Phishing Attacks 30_4_2021

 




(1)

Sender ip

185.222.57.157

From

"overseas@accountant.com"

Subject

"RE: bank details"

Attachment

"invoice.r00"

MD5

694146ebade22848a1fe843e4eb31c89

SHA256

022a5fc68d11d26683f80764a574fcee93eff48f535cbe24ec1e391dc5a0f6c2

Family

AgentTesla

 


(2)

Sender ip

37.49.225.172

From

"<dengkun@sunda.com>"

Subject

"Inquiry for Tile"

Attachment

"quotation list.zip"

MD5

0600b806027180acb0be2e1472927b65

SHA256

ad85e7e53c80c6603c55485f3e08c5ffe783de8c9fd2fbd5c6437c8c7333c19b

Family

AgentTesla

 

(3)

 

Sender ip

185.121.120.135

From

"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <sales@besmed.com>"

Subject

"RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"

Attachment

"FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"

MD5

5568c7156240d414a774d0b2c32b4b31

SHA256

8050cdb57cf3d39abc295033fe7764033b2a75ed3ced9684f83b09a8cea96ab3

Family

AgentTesla

 


(4)

 

Sender ip

45.143.147.194

From

"Jenny Zang <jianggh@yueshengvn.com>"

Subject

"Re: Copy of the Invoice 02/2021"

Attachment

"Copy of the Invoice 022021.pdf.zip"

MD5

323b85a635bcf4bea3736799390cd9ec

SHA256

05f3ab67f2a2976dd6c879669977569190c44613959d37ad60e576f7ad34525c

Family

AgentTesla

 

(5)

Sender ip

45.143.147.194

From

"Jenny Zang <jianggh@yueshengvn.com>"

Subject

"Re: Copy of the Invoice 02/2021"

Attachment

"Copy of the Invoice 022021.pdf.rar"

MD5

778490a475d48f5ad510c03e027244b3

SHA256

e2b2a24e169ca0494983da86a23bae5724d115e03fdc31fe84af6cb0222f52d9

Family

AgentTesla

 

(6)

Sender ip

103.99.1.147

From

"=?UTF-8?B?Iuimg+WGsOWGsCI=?= <shzhxn.sales7@xinning.com.cn>"

Subject

"=?UTF-8?B?UkXkuK3muK/orqLovaY0LzMwIOW3tOilvzYxTTLlkozlt7Topb82MUsy5ou86L2mIChDYXJwb29saW5nIGluIENoaW5hIGFuZCBIb25nIEtvbmcgNC8zMCBCcmF6aWwgNjFNMiBhbmQgQnJhemlsIDYxSzIgQ2FycG9vbCk=?="

Attachment

"1 1500 4.30巴西61K2和巴西61M2车中港订车.xls.rar"

MD5

6bfa2a7892b9a6678ac6e57b390b7c46

SHA256

ac2920d92671cc53fb3264b2366932bc826bdbfe91b811376e3a9215571be340

Family

AgentTesla


(7)

Sender ip

159.65.165.216

From

"RAVINDRA.G <Info@806.mxsen.ml>"

Subject

"RE: URGENT REQUEST FOR QUOTATION"

Attachment

"IMG_103_65_070501.R01"

MD5

8a4170e9c0af3494d6001420174abef3

SHA256

d1131005b486989f2ab79910b9f98ce93cd661df498690e0dec257fc53fee9e5

Family

Loki


(8)

Sender ip

159.89.149.33

From

"sajjad@afzalmachinery.com"

Subject

"RE:RE:RE: Cash_receipt IP77108 29_04_21"

Attachment

"Cash_receipt IP77108 29_04_21.r00"

MD5

1f69c0238555c4eebf0b0bb1db28c67c

SHA256

34a3973cf82398eeae686354462ac51831d68601e75058dbd19e65cb3d8b5083

Family

AgentTesla


(9)

Sender ip

45.137.22.89

From

"Batbileg Jarantai" <EXPRESS_ADG@ismarine.com.tr>"

Subject

"Fw: SWIFT Payment 20201102 - TC -ref:00D208FT"

Attachment

"SWIFT Payment 20201229 - TC -ref00D208FT.pif.zip"

MD5

e7b4a29217bfaa3093e818da3c562516

SHA256

8b3474d5fdf9c464167e26a88e9a25988fa784998126a17b654099990c463fb0

Family

AgentTesla


(10)

Sender ip

185.121.120.135

From

"=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <sales@besmed.com>"

Subject

"RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"

Attachment

"FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"

MD5

20a0c9a3206e37f988f7cbbeea3ce379

SHA256

97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f

Family

AgentTesla


(11)

Sender ip

103.138.109.241

From

"GARY Lui <gary@trinitycargolink.com>"

Subject

"RE: URGENT CUSTOMER REQUEST"

Attachment

"customer request.zip"

MD5

f2e2a5e7b6c40099a2273b82d91f16f0

SHA256

21119701ccacb20e0c3699fb891f270c52a83620e571b866d6faaed50ebb08ad

Family

AgentTesla


(12)

Sender ip

45.143.147.194

From

"Hamza Yildirim <info@macitmakina.com.tr>"

Subject

"RE: Fattura proforma-700004616 Proforma Invoice-700004616"

Attachment

"attachments.zip"

MD5

c69b8e1ed7ae8fcf57764ec0f425c74f

SHA256

120107376a7e45f33b145bd467e32fb2dfdc8153f8b98709e172214b22fac949

Family

AgentTesla


(13)

Sender ip

45.137.22.36

From

"<stephen.chan@groupm.com>"

Subject

"RE:Payment Status"

Attachment

"deposit payment.7z"

MD5

08338b49e2287e549e346962c66db97f

SHA256

ce853ffcdf19be7ce79c98ac13679764072cbe84a59e9c33bcee8d66bc1e810b

Family

NanoCore


(14)

Sender ip

103.133.105.111

From

"Christin Hsu <sales@advancelithium.com>"

Subject

"REQUEST FOR QUOTATION 1307-RFQ"

Attachment

"REQUEST FOR QUOTATION 1307-RFQ.pdf.gz"

MD5

82b6af8a9779e01450949f603eafc03b

SHA256

1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356

Family

Formbook


(15)

Sender ip

103.133.105.111

From

"Christin Hsu <sales@advancelithium.com>"

Subject

"REQUEST FOR QUOTATION 1307-RFQ"

Attachment

"REQUEST FOR QUOTATION 1307-RFQ.pdf.gz"

MD5

82b6af8a9779e01450949f603eafc03b

SHA256

1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356

Family

Formbook


(16)

Sender ip

203.159.80.162

From

"Mohammed Hanif <manager@gcacorperationllc.com>"

Subject

"(NGCP) Pipeline PROJECT - TA-725638 - DK-RH-HRDH - HEADER PLATFORM TYPE 1-16-47M_MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION"

Attachment

"NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM TYPE 1 16 47M MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION.zip"

MD5

451e1961c98b3de200fdcbea973e581f

SHA256

ce02df6efd44cd96e96967e5ea71101f5590ec377bc87d916cff96824ad5e571

Family

Unknown


(17)

Sender ip

138.68.55.226

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@819.mxsen.ml>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"DHL CONSIGNMENT NOTIFICATION_pdf.rar"

MD5

ba175623e54c56e6c667c8fae0a967bd

SHA256

37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2

Family

SnakeKeylogger


(18)

Sender ip

138.68.55.226

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@819.mxsen.ml>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"DHL CONSIGNMENT NOTIFICATION_pdf.rar"

MD5

ba175623e54c56e6c667c8fae0a967bd

SHA256

37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2

Family

SnakeKeylogger


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z"
Read more