Phishing Attacks 30_4_2021

 




(1)

Sender ip

185.222.57.157

From

"overseas@accountant.com"

Subject

"RE: bank details"

Attachment

"invoice.r00"

MD5

694146ebade22848a1fe843e4eb31c89

SHA256

022a5fc68d11d26683f80764a574fcee93eff48f535cbe24ec1e391dc5a0f6c2

Family

AgentTesla

 


(2)

Sender ip

37.49.225.172

From

"<dengkun@sunda.com>"

Subject

"Inquiry for Tile"

Attachment

"quotation list.zip"

MD5

0600b806027180acb0be2e1472927b65

SHA256

ad85e7e53c80c6603c55485f3e08c5ffe783de8c9fd2fbd5c6437c8c7333c19b

Family

AgentTesla

 

(3)

 

Sender ip

185.121.120.135

From

"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <sales@besmed.com>"

Subject

"RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"

Attachment

"FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"

MD5

5568c7156240d414a774d0b2c32b4b31

SHA256

8050cdb57cf3d39abc295033fe7764033b2a75ed3ced9684f83b09a8cea96ab3

Family

AgentTesla

 


(4)

 

Sender ip

45.143.147.194

From

"Jenny Zang <jianggh@yueshengvn.com>"

Subject

"Re: Copy of the Invoice 02/2021"

Attachment

"Copy of the Invoice 022021.pdf.zip"

MD5

323b85a635bcf4bea3736799390cd9ec

SHA256

05f3ab67f2a2976dd6c879669977569190c44613959d37ad60e576f7ad34525c

Family

AgentTesla

 

(5)

Sender ip

45.143.147.194

From

"Jenny Zang <jianggh@yueshengvn.com>"

Subject

"Re: Copy of the Invoice 02/2021"

Attachment

"Copy of the Invoice 022021.pdf.rar"

MD5

778490a475d48f5ad510c03e027244b3

SHA256

e2b2a24e169ca0494983da86a23bae5724d115e03fdc31fe84af6cb0222f52d9

Family

AgentTesla

 

(6)

Sender ip

103.99.1.147

From

"=?UTF-8?B?Iuimg+WGsOWGsCI=?= <shzhxn.sales7@xinning.com.cn>"

Subject

"=?UTF-8?B?UkXkuK3muK/orqLovaY0LzMwIOW3tOilvzYxTTLlkozlt7Topb82MUsy5ou86L2mIChDYXJwb29saW5nIGluIENoaW5hIGFuZCBIb25nIEtvbmcgNC8zMCBCcmF6aWwgNjFNMiBhbmQgQnJhemlsIDYxSzIgQ2FycG9vbCk=?="

Attachment

"1 1500 4.30巴西61K2和巴西61M2车中港订车.xls.rar"

MD5

6bfa2a7892b9a6678ac6e57b390b7c46

SHA256

ac2920d92671cc53fb3264b2366932bc826bdbfe91b811376e3a9215571be340

Family

AgentTesla


(7)

Sender ip

159.65.165.216

From

"RAVINDRA.G <Info@806.mxsen.ml>"

Subject

"RE: URGENT REQUEST FOR QUOTATION"

Attachment

"IMG_103_65_070501.R01"

MD5

8a4170e9c0af3494d6001420174abef3

SHA256

d1131005b486989f2ab79910b9f98ce93cd661df498690e0dec257fc53fee9e5

Family

Loki


(8)

Sender ip

159.89.149.33

From

"sajjad@afzalmachinery.com"

Subject

"RE:RE:RE: Cash_receipt IP77108 29_04_21"

Attachment

"Cash_receipt IP77108 29_04_21.r00"

MD5

1f69c0238555c4eebf0b0bb1db28c67c

SHA256

34a3973cf82398eeae686354462ac51831d68601e75058dbd19e65cb3d8b5083

Family

AgentTesla


(9)

Sender ip

45.137.22.89

From

"Batbileg Jarantai" <EXPRESS_ADG@ismarine.com.tr>"

Subject

"Fw: SWIFT Payment 20201102 - TC -ref:00D208FT"

Attachment

"SWIFT Payment 20201229 - TC -ref00D208FT.pif.zip"

MD5

e7b4a29217bfaa3093e818da3c562516

SHA256

8b3474d5fdf9c464167e26a88e9a25988fa784998126a17b654099990c463fb0

Family

AgentTesla


(10)

Sender ip

185.121.120.135

From

"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <sales@besmed.com>"

Subject

"RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"

Attachment

"FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"

MD5

20a0c9a3206e37f988f7cbbeea3ce379

SHA256

97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f

Family

AgentTesla


(11)

Sender ip

103.138.109.241

From

"GARY Lui <gary@trinitycargolink.com>"

Subject

"RE: URGENT CUSTOMER REQUEST"

Attachment

"customer request.zip"

MD5

f2e2a5e7b6c40099a2273b82d91f16f0

SHA256

21119701ccacb20e0c3699fb891f270c52a83620e571b866d6faaed50ebb08ad

Family

AgentTesla


(12)

Sender ip

45.143.147.194

From

"Hamza Yildirim <info@macitmakina.com.tr>"

Subject

"RE: Fattura proforma-700004616 Proforma Invoice-700004616"

Attachment

"attachments.zip"

MD5

c69b8e1ed7ae8fcf57764ec0f425c74f

SHA256

120107376a7e45f33b145bd467e32fb2dfdc8153f8b98709e172214b22fac949

Family

AgentTesla


(13)

Sender ip

45.137.22.36

From

"<stephen.chan@groupm.com>"

Subject

"RE:Payment Status"

Attachment

"deposit payment.7z"

MD5

08338b49e2287e549e346962c66db97f

SHA256

ce853ffcdf19be7ce79c98ac13679764072cbe84a59e9c33bcee8d66bc1e810b

Family

NanoCore


(14)

Sender ip

103.133.105.111

From

"Christin Hsu <sales@advancelithium.com>"

Subject

"REQUEST FOR QUOTATION 1307-RFQ"

Attachment

"REQUEST FOR QUOTATION 1307-RFQ.pdf.gz"

MD5

82b6af8a9779e01450949f603eafc03b

SHA256

1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356

Family

Formbook


(15)

Sender ip

103.133.105.111

From

"Christin Hsu <sales@advancelithium.com>"

Subject

"REQUEST FOR QUOTATION 1307-RFQ"

Attachment

"REQUEST FOR QUOTATION 1307-RFQ.pdf.gz"

MD5

82b6af8a9779e01450949f603eafc03b

SHA256

1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356

Family

Formbook


(16)

Sender ip

203.159.80.162

From

"Mohammed Hanif <manager@gcacorperationllc.com>"

Subject

"(NGCP) Pipeline PROJECT - TA-725638 - DK-RH-HRDH - HEADER PLATFORM TYPE 1-16-47M_MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION"

Attachment

"NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM TYPE 1 16 47M MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION.zip"

MD5

451e1961c98b3de200fdcbea973e581f

SHA256

ce02df6efd44cd96e96967e5ea71101f5590ec377bc87d916cff96824ad5e571

Family

Unknown


(17)

Sender ip

138.68.55.226

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@819.mxsen.ml>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"DHL CONSIGNMENT NOTIFICATION_pdf.rar"

MD5

ba175623e54c56e6c667c8fae0a967bd

SHA256

37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2

Family

SnakeKeylogger


(18)

Sender ip

138.68.55.226

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@819.mxsen.ml>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"DHL CONSIGNMENT NOTIFICATION_pdf.rar"

MD5

ba175623e54c56e6c667c8fae0a967bd

SHA256

37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2

Family

SnakeKeylogger



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021