Phishing Attacks 17_5_2021
(1)
|
Sender ip |
103.133.106.100 |
|
From |
"Sofien Ben
Jemaa<info@probona.com.tr>" |
|
Subject |
"Original Documents" |
|
Attachment |
"BL.zip" |
|
MD5 |
6487f113dda7b69b9404d218d525fbf2 |
|
SHA256 |
73f765a9c4713b8047fe5f71e0bd38426f230df062b6e291990dffe6e0836ba8 |
|
Family |
AgentTesla |
(2)
|
Sender ip |
103.139.44.91 |
|
From |
"Wang Fang
<boris.zhang@sailuntire.com>" |
|
Subject |
"NEW ORDER #745332" |
|
Attachment |
"NEW ORDER #745332.rar" |
|
MD5 |
b1b481f73161a2306815df887dc32f03 |
|
SHA256 |
8bf61f9efba8f27282e3bb4d0e3661260ce5c265c27630878b64aa138a1adc68 |
|
Family |
AgentTesla |
(3)
|
Sender ip |
45.143.147.194 |
|
From |
"Asako
Kato<muranaka@tsuruga.co.jp>" |
|
Subject |
"=?UTF-8?B?UkU65L6h5qC86KaL56mN44KK44Gu6KaB5rGCLee3iuaApSAtIFJFUVVFU1QgRk9SIFBSSUNFIFFVT1RFIC0gVVJHRU5U?=" |
|
Attachment |
"REQUEST FOR PRICE QUOTE -
URGENT.pdf.rar" |
|
MD5 |
cecea707f61b1b80461258dc9934cb8d |
|
SHA256 |
3fffb3c52121210995e11b68b6892df762cd11970f9ec2f672f8718fe2cd79ac |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(4)
|
Sender ip |
45.143.147.194 |
|
From |
"Charlotte
Elijah<sales@ata-cargo.com>" |
|
Subject |
"Re: BILL OF LADING 034A522172
QD5D067113 W0675D" |
|
Attachment |
"BILL OF LADING 034A522172
QD5D067113 W0675D.pdf.rar" |
|
MD5 |
81c3e7631b53f76b8891f8e22117be99 |
|
SHA256 |
024322017bb5a492fe31903a9b3ab9558c1ec3d90a91be530e56c65deb8557f4 |
|
Family |
AgentTesla |
(5)
|
Sender ip |
103.139.44.91 |
|
From |
"JIM JONG
<boris.zhang@sailuntire.com>" |
|
Subject |
"NEW ORDER #745332" |
|
Attachment |
"BANK ACCOUNT DETAILS.rar" |
|
MD5 |
9ea862c20a47b2daa19a53bc8a107f48 |
|
SHA256 |
4ae5aed0f715235240633c35dfcec20054974563e6f54ae68743994a981ef5d6 |
|
Family |
AgentTesla |
(6)
|
Sender ip |
45.87.60.140 |
|
From |
"<customerservicehls@pilship.com>" |
|
Subject |
"Shipment // MAWB # 607-20263025/
HM-20210428 HBL | Consignee:lgpartner.ch " |
|
Attachment |
"HBL-20210508 INVOICE.zip" |
|
MD5 |
fe45183de09672557b6c4d693cdc639e |
|
SHA256 |
4126d12dd16659e5659b83bfd878c49d22c08290877b97b9f6574aa207aef55b |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(7)
|
Sender ip |
45.137.22.71 |
|
From |
"Chrissie Tang / Sagebrook
<Chrissie@sagebh.com>" |
|
Subject |
"Shipping documents for order
CSP/BB/21-007 MLM Machinery Co., Ltd." |
|
Attachment |
"Shipping documents for order
CSP/BB/21-007 MLM Machinery Co., Ltd." |
|
MD5 |
59b6697ebf98f5898bb0693e6e75c0bb |
|
SHA256 |
075af03887b18823b3e398fb4f058f6a17241882608378b0cdfe0247cdcb9830 |
|
Family |
SnakeKeylogger |
(8)
|
Sender ip |
45.137.22.71 |
|
From |
"Eby | Valtronics DWC
<eby@valtronics.ae>" |
|
Subject |
"RE: Purchase
Order-070/POR/044127" |
|
Attachment |
"Purchase
Order-070POR044127.r00" |
|
MD5 |
a30be98f50fe10828b04eca5e6febe06 |
|
SHA256 |
26f2fc802dd60b8c1bd8bc7a94e61bdadb5082605b91871399f772ca6379c661 |
|
Family |
Formbook |
(9)
|
Sender ip |
Formbook |
|
From |
"safeer@emirates.net.ae" |
|
Subject |
"RE: RFQ - HOME DELIVERY
LPO" |
|
Attachment |
"LPO-6809.rar" |
|
MD5 |
97f96d9b5d2844d5904250c8f05692d6 |
|
SHA256 |
3376a022f30971a09ee62e83c43594266417cca59f9a1e4907b20065457ce792 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(10)
|
Sender ip |
103.133.108.13 |
|
From |
"Joe of FreGate
HK<joejo@fre-gate.com>" |
|
Subject |
"HBL#FGLLCB00017" |
|
Attachment |
"HBL#FGLLCB00017.exe.xz" |
|
MD5 |
13ca5d178cafdf76e121320c02ba1c0b |
|
SHA256 |
5d6cf1e2a53e38c09af9710200e2be9fc286f5a7ee00dac49f5f82a456b30af3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(11)
|
Sender ip |
178.77.99.30 |
|
From |
"Purchasing Foreman
<tac_purch_01@3acltd.com>" |
|
Subject |
"RE: New PO. I-3ACT-PU-070 rev.01
on May10 2021" |
|
Attachment |
"PO I-3ACT-PU-070
rev.01.zip" |
|
MD5 |
ae5b7dd1f6a5e66f192f1d75f5134596 |
|
SHA256 |
e0dd8bff476b1b88d6ed3ec43cf0d8dd711ab2fb7465561f989fd91cef444ca3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(12)
|
Sender ip |
45.87.60.140 |
|
From |
<customerservicehls@emirates.ae>" |
|
Subject |
"Shipment // MAWB # 607-20263025/
HM-20210428 HBL | Consignee:lgpartner.ch " |
|
Attachment |
"HBL-20210510 INVOICE.zip" |
|
MD5 |
f2039b53a2a8aa0aed12522a45d8aada |
|
SHA256 |
04c9f1b4dbc87aaa1c68c06f21a6b882b1a2de447ffd87fcd0972cb5b13e6c2e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(13)
|
Sender ip |
103.133.106.100 |
|
From |
"Archana THAMBI
<eric@itri.org.tw>" |
|
Subject |
"Swifts" |
|
Attachment |
"Scan 0730.zip" |
|
MD5 |
647c6f3eebf5253b5cc8fe71d5d313d3 |
|
SHA256 |
0944a853b75533a9461ca78df2ed3166eaa8b37ec98b4159c33dbaf375ee431f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(14)
|
Sender ip |
176.31.159.206 |
|
From |
"Sales"<Sales@gmail.com>" |
|
Subject |
"Fwd: Statement of Account" |
|
Attachment |
"Statements.R34.zip" |
|
MD5 |
7560cae8b0b5b6c0febc809223214625 |
|
SHA256 |
cc6c3ddf29c0eb6311f6f83b4beb8efb761667ed12dd103cbb3f7096fc073166 |
|
Family |
Loki |
(15)
|
Sender ip |
103.139.44.91 |
|
From |
"Trinh Huynh Nhu (Ms)
<info@bharatjyotiimpex.com>" |
|
Subject |
"BANK ACCOUNT DETAILS" |
|
Attachment |
"BANK ACCOUNT DETAILS.rar" |
|
MD5 |
e0a5071b1fc5528e9c03aef4c6d31225 |
|
SHA256 |
4f4f6819151dac871b3419d1813627d42e6c167b5d124dd35bd1c18b3d20c7aa |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(16)
|
Sender ip |
103.133.108.13 |
|
From |
"Jang Kyung
Jin<kjjang@smseaair.com>" |
|
Subject |
"BL and debit note" |
|
Attachment |
"BL and debit note.7z" |
|
MD5 |
3538d79d8bed7aaeeb0c1158d2c88c35 |
|
SHA256 |
b8ad65064b956e9d15c5660dd52c9a17374f5023acf0e79722f5b05527b861e6 |
|
Family |
SnakeKeylogger |
(17)
|
Sender ip |
45.137.22.71 |
|
From |
"Eby | Valtronics DWC
<sales1@ssoeonline.com>" |
|
Subject |
"RE: Purchase
Order-070/POR/044127" |
|
Attachment |
"Purchase Order-10764.r00" |
|
MD5 |
fef3e9d2f310c4434e5e608c0ff11f28 |
|
SHA256 |
e3bcedbf544bfd621aabc477374781a27715c69b6a399f9392b4b54e76f3a47d |
|
Family |
Formbook |
(18)
|
Sender ip |
199.10.31.238 |
|
From |
"Deiaa Mohamed T
admin@fasttrackcourierexpress.com" |
|
Subject |
"=?UTF-8?B?4p2XRndkOiBOZXcgb3JkZXI=?=" |
|
Attachment |
"New order.zip" |
|
MD5 |
2d794ede14a2b72762bc2d95c2b38cc9 |
|
SHA256 |
c031dd1d1ef57bdc41821dc77387ef4f3db03defe3e0979e5993456130d03fb9 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(19)
|
Sender ip |
31.210.20.71 |
|
From |
"LIUFEI@WINLUCKY.COM.CN"<LIUFEI@WINLUCKY.COM.CN>" |
|
Subject |
"MV GENCO RESOLUTE/ DISPORT
AGENCY NOMINATION/" |
|
Attachment |
"MV GENCO RESOLUTE VOY 1
DESCRIPTION.zip" |
|
MD5 |
b24bbe39163f85ab5febe60dbc54ffce |
|
SHA256 |
bbe05176a0d58aefdf00b3d58227f923e20d66c140157d2e804c460db6bf73af |
|
Family |
RemcosRAT |
(20)
|
Sender ip |
139.59.20.114 |
|
From |
"Bannerman Rowland
<sales@flateraaker.com>" |
|
Subject |
"RE: Correction of Purchase Order
and Items" |
|
Attachment |
"Revised Purchase Order
#84734.rar" |
|
MD5 |
a62307903bb6a940e3e356074ab8d417 |
|
SHA256 |
a9a5824c4e5d0a76516a250cc684a153a2db671e3fa28b664b4a6d08a7e7967a |
|
Family |
Loki |
(21)
|
Sender ip |
217.25.95.84 |
|
From |
"Abdullah
<sales@rnahindra.com>" |
|
Subject |
"Fw: RE: LPO" |
|
Attachment |
"03.PROJECT.SPM.05.21.rar" |
|
MD5 |
f8528b7af1e2780251c20faac7dd5f15 |
|
SHA256 |
2b3481587107737bb3de429c841ab24d664d592b0de08a87edf09e11e2bd0653 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(22)
|
Sender ip |
31.210.21.118 |
|
From |
"safeer@emirates.net.ae" |
|
Subject |
"FW: Distribution Instructions
PO#975072 from HOMEGOODS" |
|
Attachment |
"LPO-6809.rar" |
|
MD5 |
dcf2a1486856d9ea6687c0b128552b78 |
|
SHA256 |
8eff78d6fcb3902acc848308a2bec0e803c6c4cca746e99d8c72a11f145251a3 |
|
Family |
SnakeKeylogger |
(23)
|
Sender ip |
51.79.250.154 |
|
From |
"<sales@cono.uk>" |
|
Subject |
"CONO QUOTE REQUEST" |
|
Attachment |
"urgent request fro quotation
CONO GROUP LLC DK983746GT.rar" |
|
MD5 |
a59bd068a03dd7c373beedbab0178652 |
|
SHA256 |
e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(24)
|
Sender ip |
103.139.44.91 |
|
From |
"info@gu-stone.com" |
|
Subject |
"DEESTONE 3RD PART PAYMENT AC NO:
4580584268001 USD 23,791.50 QR 87,778.88/-" |
|
Attachment |
"Payment COPY-pdf.gz" |
|
MD5 |
84da6696044045b096bde29087ba9ef0 |
|
SHA256 |
be878f9c37fb752e64f00fa188cbb2e887d38efde990cf9deb47b5023bcb1404 |
|
Family |
Unknown |
(25)
|
Sender ip |
103.139.44.91 |
|
From |
"iris@createfastener.com" |
|
Subject |
"RE: B/L COPY" |
|
Attachment |
"BL COPY-pdf.gz" |
|
MD5 |
156ab7a83a177b7a29b29abebf8beb21 |
|
SHA256 |
fdb715500c562d66e3d9b331603f3535e2d855c10211f3dd268644671244e61e |
|
Family |
Unknown |
(26)
|
Sender ip |
198.244.135.246 |
|
From |
"=?UTF-8?B?U2FudGlhZ28uU2ViYXN0acOhbg==?="
<info@formanters.xyz>" |
|
Subject |
"Purchase Order
/APO-074787648" |
|
Attachment |
"Purchase Order
APO-074787648.zip" |
|
MD5 |
f9b599b641b5dec725cccdf94cc8bbbc |
|
SHA256 |
7dc9da6f7f7dc78da34cb0fd7eb04dde6c09a27581d069bc00cd27c31176b418 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(27)
|
Sender ip |
45.87.60.140 |
|
From |
<customerservicehls@emirates.ae> |
|
Subject |
"Shipment // MAWB # 607-20263025/
HM-20210428 HBL | Consignee:lgpartner.ch " |
|
Attachment |
"HL-88352588 DOCAU BC
ORIGINAL.zip" |
|
MD5 |
40aea6db691f25d67669e3a7d07d5601 |
|
SHA256 |
d67615d4fc67b4506646754ad313c8609b1c47f9d8db6ff256c0d9b6405afd52 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(28)
|
Sender ip |
82.223.17.94 |
|
From |
"Abdulkarim
<Abdulkarim@almarai.com>" |
|
Subject |
"PURCHASE ORDER" |
|
Attachment |
"purchase order.zip" |
|
MD5 |
11bbc515889ba594a337fa0dc078ffe8 |
|
SHA256 |
295c362da762ee9d2a53d7f2cd67256a77ec0e7d94e3e171f7a4569c950f1d8e |
|
Family |
SnakeKeylogger |
(29)
|
Sender ip |
5.39.86.24 |
|
From |
"Citibank"
<noreply@citi.com>" |
|
Subject |
"Swift Copy" |
|
Attachment |
"Swift Copy.rar" |
|
MD5 |
de4611725a8082434c9cf76e83e43f78 |
|
SHA256 |
ba8d833ca8718a927d482316c7c09bc1381c666ce15ebaca13377e556143da23 |
|
Family |
Loki |
(30)
|
Sender ip |
45.137.22.71 |
|
From |
"Cassie (MLM Furniture)
<cassie@mlmfurniture.com>" |
|
Subject |
"RE: PO#6275473, Shipping Order
202139769574, MLM" |
|
Attachment |
"Order 202139769574,.r11" |
|
MD5 |
c69aa7a17235740d5f13ae4f19dc03f4 |
|
SHA256 |
e25d3a5b691cf6189f357f278821b92484c2d013971b28f0782a692e7eaa27c5 |
|
Family |
Formbook |
(31)
|
Sender ip |
45.143.147.194 |
|
From |
"Asako
Kato<muranaka@tsuruga.co.jp>" |
|
Subject |
"=?UTF-8?B?UkU65L6h5qC86KaL56mN44KK44Gu6KaB5rGCLee3iuaApSAtIFJFUVVFU1QgRk9SIFBSSUNFIFFVT1RFIC0gVVJHRU5U?=" |
|
Attachment |
"REQUEST FOR PRICE QUOTE -
URGENT.pdf.zip" |
|
MD5 |
e45c68ff46fcedfcd019fdb875ce209b |
|
SHA256 |
5e5783ed2dac9e02718ca9e83f96c8ab3a51866e3456d5f0d94ea16ef470a547 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(32)
|
Sender ip |
103.139.44.91 |
|
From |
"Ruby
Li"<Ruby.Li@franke.com" |
|
Subject |
"RE Re:statement of account
" |
|
Attachment |
"SOA PDF.rar" |
|
MD5 |
a2e442a805ad3018682a20250ec0d325 |
|
SHA256 |
95821be68f627aa047e696021d92a10a4c5d32e7fc9970a765c20f4e3c33081a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(33)
|
Sender ip |
185.222.57.229 |
|
From |
"sales@covein.com" |
|
Subject |
"RE: Confirm revised invoice to
proceed with payment ASAP" |
|
Attachment |
"proforma invoice.zip" |
|
MD5 |
a5f09ea1fd608ae9bbedac5fa7dfc813 |
|
SHA256 |
f773364cd11c5155ccad0e4d3ed770a0ece02e81a6372f23fc285bdd9f301b0f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(34)
|
Sender ip |
185.121.120.135 |
|
From |
"Gerente de carga de DHL
<pagos.fletes@dhl.com>" |
|
Subject |
"Nueva
=?UTF-8?Q?notificaci=C3=B3n=20de=20env=C3=ADo=20de=20DHL=23?=" |
|
Attachment |
"numero de referencia de los
documentos de envio..gz....pdf" |
|
MD5 |
9c6ce741d5fbc5bc964665b701f0d907 |
|
SHA256 |
18e405748042315362386a7b818630e2c03e995db51cf2351ba70f16adcb7340 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(35)
|
Sender ip |
103.133.108.13 |
|
From |
"Susanne
Kutter<kr@rwheim.de>" |
|
Subject |
"order 39305 - YHC" |
|
Attachment |
"order 39305.rar" |
|
MD5 |
585f0a084f204838af334fd8d68e719b |
|
SHA256 |
2e12db81b88607cff205464998d3aa4a9cf28b6cc3c1454489f2308c4bcecaa1 |
|
Family |
SnakeKeylogger |
(36)
|
Sender ip |
103.139.44.91 |
|
From |
"Caroline Xu (DHL
CN)"<caroline.xuly@dhl.com>" |
|
Subject |
"AW: URGENT: Requesting for
Ningbo overdue payment under your PURCHASE ORDER " |
|
Attachment |
"Ningbo_Overdue_Payments.tar.001" |
|
MD5 |
8b0b2917269b11b28a76deda1ffe8c77 |
|
SHA256 |
4607259e46cab649a7524b5125c854f49c3455b6e9380ae7a4bda3396463dd06 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(37)
|
Sender ip |
103.139.44.91 |
|
From |
"Caroline Xu (DHL
CN)"<caroline.xuly@dhl.com>" |
|
Subject |
"AW: URGENT: Requesting for
Ningbo overdue payment under your PURCHASE ORDER " |
|
Attachment |
"PURCHASE ORDER.tar.001" |
|
MD5 |
17f339e350dd340fd677f63ea0e969da |
|
SHA256 |
89e71ec5e62da140577ac2e98336f6b3138d31a4c39e40231bc815172f64e66c |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(38)
|
Sender ip |
45.143.147.194 |
|
From |
"Jonny
<sales@winmate.com.tw>" |
|
Subject |
"=?UTF-8?B?UkU6IOaKpeS7t+ivt+axgi1SZXF1ZXN0IGZvciBRdW90YXRpb24jIyM0NTA1NTI3MTU2?=" |
|
Attachment |
"Request for Quotation-4505527156.pdf.zip" |
|
MD5 |
05f276b29a8b43b0671885d03674bb63 |
|
SHA256 |
8141f594eaad598e051418a59ce165a9fdf2bd3fb4f446a0db0dd14b88c615c0 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(39)
|
Sender ip |
103.133.108.13 |
|
From |
"MISS Anong
Aunchun<anong@siamkargo.com>" |
|
Subject |
"ADDING April SOA " |
|
Attachment |
"SOA.exe.gz" |
|
MD5 |
5e7580459cac445a3a184eb8142d10a4 |
|
SHA256 |
35cd71e7d1458450929f9791a5293374a52feb45a2c5b2a6c00c5acaca05e4e3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(40)
|
Sender ip |
199.10.31.237 |
|
From |
"Karthikeyan.N
<sgasivendor@sealandmaersk.com>" |
|
Subject |
"Maersk SOA as at 30/4/2021" |
|
Attachment |
"Maersk SOA.zip" |
|
MD5 |
547cbdf762cc722c1229355355a4c297 |
|
SHA256 |
17e25c1fbc33bbd475b94bd2e9136525d73788c3909e3f5564596f30b95bdbd1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(41)
|
Sender ip |
103.133.108.13 |
|
From |
"KIM
HYUNJUNG<hjkim@setsuyo.co.kr>" |
|
Subject |
"[SHINSUNG] SHIPPING DOCS for
INV. SS210506A, SS210506B (BI850G579 56MT, BI850W304 42MT)" |
|
Attachment |
"[SHINSUNG] SHIPPING
DOCS.7z" |
|
MD5 |
28ea15ad667bb2199b036bc083a7241f |
|
SHA256 |
49c1da4f3bd8a3a016eb190528060cb090ff555d422e09e375cf190b97beb1b1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(42)
|
Sender ip |
103.133.106.100 |
|
From |
"Archana THAMBI
<spaf@acm.org>" |
|
Subject |
"Swifts" |
|
Attachment |
"Scan 22370.zip" |
|
MD5 |
f88eb3bf3d12fdea0b538b6f49e9a449 |
|
SHA256 |
6c8ee04cb1de0d415f12d8ce178d6bd579bb563625b10c1697230d0f41d3930d |
|
Family |
SnakeKeylogger |
(43)
|
Sender ip |
103.133.106.100 |
|
From |
"Archana THAMBI
<spaf@acm.org>" |
|
Subject |
"Swifts" |
|
Attachment |
"Scan 22371.zip" |
|
MD5 |
55385be6f23ee762851aff8f8bc992e5 |
|
SHA256 |
1b1962b3c8eea96ca51f4f29ae1e4bb0c0e08b703a0cf0dd2649985874710b6f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(44)
|
Sender ip |
31.210.21.162 |
|
From |
"Purchasing Spring Marine
Management SA <purchasing@springmarine.com>" |
|
Subject |
"QUOTATION: SAM-S210118A," |
|
Attachment |
"RFQ_202100001009692710218871_PDF.gz" |
|
MD5 |
810f401773c1bcedb24283733ddaf870 |
|
SHA256 |
fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84 |
|
Family |
AgentTesla |
(45)
|
Sender ip |
103.139.44.91 |
|
From |
"info@marmgroup.com" |
|
Subject |
"RFQ_ANCHOR E280" |
|
Attachment |
"TJ190001-P-IW-DP-GA-2047-pdf.gz" |
|
MD5 |
85f86fc98abf8385add5d5dc21b96eb0 |
|
SHA256 |
b5ce42fa28b7438d94fc27799005c42328fc24d4e67dd8725a6eaedd8edb97d2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(46)
|
Sender ip |
103.139.44.91 |
|
From |
"info@laseritalia.com" |
|
Subject |
"RFQ NEW PART FOR ED53224 (ETB _
PRO 2110 XP CNG )" |
|
Attachment |
"drawing of ED53224-pdf.gz" |
|
MD5 |
25257a76a116574fd13208144f5a51ef |
|
SHA256 |
c28267552c802a4af6dff43eab1ede99334090bf7c60a86036b8e4e5ebaed71f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(47)
|
Sender ip |
103.139.44.91 |
|
From |
"KUAN-LIN CHUN-CHIEH)
<info@bharatjyotiimpex.com>" |
|
Subject |
"KUAN-LIN CHUN-CHIEH)
<info@bharatjyotiimpex.com>" |
|
Attachment |
"COPY OF N-N.zip" |
|
MD5 |
ecd2ca9a3bb12f5536705b7e4fe2fcda |
|
SHA256 |
27985ef546ffd6c9239b45bce432f59593c54591d3c2c306ffc5b485d02cf03c |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(48)
|
Sender ip |
103.139.44.91 |
|
From |
"KUAN-LIN CHUN-CHIEH)
<info@bharatjyotiimpex.com>" |
|
Subject |
"COPY OF N-N AND FTA
CERTIFICATE" |
|
Attachment |
"FIA CERTIFICATE.rar" |
|
MD5 |
baa6075799499303313dce93f9c3a5b9 |
|
SHA256 |
05833df117794dc0da1608f4da3f1826bcf82794e98db1735225b36043711060 |
|
Family |
AgentTesla |
(49)
|
Sender ip |
103.133.105.111 |
|
From |
"Michael wang
<sales@hydraulicbreaker.com>" |
|
Subject |
"*URGENT SUPPLY* QUOTE
B1020363" |
|
Attachment |
"QUOTE B1020363.pdf.gz" |
|
MD5 |
6fea9fa0c1515401c1c1b16050fa47f2 |
|
SHA256 |
b33da17596e956896a4791449395b6c8eee6e9d214b645373b218bc23240e203 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(50)
|
Sender ip |
109.94.164.19 |
|
From |
"operations selim
shipping<operation@selimshipping.com>" |
|
Subject |
"MV WINTERSUMMER EPDA & PORT
INFO REQUEST" |
|
Attachment |
"CARGO DECUMENT.rar" |
|
MD5 |
4afd0f01c414edb99aee1e87c1884828 |
|
SHA256 |
e4345fe0a71bae9a36b053c1c040a94b010815e1528cbce9c6fa21bbcfb95c8a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(51)
|
Sender ip |
181.119.65.95 |
|
From |
"=?UTF-8?Q?Ji=C5=99=C3=AD_N=C4=9Bmec?=
<info@crescogroup.org>" |
|
Subject |
"Purchase Order E30079/21" |
|
Attachment |
"Purchase Order
E3007921.iso" |
|
MD5 |
bc7bf29b58d8e85aee6d5991683d627b |
|
SHA256 |
02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5 |
|
Family |
SnakeKeylogger |
(52)
|
Sender ip |
31.210.20.71 |
|
From |
"Nova Carriers (Singapore) Pte
Ltd"<valencia_sim@nova-ship.com>" |
|
Subject |
"AGENCY NORMINATION-MV OLYMPIC
PROGRESS" |
|
Attachment |
"MV OLYMPIC PROGRESS VSL
PARTICULARS & PDA ORDER.zip" |
|
MD5 |
a91ac79582cd02f14ff9162857225c0e |
|
SHA256 |
7d5d7b171a3350a8a9efa59300bd7470037a62646f6a8b59f8cb083fb519299e |
|
Family |
RemcosRAT |
(53)
|
Sender ip |
103.99.1.238 |
|
From |
"thangdn<thangdn@falconship.com" |
|
Subject |
"Re:USD 5950 Transfer for Import
Payment Settlement" |
|
Attachment |
"USD 5950 Transfer for Import
Payment Settlement.rar" |
|
MD5 |
285cbf38c2a06376adbb9f316e51b154 |
|
SHA256 |
3f656d77229f0f30156f9f3f25019c1b542f02f0236c61e975685910529cbdb8 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(54)
|
Sender ip |
45.137.22.56 |
|
From |
"account
manager<Kotob@mausetv.org>" |
|
Subject |
"Bank payment” |
|
Attachment |
"payment pdf.7z" |
|
MD5 |
4848e4006fa24da832eb19c5d7dc28ea |
|
SHA256 |
8d414a8445c7ffb3b9b1a68f8358ec9fa3461ce5f8a2fcb6870ffea01c201a3e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(55)
|
Sender ip |
139.99.199.214 |
|
From |
"Cherish Xu"
<cherish@cono.uk>" |
|
Subject |
"SHIPMENTS" |
|
Attachment |
"SHIPMENT DOCUMENTS FOR 912
INVOICE - PL+CI+BL+ORIGINCERT.rar" |
|
MD5 |
53b1d36345798ff2e9ff243772d5df5f |
|
SHA256 |
8067b1be9810e13c531c0dd43be752b8932356165323cb1b7b844d082e87eb30 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(56)
|
Sender ip |
103.139.44.182 |
|
From |
"technical@ajpower.net"
<technical@ajpower.net>" |
|
Subject |
"Re:Proof Payment" |
|
Attachment |
"Proof of payment.iso" |
|
MD5 |
be3f171bf60f721d4613900e2a5138b2 |
|
SHA256 |
1b54b2d00560876773ca8f4768595f3f5ca89aa0755d1983483ed183e5d17517 |
|
Family |
SnakeKeylogger |
(57)
|
Sender ip |
103.133.105.111 |
|
From |
"Merin Shibu
<sales@autonologytool.com>" |
|
Subject |
"NEW PO FROM AUTONOLOGY CO.,LTD
QTTY (PO#7A68D20)" |
|
Attachment |
"PURCHASE LIST
(PO#7A68D20).pdf.gz" |
|
MD5 |
2e0040780d3612354ba44c89a9cb4c54 |
|
SHA256 |
bf5572696027938c37a16b54da03600ac25e9c5b6788ec4af66ac258568eaa90 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(58)
|
Sender ip |
103.133.105.111 |
|
From |
"Su Yeong YANG
<sales@knoc.com>" |
|
Subject |
"9046- PA118- SUPPLY &
INSTALLATION OF EQUIPMENTS / OILFIELD EQUIPMENTS & SUPPLY - REQUEST FOR
QUOTATION" |
|
Attachment |
"9046- PA118- SUPPLY &
INSTALLATION OF EQUIPMENTS OILFIELD EQUIPMENTS & SUPPLY - REQUEST FOR
QUOTATION.pdf.arj" |
|
MD5 |
f6b17a5ae79018f6acf6d038cc47645c |
|
SHA256 |
47d4b5abb13f897fdb1c22389193477bed58047ef30a933f3602c2c27861c902 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla..
(59)
|
Sender ip |
195.201.227.111 |
|
From |
"Rohit Halwai
<rohit.halwai@witmansgroup.com>" |
|
Subject |
"New order PO#1088063401" |
|
Attachment |
"New order.zip" |
|
MD5 |
0d2f49ec43f53846bfe410b42901bedf |
|
SHA256 |
0d2f49ec43f53846bfe410b42901bedf |
|
Family |
SnakeKeylogger |
(60)
|
Sender ip |
185.222.57.165 |
|
From |
"Accountant Department
<rud-division@alkuhaimi.com>" |
|
Subject |
"Urgent PO" |
|
Attachment |
"PO copy.z" |
|
MD5 |
33097502030d3489cf0659f2455fe994 |
|
SHA256 |
e7230be83b587e906899b5ddd2c7edca7ea043d7927ba8a70cb4d787f1f98bfc |
|
Family |
Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment