
From |
"sajjad@afzalmachinery.com" |
Subject |
"RE:RE:RE: Cash_receipt IP77108
29_04_21" |
Attachment |
"Cash_receipt IP77108
29_04_21.r00" |
MD5 |
1f69c0238555c4eebf0b0bb1db28c67c |
SHA256 |
34a3973cf82398eeae686354462ac51831d68601e75058dbd19e65cb3d8b5083 |
Family |
AgentTesla |
(9)
Sender ip |
45.137.22.89 |
From |
"Batbileg Jarantai" <EXPRESS_ADG@ismarine.com.tr>" |
Subject |
"Fw: SWIFT Payment 20201102 - TC
-ref:00D208FT" |
Attachment |
"SWIFT Payment 20201229 - TC
-ref00D208FT.pif.zip" |
MD5 |
e7b4a29217bfaa3093e818da3c562516 |
SHA256 |
8b3474d5fdf9c464167e26a88e9a25988fa784998126a17b654099990c463fb0 |
Family |
AgentTesla |
(10)
Sender ip |
185.121.120.135 |
From |
"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?=
<sales@besmed.com>" |
Subject |
"RE: QUOTE NEW ORDER- SCAN &
SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##" |
Attachment |
"FW RE TEXGEEK INVOICE &
PACKING LIST - SCAN & SOFT COPY.PDF.gz" |
MD5 |
20a0c9a3206e37f988f7cbbeea3ce379 |
SHA256 |
97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f |
Family |
AgentTesla |
(11)
Sender ip |
103.138.109.241 |
From |
"GARY Lui
<gary@trinitycargolink.com>" |
Subject |
"RE: URGENT CUSTOMER
REQUEST" |
Attachment |
"customer request.zip" |
MD5 |
f2e2a5e7b6c40099a2273b82d91f16f0 |
SHA256 |
21119701ccacb20e0c3699fb891f270c52a83620e571b866d6faaed50ebb08ad |
Family |
AgentTesla |
(12)
Sender ip |
45.143.147.194 |
From |
"Hamza Yildirim
<info@macitmakina.com.tr>" |
Subject |
"RE: Fattura proforma-700004616
Proforma Invoice-700004616" |
Attachment |
"attachments.zip" |
MD5 |
c69b8e1ed7ae8fcf57764ec0f425c74f |
SHA256 |
120107376a7e45f33b145bd467e32fb2dfdc8153f8b98709e172214b22fac949 |
Family |
AgentTesla |
(13)
Sender ip |
45.137.22.36 |
From |
"<stephen.chan@groupm.com>" |
Subject |
"RE:Payment Status" |
Attachment |
"deposit payment.7z" |
MD5 |
08338b49e2287e549e346962c66db97f |
SHA256 |
ce853ffcdf19be7ce79c98ac13679764072cbe84a59e9c33bcee8d66bc1e810b |
Family |
NanoCore |
(14)
Sender ip |
103.133.105.111 |
From |
"Christin Hsu
<sales@advancelithium.com>" |
Subject |
"REQUEST FOR QUOTATION
1307-RFQ" |
Attachment |
"REQUEST FOR QUOTATION
1307-RFQ.pdf.gz" |
MD5 |
82b6af8a9779e01450949f603eafc03b |
SHA256 |
1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356 |
Family |
Formbook |
(15)
Sender ip |
103.133.105.111 |
From |
"Christin Hsu
<sales@advancelithium.com>" |
Subject |
"REQUEST FOR QUOTATION
1307-RFQ" |
Attachment |
"REQUEST FOR QUOTATION
1307-RFQ.pdf.gz" |
MD5 |
82b6af8a9779e01450949f603eafc03b |
SHA256 |
1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356 |
Family |
Formbook |
(16)
Sender ip |
203.159.80.162 |
From |
"Mohammed Hanif
<manager@gcacorperationllc.com>" |
Subject |
"(NGCP) Pipeline PROJECT -
TA-725638 - DK-RH-HRDH - HEADER PLATFORM TYPE 1-16-47M_MARKING &
FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION" |
Attachment |
"NGCP Pipeline PROJECT TA 725638
DK RH HRDH HEADER PLATFORM TYPE 1 16 47M MARKING & FABRICATION DRAWINGS
WITH FULL PACKAGE FOR CONSTRUCTION.zip" |
MD5 |
451e1961c98b3de200fdcbea973e581f |
SHA256 |
ce02df6efd44cd96e96967e5ea71101f5590ec377bc87d916cff96824ad5e571 |
Family |
Unknown |
(17)
Sender ip |
138.68.55.226 |
From |
"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?=
<support@819.mxsen.ml>" |
Subject |
"DHL CONSIGNMENT NOTIFICATION:
AWB 9899691012 Clearance Doc" |
Attachment |
"DHL CONSIGNMENT
NOTIFICATION_pdf.rar" |
MD5 |
ba175623e54c56e6c667c8fae0a967bd |
SHA256 |
37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2 |
Family |
SnakeKeylogger |
(18)
Sender ip |
138.68.55.226 |
From |
"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?=
<support@819.mxsen.ml>" |
Subject |
"DHL CONSIGNMENT NOTIFICATION:
AWB 9899691012 Clearance Doc" |
Attachment |
"DHL CONSIGNMENT
NOTIFICATION_pdf.rar" |
MD5 |
ba175623e54c56e6c667c8fae0a967bd |
SHA256 |
37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2 |
Family |
SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment