Phishing Attacks 8_4_2021

 




(1)

Sender ip

192.249.126.31

From

mail@policelife.com

Subject

EMERGENCY REPORT

Attachment

Download Report.08.04.2021.pdf.iso

MD5

98e3f0cfa4bd3db39bf04d0487aaf4a9

SHA256

fd864cf6ad8d6c05001173d47674c76fc1d9bc92f47b03dbdea5077f04a132af

Family

AgentTesla

 

(2)

 

Sender ip

93.125.22.95

From

pegas-1961@mail.ru

Subject

"=?UTF-8?Q?RE=3A_=D0=B1=D0=B0=D0=BD=D0=BA=D0=BE=D0=B2=D1=81=D0=BA?= =?UTF-8?Q?=D0=B8=D0=B9_=D0=BF=D0=B5=D1=80=D0=B5=D0=B2=D0=BE=D0=B4?="

Attachment

"банковский перевод pdf.zip"

MD5

7d12b3f345b5a69c742a0ff9d356a855

SHA256

1f1787cae61d24e9c6ad9baa35219d66b2c67973d43286b44cd07b5673d4bd62

Family

Formbook

 

(3)

 

Sender ip

45.156.22.105

From

DHL Express<invoicequerys@dhl.com>

Subject

DHL Notification

Attachment

DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.arj

MD5

29a96632486950aed0800ebca0d71dda

SHA256

0611a407032cc160fd80bdadb7ffc3fdd2fd3a09fc31e2fd263624e0e7e6dd74

Family

AgentTesla

 

(4)

 

Sender ip

162.243.248.181

From

Nadir Dzananovic <office@marathon.co.rs>

Subject

Re: Re: bank transfer

Attachment

bank transfer.zip

MD5

6fc825a2f69349ddfc1e2a3f0465a0b7

SHA256

bd1316770c43fd3c9ca43f4035759f7dbf138c11a4e23effdf97201a8cf06548

Family

Formbook

 

 

(5)

Sender ip

75.119.154.209

From

Dhl Customer Support <mail@orderissued.xyz>

Subject

Delivery Failed

Attachment

Attachment.iso

MD5

4b01efab6972b7898af7e0eb62716a77

SHA256

24f4cf4250300c826fb80e2aebdd9e413f56d9ec5eda5fd5214e4dad9b517002

Family

RemcosRAT

 

(6)

Sender ip

208.109.80.58

From

Francisco Rico - Cobra Sales <info@psicoalcala.es>

Subject

Requesting A Quote

Attachment

Product List.gz

MD5

1de9cd0cbc1f665b959ddb33b84a2d9a

SHA256

c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8

Family

Unknown

 

 

 

 

(7)

Sender ip

162.144.38.36

From

PAY-U INT'L <sales9@oxy99.in>

Subject

PLEASE CONFIRM

Attachment

Message Body.img

MD5

11f774864744cbb5beccc117fe1204df

SHA256

7bd2e15ff319a761b48a511bcd7d8be41c8dcf2062183eb04dd03e78271113f6

Family

SnakeKeylogger

 

 

(8)

Sender ip

153.120.2.71

From

ahmad.khalil<mouhanaestryd@awalnet.net.sa>

Subject

New Tender RFQ OIL AND GAS TOOLS ADNOC PROJECT ABU DUBAI

Attachment

RFQ 100400806 SUPPLY.rar

MD5

df93940b230c4b7b1b101d583af18a2a

SHA256

5df1f0723ebb4f9000fcdc74fba201ec310139daff5a49543aa7bd3d43a8d70a

Family

SnakeKeylogger

 

 

 

(9)

Sender ip

80.68.177.43

From

Silvio Mazzocchetti <SMazzocchetti@ccsol.it>

Subject

Richiesta offerta / PRICE REQUEST

Attachment

OF556701.rar

MD5

2c74c8be2a4b36a91488b2ba3823f4ba

SHA256

6e9dcfdfe8a25d805c4bdc6e90f4cb9e32db3eeec568e3a999d8aee6a6a59a25

Family

Formbook

 

 

(10)

Sender ip

213.178.225.26

From

Gerald Howard <legal@moj.gov.sy>

Subject

INVOICE#ZQUNMVBSA

Attachment

ZQUNMVBSA.iso

MD5

f227d4cddbb3778b3585eb55301e2db2

SHA256

3b1717576370b4b032358b6b0a240217b45cacfa073508d80551647bb98fc063

Family

Vjw0rm

 

 

 

(11)

Sender ip

195.130.35.141

From

SRZ Rosario Corpa <rosario.corpa@ctransbolivia.com>

Subject

Nuevo orden

Attachment

Nuevo orden.zip

MD5

0cf319aac338858bb795606331b59d75

SHA256

c0ad412c53c697c92a3924e2532c2df0daf553e4d29175a97685e5dd2b3fe86e

Family

Formbook

 

(12)

Sender ip

187.217.245.25

From

Ideal Glass & Aluminium Works Sdn. Bhd.<emma.linderothh@dhl.com>

Subject

Purchase Order (Ref. IGA/PO/17493)

Attachment

Ref. PDF IGAPO17493.r07

MD5

867f5ff212f0698e76cab9f9152731f9

SHA256

9664c1d1ad01ca49f8cbad4d2551013683fd2e267b16351068bd9c750a4dcb78

Family

Formbook

 

 

 

 

(13)

Sender ip

109.232.221.141

From

DIXIT PATEL <info@advanceenterprise.in>

Subject

DIXIT PATEL <info@advanceenterprise.in>

Attachment

PO_NO.04-PRFTMUM210040.rar

MD5

09eee000f8d657796133b1d8c2e48247

SHA256

4db678a2cd9ba44f203c227024f2593a72cba91547a98788b121cff4903a7f2d

Family

Formbook

 

(14)

Sender ip

103.224.90.79

From

CETAL S.A.S. <contact@cetal.fr>

Subject

Richiesta di approvvigionamento

Attachment

PANORAMICA,pdf.iso

MD5

b0577e1e1c46ceeb64e62e4daed736e8

SHA256

9e7a8a6c07e77262159f6dc36632483692622e87f28aaf88d1da9336a33a8b4c

Family

SnakeKeylogger

 

 

 

 

 

(15)

Sender ip

167.99.105.80

From

"Logistics" <filmfiend@hanmail.net>

Subject

PO-RFQ # 097663899 NEW ORDER

Attachment

PO-RFQ 097663899 pdf .arj

MD5

ef0dc34ab28b3df30c25bbff400bd933

SHA256

f1bded88e9f7f34404fad5edf5b31b0ea7963b0b46a022d88f6eb4f3f7ab88b2

Family

Formbook

 

 

(16)

Sender ip

46.183.220.67

From

"sales<sale.sg@bruker.com>"

Subject

"#2345#Quotation for items list from bruker singapore Agents"

Attachment

"RE ITEM LIST.tar.gz"

MD5

98a65554a1c42005cfc3e3da661ddf66

SHA256

7a46a140079d1aa5b990531124c02994ff215004b12972b17d335bff5d4392dc

Family

AgentTesla

 

 

 

 

(17)

Sender ip

84.38.132.48

From

"Sandeep Gill" <accounts@gpbosch.com>"

Subject

"P/O"

Attachment

"P.O.rar"

MD5

481dbdc9b61bd7d35619bd2880397a7b

SHA256

cc4dab5542656e539e657ab6fe51c2a3f8299ece4098ead869ef1240526d367d

Family

AgentTesla

 

 

(18)

Sender ip

147.135.107.116

From

"<tony@excelpumps.co.uk>"

Subject

"Complete Certificate"

Attachment

"Complete Certificate.rar"

MD5

c8295cff73febab169fd24fa7a4c3425

SHA256

e0fcd83ffe9c39aebfa2e17d6bc7f76c3f8d06dcfed3bc3b753e8d436e09296f

Family

Formbook

 

 

 

(19)

Sender ip

180.214.239.97

From

Sunny Nie "<sales1@lekingwellness.net>

Subject

"Swift Copy"

Attachment

"Swift_Copy.rar"

MD5

b9a2581d013f7f25800e1f43747c8297

SHA256

390a81f1e882ad6f32a370f1bd4db3804d88567537f77457f1584a2c090e3dc4

Family

AgentTesla

 

(20)

Sender ip

103.82.24.104

From

Mr T.C. Lee/Choon Lian <trenwa84@singnet.com.sg>

Subject

REQUEST FOR QUOTATION FOR APRIL PRODUCTION

Attachment

TrenwaTradingPteLtd_AprilOrder_76012320.img

MD5

9ccf63827ec1a278c9ebd380e87daed6

SHA256

865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b

Family

AgentTesla

 

 

 

 

(21)

Sender ip

45.156.25.122

From

DHL Express<invoicequerys@dhl.com>

Subject

DHL Notification CBJ190517000131

Attachment

DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.arj

MD5

1ac9c130816d892b9e6a3871d613490e

SHA256

eb1d17b5d5fafb0920df971b1770aa86a509b7fbfa1c4ae3167b7c818758542d

Family

AgentTesla

 

(22)

Sender ip

185.249.199.79

From

Banca Comerciala Romana (BCR) <noreply@banca.com>

Subject

Confirmarea platii

Attachment

Confirmarea platii.pdf.ace

MD5

12d773108d84462fa85d5b911fdfc485

SHA256

d2c63dec41084df02addb40a690b31560d0d6b0e7f53a89d48a031b660e578ff

Family

AZORult

 

 

 

 

(23)

Sender ip

220.181.97.110

From

网站用 <sales@forbetter.cn>

Subject

RE: 19 Design for Quotation

Attachment

Photo.jpeg.img

MD5

0ab77f9d3d9d2c4fed40d3ee5b27e52d

SHA256

0f3af330eba5ea99326fad54ce9bea4d488d4e8ea721b56ceeab821137b9ad9b

Family

Formbook

 

(24)

Sender ip

78.30.254.44

From

Sales Manager <pmo@sevstar.net>

Subject

RE: 19 Design for Quotation

Attachment

"Quotation-4834898943949883.pdf.img"

MD5

bf8539ab48628dc7c5d699c2bc547d30

SHA256

6d80992a7b55b7e4555b5feb8b147cca18af1b154f23cef56aa21b0eec592b7b

Family

Formbook

 

 

 

 

 

(25)

Sender ip

23.254.229.17

From

DHL EXPRESS <import@cantera.xyz>

Subject

Shipment arrival notice

Attachment

Shioment Reciept.img

MD5

121a63915bcc804c5eff4df1bcb7f8ff

SHA256

9de3cd4ba640638f9613577ca2ec57ecef43ca481ada26df76cd38a0ad151e07

Family

Unknown

 

 

(26)

Sender ip

45.137.22.138

From

Roy Asghar <saslam@pseb.org.pk>

Subject

Re: 回复:Purchase Order

Attachment

PO.r00

MD5

a8a0cccebde4643cf5cdc950667fff84

SHA256

b448525900ab58d81ddfa0f0901d009503ddae60f8dcfe5270afc0b324ff3068

Family

Formbook

 

 

 

 

(27)

Sender ip

45.156.25.122

From

DHL Express<invoicequerys@dhl.com>

Subject

DHL Notification

Attachment

DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.arj

MD5

14ca4d229b227fddaa9ff403409eddca

SHA256

e48000bb4488cf61c74433f126a26c0f556a4a059524436029c6f372fa8d1157

Family

AgentTesla

 

 

(28)

Sender ip

185.121.120.165

From

Chunhua Biyu<postmaster@seasonmedical.co >

Subject

Export department:sales inquiry

Attachment

Quotation.zip

MD5

dfc61d7aa5d2f2d7bf68a08749d39324

SHA256

5bd732ff0414ba8034f553e571b6f2cbeafeeae28c552b364e7ffc49854163cf

Family

Formbook

 

 

 

(29)

Sender ip

74.6.133.228

From

Emad Salah <chrisdolas@yahoo.com>

Subject

Re: Re: New Purchase Order

Attachment

08042021New-PurchaseOrder.zip

MD5

139c6698ef6fe0b516141ef2ff2e2a33

SHA256

b3bc65bad2802d4d9e30fc08c245143998f32193521d347c406946cf6edc8b9a

Family

AgentTesla

 

 

(30)

Sender ip

23.254.229.53

From

DHL EXPRESS <delivery@dhlexpress.icu>

Subject

Shipment arrival notice

Attachment

shipping reciept.img

MD5

2a5104e22741c5e4e337aeba9beed4aa

SHA256

43ef0ef20029ecbeae07e496c57fa261aa27753e9450c405c92b68e05a74de29

Family

RemcosRAT

 

 

 

 

(31)

Sender ip

185.222.57.244

From

t.efremova@lidkon.by

Subject

QUOTE REQUEST

Attachment

PRODUCT_INQUIRY_PO_0009044_PDF.rar

MD5

de953dc61a6284efc33416822d675f02

SHA256

5e5b30bd0c14d47be60777b5abae640193b3adb1a1a3310c81c91aab2fac4b74

Family

SnakeKeylogger

 

(32)

Sender ip

37.152.93.84

From

Marko Gasic 2CL <info@dehonbv.nl>

Subject

Betaling advies

Attachment

Betaling_advies.iso

MD5

cf8973d403a8e2b5454ade61ed9bd4e2

SHA256

77e0c6a1e399f1c6ca9ef8fe18c7d9adb2996d979cabc68b5fbd48e17c0d3281

Family

Formbook

 

 

 

 

 

(33)

Sender ip

47.43.20.33

From

Amazon.com <tamhes@charter.net>

Subject

Your Amazon.com order #D01-9237793-8041853

Attachment

order-invoice-amazon-D01-9237793-8041853.DOCX.iso

MD5

9349d3f015a6ad0321b2f975d2987e1b

SHA256

2ce1829e18c3e38344bd6493db7a9bac7e3c9b49b8617c06d948b410dba31afe

Family

AsyncRAT

 

(34)

Sender ip

180.214.239.97

From

Sunny Nie "<sales1@lekingwellness.net>

Subject

Payment

Attachment

Payment _Advice (2).rar

MD5

ddd3db1fb03ecbcbb8256d0e7e457be5

SHA256

27095e0485ad91d2e8a2a2393c92f534f12b8f51372f9aef49f60ab91cefb861

Family

AgentTesla

 

 

 

 

(35)

Sender ip

185.222.57.157

From

"rashed@sumaco.ae"

Subject

RE:Request to URGENT REQUIREMENT!

Attachment

quotation.BZ2

MD5

8daedbd05aae05f259412b8fe284a102

SHA256

deaa5eafbe2d44e10b2570720113db086ce5af460ec573530bb8b00716f8f87a

Family

AgentTesla

 

 

(36)

Sender ip

185.222.57.216

From

kanya@cam-asean.com

Subject

Material dispatch details against your purchase order

Attachment

dispatch details.r00

MD5

6f7d2f141c2f600b1aca1f5fa9523898

SHA256

ec4cdc6c30b24171ed2427be8b77ceab3700a362536121d840c5620b79127908

Family

AgentTesla

 

 

 

 

(37)

Sender ip

180.214.239.97

From

Sunny Nie "<sales1@lekingwellness.net>

Subject

"SWIFT "

Attachment

"SWIFT.rar"

MD5

c1c1fc19ed3bba5127d300763ccfae7a

SHA256

ea2eb1dc943ae921cfe56c746bd5a24bd17ddf96f6f15595c4359044949a4464

Family

AgentTesla

 

(38)

Sender ip

185.222.57.171

From

kadircanatabek@hotmail.com

Subject

Invoice_893454

Attachment

SER09090899.Z

MD5

110b0f39b79fec17e3788bc0846071fb

SHA256

08ff8c346bc1528bb6bb9529b2b6403700616adb227e23998c4d8eb052231c30

Family

SnakeKeylogger

 

 

 

 

(39)

Sender ip

198.251.79.161

From

ANTONIO ARROYO <antonio.arroyo@corcimex.com>

Subject

RE: pago vencido de febrero y marzo#

Attachment

factura y datos bancarios.PDF.gz

MD5

ac290a6b06397cb40d1c7cb64379d345

SHA256

e03b5dabcbcc2bb1086dda3357f5c27ddd4de6a7cd4c85a4b0b85a5ee6fc9f0e

Family

AgentTesla

 

(40)

Sender ip

185.222.57.200

From

Marcus.Abraham<Marcus.Abraham@Ctscp.com>

Subject

FW: Invoice No. 36791 (CTE03)

Attachment

Invoice 36791 - CTE03.pdf.ace

MD5

154ffc89476b194d2660c0dc6c36b460

SHA256

f77e97a4e79b4d143ff3fb650ecc0dc2632039ccb354f0852740a7414d80306c

Family

AgentTesla

 

 

 

 

(41)

Sender ip

188.166.179.168

From

DAON TRADING AND LOGISTICS CO., LTD." <Jenniferle@daontnl.com>

Subject

Re: Shipping Advise on 18th April 2021

Attachment

Shipping Documents.xlsx

MD5

ab599dc3956c9e72ad6187bca6d7d783

SHA256

ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3

Family

Formbook

 

(42)

Sender ip

168.95.6.59

From

Green.ERA Trading <Green.era7445@msa.hinet.net>

Subject

new order

Attachment

DYANAMIC Inquiry.xlsx

MD5

7590f977659a5cd174b0000a2530cd34

SHA256

df2d5a069d3e4a4516b14d6a64f6ec16e433cf883556ae1429d1e35c65ffe65f

Family

Formbook

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH...
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z" ...
Read more

Phishing Attacks 15_12_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 37.0.10.173 From "Mona Bharti <m.bhart@frigel.com>" Subject "Purchase Order 1212200205_PR21220055" Attachment "Purchase Order 1212200205_PR21220055.zip" MD5 5e1c9b4e130a7a9bb68ed6e6f414ff20 SHA256 0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .          (2) Sender ip 45.137.22.181 From "ajay.katoch@unilever.com" Subject "RE: invoice & packing list for shipping order no. 411301" Attachment ...
Read more