Phishing Attacks 9_4_2021

 



 

(1)

Sender ip

198.251.79.161

From

ANTONIO ARROYO <antonio.arroyo@corcimex.com>

Subject

"RE: pago vencido de febrero y marzo#"

Attachment

factura y datos bancarios.PDF.gz

MD5

f15b5a7477de1c76c07bfb663a18b9ea

SHA256

d1b60d42905403b55d38925a4a763f0d6a276398d7e64708bb7620ef87be755e

Family

Unknown

 

 

(2)

Sender ip

185.222.57.157

From

pragun@sge.com.np

Subject

RE:Payment advice for SN 951606

Attachment

HSBc20210216B1.r15

MD5

ce0ade3f4ac1896aa4b3bf4e594425df

SHA256

1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960

Family

AgentTesla

 

(3)

 

Sender ip

45.133.1.7

From

=?UTF-8?B?VGluYcKgV3U=?= <ttiknas@toprak.com.tr>

Subject

ORDER INQUIRY--2021-09_HG546092227865431209"

Attachment

"HG546092227865431209.zip"

MD5

7697979445b8646a53643e2350199e6a

SHA256

be7889543fa07986da573244f8f49a8efae08f00de973b6db391a70c13d506e0

Family

Formbook

 

(4)

 

Sender ip

147.135.107.116

From

<sales@duprexoffshore.com>

Subject

Payment/Shipment Schedule

Attachment

SHIPMENT SCHEDULE 1.rar"

MD5

f2e91f93f7aa90f7b8986ce2024f2a15

SHA256

877c6b29274ce79bc4822483496d1738bd7c2874ae1dc5b8413607c9b803284f

Family

Formbook

 

 

(5)

Sender ip

45.137.22.138

From

Roy Asghar <saslam@pseb.org.pk>

Subject

=?UTF-8?B?UmU6IOWbnuWkje+8mlB1cmNoYXNlIE9yZGVy?=

Attachment

Purchase Order.gz

MD5

0d40d197829a01905bbb2146249ea312

SHA256

1143cfbb509c601ee50b6be91a17576f8f500efe37ce10e35d7101ab54044a9d

Family

Formbook

 

(6)

Sender ip

185.222.57.90

From

Vimal Chauhan <sales@grannysspices.in>

Subject

Fwd: GS_ PO NO.186/2021

Attachment

GS_ PO NO.1862021.zip

MD5

3a248b62db6f0410505ecd8ea5ef782c

SHA256

756a11d9c48d7f6a4cae072e41f3a1c7ad82ad305863177339d1a9532d2a9916

Family

AgentTesla

 

(7)

Sender ip

46.183.220.67

From

sales<sale.sg@bruker.com

Subject

#2345#Quotation for items list from bruker singapore Agents

Attachment

PO#12456_FROM YHI (VIETNAM) CO., LTD#.tar.gz

MD5

43945fd1772dbb787dfb5ae77c32b3d4

SHA256

ff6ac57f7c624342de64f7e46dfceb2a2e0068a719c06cda45a6d6a7964253ed

Family

Unknown

 

 

 

 

 

 

 

(8)

Sender ip

147.135.107.116

From

<info@raamtel.in>

Subject

Sales Invoice

Attachment

Sales Invoice NO CN 6739.ra

MD5

a7061eb99c3f71c5065d73cb76988be1

SHA256

0a1d12cfd7f3a2bda8aa6b6ba3311aada3eb5e4b5341b272977a7857f3d399fd

Family

Formbook

 

 

(9)

Sender ip

103.99.1.146

From

WANG Michelle <TPE.MWENG@cma-cgm.com>

Subject

RE: (松進) 04/01 - BL-1只超重櫃 - CMA CGM SHIPMENT V. 0PP93E1MA - CNTR#GLDU7267089

Attachment

CNTR-NO-GLDU7267089.zip

MD5

0ea5f63aed741c625376926f7e5aeffc

SHA256

5ba347c6b668220025390cf668a425c48129ff96d548f62b19a6db1932eeec16

Family

Formbook

 

 

 

(10)

Sender ip

146.66.121.65

From

Rediff | KYC | Billing <rediff011@gmail.com>

Subject

Your request has been processed! |50900032022|

Attachment

BILL - APRIL KYC.xlsx

MD5

41c32e1f631c5df43d53272afa7366f5

SHA256

efd483306bfd25e18255bb639b5cc577b67fa15dbd50cd16cb9edb31fccb42c4

Family

AgentTesla

 

 

 

(11)

Sender ip

45.144.225.201

From

Michael Han" <sales12@ceaworld.com>

Subject

RE: Proforma Invoice No. AD1-2001028L, Packing List and Commercial Invoice for Urgent Shipment

Attachment

Shipping Documents.ace

MD5

4395c82903e0ae06dcfeed6a5a93c484

SHA256

7ae6bb161b226f96118ed466ba318bb5b63f18a02195daebdf45be3b551cd504

Family

AgentTesla

 

 

(12)

Sender ip

187.217.245.25

From

Ideal Glass & Aluminium Works Sdn. Bhd.<emma.linderothh@dhl.com>

Subject

Purchase Order (Ref. IGA/PO/17493)

Attachment

Ref. PDF IGAPO17493.r07

MD5

867f5ff212f0698e76cab9f9152731f9

SHA256

9664c1d1ad01ca49f8cbad4d2551013683fd2e267b16351068bd9c750a4dcb78

Family

Formbook

Family

AgentTesla

 

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware