Phishing Attacks 24_5_2021
(1)
|
Sender ip |
104.129.30.165 |
|
From |
"Waleed Farouk
<w.farouk@economic-group.com>" |
|
Subject |
“Quotation Middle East" |
|
Attachment |
"Final Quotation.pdf.z" |
|
MD5 |
5edce790dbf0f2111f96fff961215d96 |
|
SHA256 |
030c446ac1fac992dadf50c3926a07f9135232b6fbb0eda2ac40701d355567cd |
|
Family |
unknown |
(2)
|
Sender ip |
31.210.21.118 |
|
From |
"zhangxh@coscohe.com.cn" |
|
Subject |
"Fwd: Required Quotation" |
|
Attachment |
"PO#975072.rar" |
|
MD5 |
c0abf085a4e6bd1a6c7dea1e08c14205 |
|
SHA256 |
54c52915b9a166cc18f39c86d2052699397ae13bd68b2e920d99c05edb17e836 |
|
Family |
SnakeKeylogger |
(3)
|
Sender ip |
89.40.173.102 |
|
From |
"shabbir" <
shabbir@alhatim.com.pk>" |
|
Subject |
"Purchase Order - PT-110/21" |
|
Attachment |
"Purchase Order - PT-110/21" |
|
MD5 |
b73b9452fe8e2a08ae3ce442c6b2e268 |
|
SHA256 |
14be1b927fba34318fdaa1b2a6c2090e30ecf3da8edc1d94553e15050282fcce |
|
Family |
SnakeKeylogger |
(4)
|
Sender ip |
45.137.22.149 |
|
From |
"sale@yichaobio.com" |
|
Subject |
"RE: NEW ORDER
(160336-1001461)" |
|
Attachment |
"new purchase order.r00" |
|
MD5 |
d1900b639ad9e043b1fdf368da5db70a |
|
SHA256 |
0951f2acee4b1466ac04f11c815dae1c4888cdf37646e32c6db154e05f6c0b10 |
|
Family |
AgentTesla |
(5)
|
Sender ip |
187.217.245.25 |
|
From |
"Aseem Narang medical
Zhangjiagang Co., Ltd Email: " <aseem@ascomedical.com>" |
|
Subject |
"Remittance Reference Note -
TT1802200//MT1036752" |
|
Attachment |
"TT (Ref 018006 6743).rar" |
|
MD5 |
16a6d4f7aedb43d9a9e01e0624ab295f |
|
SHA256 |
c07018ac47b4918fb64cd1d2ec4727fedcdbb09fa4cdf21f33f16f47da422eaa |
|
Family |
SnakeKeylogger |
(6)
|
Sender ip |
185.222.58.153 |
|
From |
"Sales<seppo@lopakka.fi>" |
|
Subject |
"Re:Re:Re:Re:P/I" |
|
Attachment |
"Scan0COPY0002.rar" |
|
MD5 |
e57ca51e0a429088a5735bd9978aee98 |
|
SHA256 |
97451a8bf2551e89239489a6e8d8dce8cbc3348468d4a0d007894d0cf6c85ca9 |
|
Family |
Formbook |
(7)
|
Sender ip |
188.166.82.8 |
|
From |
"JUDY WANG"
<judy.wang@cono.uk>" |
|
Subject |
"1ST SHIPMENTS" |
|
Attachment |
"AWB#8001187 SHIPPING DOCUMENTS
PL+BL+CI.rar" |
|
MD5 |
c19c40e19cccffd8c4b3ee4af592ef73 |
|
SHA256 |
01a0491697893c69dec98d83da5a0be3f538e812257db02b5e3e42d41d77afb8 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
|
Sender ip |
45.87.60.140 |
|
From |
"Yang Ming
<sblazquez@asecomex.com>" |
|
Subject |
"ARRIVAL NOTICE () BL#
M616310389" |
|
Attachment |
"Shipping Doc..zip" |
|
MD5 |
edeca92226d530580e831d3cb7e1d772 |
|
SHA256 |
ae6f8c9c11bba7d0ce66f3560ceb6fa1d9b3ca9dfa9e2973aec4f35ef0c81bbf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
|
Sender ip |
203.159.80.127 |
|
From |
“accounts
<accounts@integraqatar.com>" |
|
Subject |
"Fw: Fw: Fw: RE: ABB USD
2,000,000 -New Puchase Order for our ongoing project" |
|
Attachment |
"SKMBT_C36017022513490.pdf
(31K).rar" |
|
MD5 |
3d66e020961260c95adc47de26f5670f |
|
SHA256 |
77d68d6c2d36c771fcaed62a55fb04d4308d78e08881ed90b77e8ad96168ab1a |
|
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(10)
|
Sender ip |
203.159.80.127 |
|
From |
"accounts
<accounts@integraqatar.com>" |
|
Subject |
"Fw: Fw: Fw: RE: ABB USD
2,000,000 -New Puchase Order for our ongoing project" |
|
Attachment |
"SKMBT_C36017022513491.pdf
(32K).rar" |
|
MD5 |
d14499c41a967e2e17d233a551a1dca5 |
|
SHA256 |
22c208411b9e101ad60a0ce3abf50033914423c44f46d608213ba1820632c309 |
|
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(11)
|
Sender ip |
203.159.80.127 |
|
From |
"accounts
<accounts@integraqatar.com>" |
|
Subject |
"Fw: Fw: Fw: RE: ABB USD
2,000,000 -New Puchase Order for our ongoing project" |
|
Attachment |
"SKMBT_C36017022617081.pdf
(30K).rar" |
|
MD5 |
fb27a7cf9613996237f2320786892994 |
|
SHA256 |
b7e9d7526a6dfddb1ae7247f9c17dcc12627d0b6a44b05e9053ec603b98181c2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender ip |
103.99.1.238 |
|
From |
"Bridgeway<info@bridgewayshipping.com" |
|
Subject |
"Re:SHIPPING DOCUMENT &
PACKING LIST" |
|
Attachment |
"SHIPPING DOCUMENT &
PL.rar" |
|
MD5 |
75629f37b64200246562aefa1f638ba2 |
|
SHA256 |
7aa20952bc30855f4c2c818105add2bb01eb766502d83a23d832360f7b9a2bfe |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
|
Sender ip |
23.83.133.2 |
|
From |
"=?utf-8?Q?Shanghai Ming Wah
Shipping Co., Ltd?= <exports@haichufanq.com>" |
|
Subject |
"INVOICES OF SYNERGY PVT LTD \\
PONU8003969 \\ PONU7863971 " |
|
Attachment |
"Shipping
Documents-BL#SE20100078001.ace" |
|
MD5 |
c00d3017f1d0875d83e6900dea7ec38f |
|
SHA256 |
711881519140b39140030bcb3904064ca9933b1230cbc6ac95ba77a87c58c986 |
|
Family |
RemcosRAT |
(14)
|
Sender ip |
195.201.227.111 |
|
From |
"De la part de KITCHERAMA TRADING
CO. LLC" <amrico@emirates.net.ae>" |
|
Subject |
"RE: SHIPPING DOCUMENTS" |
|
Attachment |
"Shipping Document.zip" |
|
MD5 |
534644c1c903e53ac7d986ec7d973234 |
|
SHA256 |
3065a81e114873d9df17b935481954eb0c85edc342e6889b334f51c3f2e15508 |
|
Family |
SnakeKeylogger |
(15)
|
Sender ip |
194.49.78.247 |
|
From |
"Fayyaz
TFM<ops@team-freight.com>" |
|
Subject |
"HPE Shipments | HPE_4323_V1 ,
HPE_4329_V1 & HPE_4005_V1-1 | HAWB No: PSGA00688171" |
|
Attachment |
"Email Copy - HAWB No_
PSGA00688171.zip" |
|
MD5 |
b2f7064c104150491de74bb2cc6c7b36 |
|
SHA256 |
cbc8da9fd827ff80d54955b350c52f26df5a5b6edb103a7d619a7d3cbc07cb44 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
|
Sender ip |
31.210.21.118 |
|
From |
"renier@groenbou.co.za" |
|
Subject |
"Re: Fwd: Quotation" |
|
Attachment |
"Quotation 60563.zip" |
|
MD5 |
f17bd054762467c63819b78405e5ea70 |
|
SHA256 |
fda379289a2cded4c7fb64662da97c551e24f9517672e955354ea4f10906af26 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
|
Sender ip |
45.137.22.71 |
|
From |
"Sales Dept
<info@mirmetal.com.tr>" |
|
Subject |
"WIRE TRANSFER 1517796961" |
|
Attachment |
"WIRE TRANSFER swift.r11" |
|
MD5 |
7d58013b652af904e872168bb1ff6105 |
|
SHA256 |
dc19f8218071c91f10dd36cd882c98c9c971757ee2dd9cdbeeaf3a7077bf26a8 |
|
Family |
unknown |
(18)
|
Sender ip |
45.137.22.71 |
|
From |
"Mostafa
<m.mahdi@alangari.com.sa>" |
|
Subject |
"Re: Re: PURCHASE ORDER REVISED
PRICES// QUOTATION" |
|
Attachment |
"REVISED PRICES 20210322
BART56.r00" |
|
MD5 |
b25c5b061e106240388d4490cb845eb5 |
|
SHA256 |
828be25b5728b443680ea58bd58ec85ff759cc5f798093b3a78c01747ca7dcff |
|
Family |
Unknown |
(19)
|
Sender ip |
45.137.22.149 |
|
From |
"ash.zhang@ugslogistics.com" |
|
Subject |
"RE: Shipping Documents" |
|
Attachment |
"DOC.r15" |
|
MD5 |
64db8aa6133492a118fc5e079e7d1882 |
|
SHA256 |
5036adaf8f2c82fb66f9c3604ec816f386a0f786a77faaeb35c56d92c6ab8ecb |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
|
Sender ip |
203.159.80.127 |
|
From |
"T. HALK BANKASI
<EKSTRE@halkbank.com.tr>" |
|
Subject |
"T.HALK BANKASI A.S.Hesap
Ekstresi" |
|
Attachment |
"T.HALK BANKASI A.S.Hesap
Ekstresi.PDF!.rar" |
|
MD5 |
3fe0779f1438fb14d04642d9318d07d6 |
|
SHA256 |
895d054412bf0e94dfd32276c9d9eb45e0035c464833fb6d0d3dbb7f3a7aaea5 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
|
Sender ip |
143.110.212.247 |
|
From |
"Chirag Soni"
info@luxadermskincare.us" |
|
Subject |
"PAYMENT INVOICE" |
|
Attachment |
"INVOICE NO 070FT06.lzh" |
|
MD5 |
e80504ea47b51f754382274955c7b2c0 |
|
SHA256 |
898801b1f5e565994f6c369264bca1bdfdbb210794448131fb0dc5092bffa0bf |
|
Family |
RemcosRAT |
(22)
|
Sender ip |
103.145.254.33 |
|
From |
"Isabelle Bertin <tihi.stojevic@lageros.hr>" |
|
Subject |
"PO CF004303" |
|
Attachment |
"PO.CF004303.zip" |
|
MD5 |
15fd83e5fbe925de94d808b56c7f95ea |
|
SHA256 |
7dd5e15b5f62d3164bfb8e3edb8caf171f9a1c97df8f213ed7920f79221c524a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(23)
|
Sender ip |
84.38.130.220 |
|
From |
" Elvin Gementera Cruz"
<elvin.cruz@jesco.com.sa>" |
|
Subject |
"JESCO RFQ (PR:21001312)
URGENT" |
|
Attachment |
"JESCO RFQ (PR21001312).rar" |
|
MD5 |
4b564083a2db7f7a8c30fa226c366e6a |
|
SHA256 |
0681e69745fd994fa5b22b52069293ec3faa886943e358fbda87dc20b9c3f395 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
|
Sender ip |
45.137.22.149 |
|
From |
"ash.zhang@ugslogistics.com" |
|
Subject |
"RE: Shipping Documents" |
|
Attachment |
"DOC.r00" |
|
MD5 |
1d3f2b322238e732644a63ad57fbbeb2 |
|
SHA256 |
c0937a60690a6c70c39714dba77dc139392f93f7ebc2108856ad326934e38813 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(25)
|
Sender ip |
103.133.106.100 |
|
From |
"Sabrina Fernandez Maldonado
<sales@almerialiving.net>" |
|
Subject |
"URGENT PURCHASE ORDER" |
|
Attachment |
"Purchase Order.zip" |
|
MD5 |
b94960997d1fac054f91e03188fa0f12 |
|
SHA256 |
9f7704045124fbd39844bc4a17c34b9d1d8530ef43f48ec91ba9c559f5b454d8 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(26)
|
Sender ip |
185.118.164.92 |
|
From |
"Mattia Cuman "
<mattia.cuman@medelinternational.com>" |
|
Subject |
"MEDEL PI" |
|
Attachment |
"MEDEL09435#INVDIAGNOEQUIP.pdf.zip" |
|
MD5 |
20db81da1471ee3550b45d32bfc450d6 |
|
SHA256 |
16666f1d4d623a9b3ee23b2f6ac3f85441c81e9be17d028530081b6a3991e47a |
|
Family |
SnakeKeylogger |
(27)
|
Sender ip |
194.49.78.247 |
|
From |
"Fayyaz
TFM<ops@team-freight.com>" |
|
Subject |
"Shipments | HPE_4329_V1 &
HPE_4005_V1-1 | HAWB No: PSGA00688171" |
|
Attachment |
"Email Copy - HAWB No_
PSGA00688171.zip" |
|
MD5 |
328946c937e153aa85a5d48754b7009d |
|
SHA256 |
6bff25a8218e1ef959dae91897a7315cc42e96365b24064dbbfc9cb90f7c7e26 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(28)
|
Sender ip |
103.139.44.91 |
|
From |
"SAILUN GROUP
<boris.zhang@sailuntire.com>" |
|
Subject |
"ADVANCE PAYMENT/SWIFT COPY" |
|
Attachment |
"PI-ADVANCE PAYMENT.rar" |
|
MD5 |
d1c7ad2c5c731b27eb2b43cebb91eca2 |
|
SHA256 |
1cc002ccb2341e5d8cb430fed427636cdf777b66a40d55f96e92726463cf9bbf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(29)
|
Sender ip |
103.139.44.91 |
|
From |
"SAILUN GROUP
<boris.zhang@sailuntire.com>" |
|
Subject |
"ADVANCE PAYMENT/SWIFT COPY" |
|
Attachment |
"SWIFT COPY.rar" |
|
MD5 |
3239f13e4c32a28b4894acfb5a26863a |
|
SHA256 |
b69b5ba40c54631b0c63ad14f201f9fc3227a57a1edfc4b8d06abce886ac22c8 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(30)
|
Sender ip |
103.133.106.100 |
|
From |
"Thai Taj
<tajgroup@vsnl.com>" |
|
Subject |
"Shipping Documents" |
|
Attachment |
"Shipping Docs_222738.zip" |
|
MD5 |
70622a9d433cf1222ec0f1cfbd105e17 |
|
SHA256 |
ca7d5eab5da4fcebcd14c42582e61abc32a055ca65780fe83e4866b5c96b12f1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(31)
|
Sender ip |
103.133.106.100 |
|
From |
"Thai Taj
<tajgroup@vsnl.com>" |
|
Subject |
"Shipping Documents" |
|
Attachment |
"BL.zip" |
|
MD5 |
5e9fc3e8e46469128e283901ece8bfa7 |
|
SHA256 |
84958ad9a7dac74ce2acd2474c8202e1d872e4b4a1bf73d5411e35293f177d17 |
|
Family |
SnakeKeylogger |
(32)
|
Sender ip |
31.210.21.118 |
|
From |
"stefanie@globally.ae" |
|
Subject |
"Re: Quotation 60584" |
|
Attachment |
"Quotation 60584.zip" |
|
MD5 |
7ebc4f805ddf9e73b25985141a9e0c24 |
|
SHA256 |
9bd574f642942674fbd1dc228521251d23f9c02e0db08ba1346c58a0c48664df |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(33)
|
Sender ip |
103.153.182.81 |
|
From |
"=?UTF-8?B?Q2VjaWxpYSBMw7Z2YmVyZw==?=<cecilia.lovberg@geodis.com>" |
|
Subject |
"FW: UP TO DATE S.O.A &
INVOICE" |
|
Attachment |
"S.O.A.PDF.z" |
|
MD5 |
e52d22c2b72b142035d013bb94a624db |
|
SHA256 |
acde2ab860a161351f765b324bdbda9cc4a897c1b78cfa74befa785ad2f68ba3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(34)
|
Sender ip |
103.153.182.81 |
|
From |
"=?UTF-8?B?Q2VjaWxpYSBMw7Z2YmVyZw==?=<cecilia.lovberg@geodis.com>" |
|
Subject |
"FW: UP TO DATE S.O.A &
INVOICE" |
|
Attachment |
"INV_04905.PDF.z" |
|
MD5 |
838eb9294a4beec44ecfbe16a19deaf9 |
|
SHA256 |
d2d7ea944ecc759531c1e19f113536b07041e309d9b7484d378f991b392983de |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(35)
|
Sender ip |
185.222.57.229 |
|
From |
"cn.international@ksh.biglobe.ne.jp" |
|
Subject |
"RE: Revise PI" |
|
Attachment |
"invoice.zip" |
|
MD5 |
bd53fbfd9142ea4fa418e8b94718c678 |
|
SHA256 |
24b9f122349006afe996eb49534f12789789e56b5ebea1c4cae476ee13c0ce25 |
|
Family |
Formbook |
(36)
|
Sender ip |
103.133.106.100 |
|
From |
"Thai Taj
<tajgroup@vsnl.com>" |
|
Subject |
"Shipping Documents" |
|
Attachment |
"Shipping Docs_222738.zip" |
|
MD5 |
70622a9d433cf1222ec0f1cfbd105e17 |
|
SHA256 |
ca7d5eab5da4fcebcd14c42582e61abc32a055ca65780fe83e4866b5c96b12f1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(37)
|
Sender ip |
103.133.106.100 |
|
From |
"Thai Taj
<tajgroup@vsnl.com>" |
|
Subject |
"Shipping Documents" |
|
Attachment |
"BL.zip" |
|
MD5 |
5e9fc3e8e46469128e283901ece8bfa7 |
|
SHA256 |
84958ad9a7dac74ce2acd2474c8202e1d872e4b4a1bf73d5411e35293f177d17 |
|
Family |
SnakeKeylogger |
(38)
|
Sender ip |
31.210.21.118 |
|
From |
"stefanie@globally.ae" |
|
Subject |
"Quotation 60584.zip" |
|
Attachment |
"BL.zip" |
|
MD5 |
7ebc4f805ddf9e73b25985141a9e0c24 |
|
SHA256 |
9bd574f642942674fbd1dc228521251d23f9c02e0db08ba1346c58a0c48664df |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(39)
|
Sender ip |
103.153.182.81 |
|
From |
"=?UTF-8?B?Q2VjaWxpYSBMw7Z2YmVyZw==?=<cecilia.lovberg@geodis.com>"
|
|
Subject |
"FW: UP TO DATE S.O.A &
INVOICE" |
|
Attachment |
"S.O.A.PDF.z" |
|
MD5 |
e52d22c2b72b142035d013bb94a624db |
|
SHA256 |
acde2ab860a161351f765b324bdbda9cc4a897c1b78cfa74befa785ad2f68ba3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(40)
|
Sender ip |
103.153.182.81 |
|
From |
"=?UTF-8?B?Q2VjaWxpYSBMw7Z2YmVyZw==?=<cecilia.lovberg@geodis.com>" |
|
Subject |
"FW: UP TO DATE S.O.A &
INVOICE" |
|
Attachment |
"INV_04905.PDF.z" |
|
MD5 |
838eb9294a4beec44ecfbe16a19deaf9 |
|
SHA256 |
d2d7ea944ecc759531c1e19f113536b07041e309d9b7484d378f991b392983de |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(41)
|
Sender ip |
185.222.57.229 |
|
From |
"cn.international@ksh.biglobe.ne.jp" |
|
Subject |
"RE: Revise PI" |
|
Attachment |
"invoice.zip" |
|
MD5 |
bd53fbfd9142ea4fa418e8b94718c678 |
|
SHA256 |
24b9f122349006afe996eb49534f12789789e56b5ebea1c4cae476ee13c0ce25 |
|
Family |
Formbook |
(42)
|
Sender ip |
31.210.21.165 |
|
From |
"Yosmarta Kahar
<c.santos@epic-pharma.com>" |
|
Subject |
"Re: Re: Re: Sign PI (PO. 2100002
(BT-INC)-PAYMENTS " |
|
Attachment |
"PO1234EFJL_011LM000_pdf.gz" |
|
MD5 |
e89edc057caca569d778e8837096f4e6 |
|
SHA256 |
6dc206b5eb1c52c0dbaee39ee5a79e03caf69bc82ac8bbccbdcd41f4711fc13f |
|
Family |
Formbook |
(43)
|
Sender ip |
203.159.80.127 |
|
From |
"RAJEEV
<catetreding@gmail.com>" |
|
Subject |
"Invitation / PQ Documents
Submission" |
|
Attachment |
"Invitation for potential
projects Specification.PDF!.zip" |
|
MD5 |
096097aef86ab914dc7a582db93d6b84 |
|
SHA256 |
2122b12c1f10d2b0dcd824612939b67d7a24a08c9e929eac08ba71430afe4fb0 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(44)
|
Sender ip |
203.159.80.127 |
|
From |
"RAJEEV
<catetreding@gmail.com>" |
|
Subject |
"Invitation / PQ Documents
Submission" |
|
Attachment |
"Invitation PQ Documents
Submission.PDF!.cab" |
|
MD5 |
d81f0c52416539a5ca6c5ae74b8450c6 |
|
SHA256 |
0e935a97c2ba17add2d1bece5d42ab590d65af004852c0c6d5a29a9d859e569d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(45)
|
Sender ip |
203.159.80.127 |
|
From |
"RAJEEV
<catetreding@gmail.com>" |
|
Subject |
"Invitation / PQ Documents
Submission" |
|
Attachment |
"Invitation PQ Documents
Submission.PDF!.cab" |
|
MD5 |
d81f0c52416539a5ca6c5ae74b8450c6 |
|
SHA256 |
0e935a97c2ba17add2d1bece5d42ab590d65af004852c0c6d5a29a9d859e569d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(46)
|
Sender ip |
103.133.106.100 |
|
From |
"Ajaree Sricharoen
<info@kdm.co.th>" |
|
Subject |
"Revised order for 40ft
container" |
|
Attachment |
"Scan 20210519.zip" |
|
MD5 |
ef1b96301358b5671a48d5a7f419f7ee |
|
SHA256 |
b0363b733a3bbeaa855b76adb25239bf2d96e49a6453c687e1a2776d1b818b1a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(47)
|
Sender ip |
31.210.20.71 |
|
From |
"OPS/ROYAL PACIFIC
SHIPS"<ops@royalpacificship.com>" |
|
Subject |
"///RESENDING///AGENCY NORMINATION-MV
OLYMPIC PROGRESS" |
|
Attachment |
"MV OLYMPIC VSL PARTICULARS &
MASTERS INSTRUCTIONS.zip" |
|
MD5 |
ee26d5d717f9e9b535504ff9989d890e |
|
SHA256 |
cbc87d70317d1e6ae7b31e7b04aaf4d4f3657fa547366b39bc8553d8e25544a6 |
|
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(48)
|
Sender ip |
103.153.182.81 |
|
From |
"Gracinda Costa
<gracinda.costa@conceito.pt>" |
|
Subject |
"Re: INVOICE Export B/L #
DSA6694/6929RTM" |
|
Attachment |
"INVOICE-1322.PDF.z" |
|
MD5 |
f147242203f1471d0f7265faad01fba6 |
|
SHA256 |
b804e7c3a6a9244d379f981ad8eef4a5ebcf2f36b91a44a6ce190e08a0c34fb5 |
|
Family |
Formbook |
(49)
|
Sender ip |
45.137.22.56 |
|
From |
"FINANCE
<RobbieCheng@pageonegroup.com>" |
|
Subject |
"Fwd: Revised Invoice-Order" |
|
Attachment |
"paid invoice.pdf.7z" |
|
MD5 |
c2b8d37fe3a6feda5daacd99652528e7 |
|
SHA256 |
c65d421876d3fec1bdbe5ee13415d8304249b2a41cc265b37053ca6210bfb02a |
|
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(50)
|
Sender ip |
45.35.196.140 |
|
From |
"administrator
<c.a.manivanna@accenture.com>" |
|
Subject |
"RE:URGENT PO# 8956897020
TOS-00974" |
|
Attachment |
"PDF#Purchase
order22435.ace" |
|
MD5 |
7f0f0a874b085b4f16dfcd2e2a7389af |
|
SHA256 |
119530df722e9f97ed26fc3238dce5b90b2e2dba1669e827cdeff298554b3c11 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(51)
|
Sender ip |
45.137.22.71 |
|
From |
"Cus - Max Service
<cus@maxservice.com.vn>" |
|
Subject |
"RE: DRAFT BILL #040BA05287
/01X40RH KOBE*ETD 22 MAY" |
|
Attachment |
"WDMFT505_BL_VNHPH01_NTTQUYNH_0520_000018_040BA05287-MAIL.PDF.r00" |
|
MD5 |
a902787faca146cd34cd08e2159f192d |
|
SHA256 |
0761d1ae319f9d37dd09aa0498e978f1dd76ead29c2e4762f288483339928492 |
|
Family |
SnakeKeylogger |
(52)
|
Sender ip |
45.137.22.71 |
|
From |
"Mostafa
<m.mahdi@alangari.com.sa>" |
|
Subject |
"Re: Re: PURCHASE ORDER REVISED
PRICES// QUOTATION" |
|
Attachment |
"PURCHASE ORDER REVISED PRICES
QUOTATION.r11" |
|
MD5 |
9bdece8efc88ea5dcac2f42dd24a8b06 |
|
SHA256 |
d048ba09e96f636448057ef83d88961c9868ffbd16ae592d37538bb548c053cd |
|
Family |
SnakeKeylogger |
(53)
|
Sender ip |
185.222.57.229 |
|
From |
"cn.international@ksh.biglobe.ne.jp" |
|
Subject |
"RE: Revise PI" |
|
Attachment |
"invoice.zip" |
|
MD5 |
004dd694f287411063bfbfd83d528916 |
|
SHA256 |
c5425b8f9762f3acf7d1accd773336c78c4daf5b1fbde2f160787c584c5a5e53 |
|
Family |
Formbook |
(54)
|
Sender ip |
45.35.196.140 |
|
From |
"FedEx
Express<info@znshenesolar.com>" |
|
Subject |
"FedEx Express AWB#5305323204643
- Information is required" |
|
Attachment |
"AWB#5305323204643.zip" |
|
MD5 |
e9676de2c97e46b2a85fe7be139844dd |
|
SHA256 |
f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(55)
|
Sender ip |
45.35.196.140 |
|
From |
"FedEx
Express<info@znshenesolar.com>" |
|
Subject |
"FedEx Express AWB#5305323204643
- Information is required" |
|
Attachment |
"FedEx Express-Reciept.rar" |
|
MD5 |
f684a1ae652577db0d415c6fc3e7cfb3 |
|
SHA256 |
2ce5a9f8be3febcaec5cd8354e4ba701508ee579654a770ea56244b0e810973d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(56)
|
Sender ip |
45.87.60.140 |
|
From |
"Lee Acct.
<infocordoba@familiafalasco.com>" |
|
Subject |
"TT copy 130,839.00USD" |
|
Attachment |
"Scan 130,839USD.7z" |
|
MD5 |
c31404ab6bdf8b90dea181560c1c90b5 |
|
SHA256 |
76489e8adf7e046f7cc7513ffc79760e313ad3e71ccc63e361173a410f5d1444 |
|
Family |
SnakeKeylogger |
(57)
|
Sender ip |
138.68.8.255 |
|
From |
"=?UTF-8?B?ICJLVCBJbnRlcm5hdGlvbmFsIC5MVEQuxZ5UxLAi?=<info@xv4w.xyz>" |
|
Subject |
"AW: Re: Order Confirmation
Requirement" |
|
Attachment |
"PO New Order.zip" |
|
MD5 |
581ccff9a4dd485ac37399b5b563d4df |
|
SHA256 |
afb6ac1bd79aef042c365616dc6f0803ca0038012a3778dec42f511447c3a6d3 |
|
Family |
Loki |
(58)
|
Sender ip |
31.210.21.118 |
|
From |
"Sibi.raj@qi-energy.ae" |
|
Subject |
"RE: Request for Quotation" |
|
Attachment |
"AMDPI 2021.zip" |
|
MD5 |
11c1a927ae0513ca1b9a8b8fabd9061b |
|
SHA256 |
54906dba547718d64dedcbb96b4148b49967f584c4930f5759fbb5fabab9d1bf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(59)
|
Sender ip |
185.121.120.135 |
|
From |
"Wang Wei
<sales@besmed.com>" |
|
Subject |
"Aviso de pago - Ref.
Aviso[G1117599144] / Pago prioritario" |
|
Attachment |
"BANK DETAILS ...gz...pdf" |
|
MD5 |
6ea34a19ff521aff47416f8ab4311963 |
|
SHA256 |
2a14b1082d6e0b2fd03325cd2f91b2704b05bfeda55618526301012a08221fb8 |
|
Family |
SnakeKeylogger |
(60)
|
Sender ip |
45.137.22.101 |
|
From |
"pamel_21_02@hotmail.com" |
|
Subject |
"=?UTF-8?B?5Y+R56WoXzg5MzQ1NA==?=" |
|
Attachment |
"09090000000000090.PDF.z" |
|
MD5 |
dc76dc7df54b1f4a5fcc3abea0d5f1fa |
|
SHA256 |
0f0a22cdf88b8767785f6113b920b9df1375559eb4c95a015221ad3d0a4a118c |
|
Family |
Unknown |
(61)
|
Sender ip |
136.243.232.251 |
|
From |
"Director enforcementenquiry <enforcementenquiry@alibaba-inc.com>" |
|
Subject |
"Contract 27/5/2021 for Invoice
Packing list and FIL" |
|
Attachment |
"Invo and Pack list.gz" |
|
MD5 |
b7098dd3eca5af4204ef02a079c94725 |
|
SHA256 |
eed1f454d5dd1e4b0a61e425d787d439bb69d789c2fa7072d06a9d6cadadb0a3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(62)
|
Sender ip |
193.169.255.128 |
|
From |
"KRRINT
INTERNATIONAL<enquiry@krrinternational.com>" |
|
Subject |
"RE:QUOTATION" |
|
Attachment |
"RFQ MLK #656577.arj" |
|
MD5 |
63b3e654d0a4baabb43fc1567118dbed |
|
SHA256 |
88e3a8474ce8258d93467774ad82fb237d2c88e9ca091dfa90e57af1e2ccbf23 |
|
Family |
Unknown |
(63)
|
Sender ip |
45.137.22.101 |
|
From |
"pamel_21_02@hotmail.com" |
|
Subject |
"=?UTF-8?B?55m856WoXzg5MzQ1NA==?=" |
|
Attachment |
"4090800.pdf.lzh" |
|
MD5 |
2f460b94a9e53fb676aa84a66ff51424 |
|
SHA256 |
91dfd17bf11e35a714076e1e4e403d0a95573a9e1bfb7485d249085be890f62a |
|
Family |
QuasarRAT |
(64)
|
Sender ip |
45.87.60.140 |
|
From |
"Dainel He.
<davidhe@nbpif.com>" |
|
Subject |
"Purchase Order (P.O.)
No.4036041334" |
|
Attachment |
"New Purchase Order.zip" |
|
MD5 |
7a66a97b1c85e4e0a3b41afcab017004 |
|
SHA256 |
39927ae61506aa5843d1c0a3c59326056718824ea64eaf0399c04c3f431cf7e6 |
|
Family |
SnakeKeylogger |
(65)
|
Sender ip |
167.172.100.93 |
|
From |
"=?UTF-8?B?w5ZtZXIgw5ZaVMOcUks=?="
<omer.ozturk@martellettina.xyz>" |
|
Subject |
"SHIPMENTS FOR INV FNT022202101
FNT054402101 FNT023302101 FNT024202101 FNT089202101" |
|
Attachment |
"SHIPMENTS FOR INV FNT022202101
FNT054402101 FNT023302101 FNT024202101 FNT089202101.rar" |
|
MD5 |
19564405739674482473e0f0c89441cc |
|
SHA256 |
c6aa20cfb1e01e267566a1b47ef22befcda83e4cfce36b856bc6366407fb3a49 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(66)
Sender ip | 103.139.44.91 |
From | "Jair Saavedra"<Jair.Saavedra@us.bitron-ind.com>" |
Subject | "RE: [URGENT!] Payment Confirmation Copy - Kindly Release Our Order" |
Attachment | "Blanket order 20210423001.tar.001" |
MD5 | 370ab95039316d69cdaefc0271d4f041 |
SHA256 | 37bdae78da40f9492cf5d6d4271d688c1a8f2701cd087264a702a847170568b8 |
Family | AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment