Phishing Attacks 25_5_2021
(1)
|
Sender ip |
185.222.58.136 |
|
From |
"mastersealandlogistics2@gmail.com" |
|
Subject |
"=?UTF-8?B?6KiC5Zau77yDMDkwMDA5MDA=?=" |
|
Attachment |
"SKTT090800.UUE" |
|
MD5 |
709d3babbc93d5ade9fb261bf3fd4253 |
|
SHA256 |
17cb2a091ccd9e86a391fb54125ec26b297e4b7abf63d4f87eedf098cea3f766 |
|
Family |
QuasarRAT |
(2)
|
Sender ip |
194.49.78.247 |
|
From |
"Fayyaz
TFM<ops@team-freight.com>" |
|
Subject |
"Shipping & Packing
Instructions for S0002B-T-1 // PO-17C3266B-S0002" |
|
Attachment |
"Email Copy - HAWB No_
PSGA00688171.zip" |
|
MD5 |
349918de990a0fac92c8b4d689718823 |
|
SHA256 |
a1155a01831cfc48560f691c3feaf5d3d443d781672a7ffea78b9ad8a8d5ffdb |
|
Family |
AgentTesla |
(3)
|
Sender ip |
89.40.173.102 |
|
From |
"shabbir" <
shabbir@alhatim.com.pk>" |
|
Subject |
"Purchase Order - PT-110/21" |
|
Attachment |
"Purchase Order - PT-110/21" |
|
MD5 |
b73b9452fe8e2a08ae3ce442c6b2e268 |
|
SHA256 |
14be1b927fba34318fdaa1b2a6c2090e30ecf3da8edc1d94553e15050282fcce |
|
Family |
SnakeKeylogger |
(4)
|
Sender ip |
45.137.22.149 |
|
From |
"sale@yichaobio.com" |
|
Subject |
"RE: NEW ORDER
(160336-1001461)" |
|
Attachment |
"new purchase order.r00" |
|
MD5 |
d1900b639ad9e043b1fdf368da5db70a |
|
SHA256 |
0951f2acee4b1466ac04f11c815dae1c4888cdf37646e32c6db154e05f6c0b10 |
|
Family |
AgentTesla |
(5)
|
Sender ip |
187.217.245.25 |
|
From |
"Aseem Narang medical
Zhangjiagang Co., Ltd Email: " <aseem@ascomedical.com>" |
|
Subject |
"Remittance Reference Note -
TT1802200//MT1036752" |
|
Attachment |
"TT (Ref 018006 6743).rar" |
|
MD5 |
16a6d4f7aedb43d9a9e01e0624ab295f |
|
SHA256 |
c07018ac47b4918fb64cd1d2ec4727fedcdbb09fa4cdf21f33f16f47da422eaa |
|
Family |
SnakeKeylogger |
(6)
|
Sender ip |
185.222.58.153 |
|
From |
"Sales<seppo@lopakka.fi>" |
|
Subject |
"Re:Re:Re:Re:P/I" |
|
Attachment |
"Scan0COPY0002.rar" |
|
MD5 |
e57ca51e0a429088a5735bd9978aee98 |
|
SHA256 |
97451a8bf2551e89239489a6e8d8dce8cbc3348468d4a0d007894d0cf6c85ca9 |
|
Family |
Formbook |
(7)
|
Sender ip |
196.41.32.157 |
|
From |
"=?UTF-8?Q?Estelle_Zhang_=E5=BC=A0=E7=84=B6?=
<jpark8@kent.edu>" |
|
Subject |
"RE: Overdue invoice" |
|
Attachment |
"Inv-96400-0085.iso" |
|
MD5 |
d5fa7d008d71c1b792740b3970964981 |
|
SHA256 |
509d5d4949cceda97f6af1213e8933b841368e7a0b6367a2af14697f9d41d45c |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
|
Sender ip |
194.30.246.194 |
|
From |
"Global P2P Payment
Systems<mirza@finesurgical.com>" |
|
Subject |
"Re: Outstanding Payment" |
|
Attachment |
"INVs(2341).zip" |
|
MD5 |
8445e1b48154c36afb7117be89e68181 |
|
SHA256 |
9045f62892b10e80459e6c265feee4c59f747a8a510b35c6d234fae7f0e786eb |
|
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(9)
|
Sender ip |
103.232.54.82 |
|
From |
"ZAHID
<zahid@ahnaflogistics.com.bd>" |
|
Subject |
"Re: RE : Project Contract" |
|
Attachment |
"Contract AHNAF-1289.arj" |
|
MD5 |
4438561f837792e6517f4adf8b001187 |
|
SHA256 |
455b2b7edc5b44ba25f52c3bcc1899ffb9b35997f3e40d3c6f8d893112ea0c0e |
|
Family |
RemcosRAT |
(10)
|
Sender ip |
103.232.53.200 |
|
From |
"Briana Kovak-Lewis
<elie.chedid@nesma.com>" |
|
Subject |
"PO No. 1081" |
|
Attachment |
"02242021_PO.PDF.rar" |
|
MD5 |
b35298a2d4bd87fa4a6af9f8642fc897 |
|
SHA256 |
e39f414150a8d2e3f60454024df66c6a7a11ca53502b7b66f01cad9ff907b497 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
|
Sender ip |
134.209.227.224 |
|
From |
"=?UTF-8?B?U2FuaXllIFXEnlVSQ0FO?="
<saniyeugurcan@cono.uk>" |
|
Subject |
"Cono Partnership
Opportunities" |
|
Attachment |
"WEB2020 Catalog and Professional
Export Priclist Cono Group.rar" |
|
MD5 |
0ac86f8275fc1d195b0e961c6afdcbd2 |
|
SHA256 |
e1228e2ad27292b1197a1847d18f9e886699fa8b31f1874ce54cbcfd16b11885 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender ip |
103.232.53.200 |
|
From |
"Briana Kovak-Lewis
<elie.chedid@nesma.com>" |
|
Subject |
"PO No. 1081" |
|
Attachment |
"41000548564100054851.pdf.gz" |
|
MD5 |
98051140cd2ae71adb85035cb1e7f368 |
|
SHA256 |
1a3414f52c190693968b8b234eb047e00aceb037da619f2258736398a39d50c6 |
|
Family |
Unknown |
(13)
|
Sender ip |
103.139.44.91 |
|
From |
"Jair
Saavedra"<Jair.Saavedra@us.bitron-ind.com>" |
|
Subject |
"RE: Reply: [URGENT!] Payment
Confirmation Copy - Kindly Release Our Order" |
|
Attachment |
"Payment_Confirmation_Copy.tar.001" |
|
MD5 |
39c24d6652ac62a41b179324e0afb579 |
|
SHA256 |
b0cb5b4cabd7e1a0eaf9b905fb6bc41a8d29fc0733fdeb11df46e120de055ba2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
|
Sender ip |
103.139.44.91 |
|
From |
"Jair
Saavedra"<Jair.Saavedra@us.bitron-ind.com>" |
|
Subject |
"RE: Reply: [URGENT!] Payment
Confirmation Copy - Kindly Release Our Order" |
|
Attachment |
"Blanket order
20210423001.tar.001" |
|
MD5 |
964b9f1bc9e4f27731c2c4121270b33b |
|
SHA256 |
9f3918c6ce5406cb85808f0e427a2423e5463b85cf2ba2f1d7de955e3f424872 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
|
Sender ip |
84.38.133.220 |
|
From |
"Nader Goerges
<naderb@idm-lb.net>" |
|
Subject |
"info@letempsmedia.ch RE: Urgent
Inquiry For Back Order #8936615" |
|
Attachment |
"Order List No1638829.xlsx" |
|
MD5 |
eb93fc661361cb451a46cb98964504c5 |
|
SHA256 |
96175ad7703c5e1e1b479f8e5fd3b36061cb28c701bbcff0f10627982bc82641 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
|
Sender ip |
45.95.168.161 |
|
From |
"HSBC Middle East"
<info@algadeed.com>" |
|
Subject |
"HSBC Remittance
Notification" |
|
Attachment |
"swift.cab" |
|
MD5 |
78cffa370b01bd910e905f32d418db14 |
|
SHA256 |
1e25617ff9da5aef6ace63873905c8f59f7cfa68bf8d49a7ca38f68c2be26245 |
|
Family |
GuLoader |
(17)
|
Sender ip |
194.49.78.221 |
|
From |
"Mangili Marco
<cro.msaad@cma-cgm.com>" |
|
Subject |
"Collecting Authorization" |
|
Attachment |
"Collecting
Authorization.zip" |
|
MD5 |
c0003cd0d487534a8c631abb2fda3c01 |
|
SHA256 |
61312c4e30d365cd50f80632f497b62d9164719b5c96fe9c7fcacff8219441f5 |
|
Family |
SnakeKeylogger |
(18)
|
Sender ip |
162.13.154.159 |
|
From |
"Nguyen Thi Nhu Quynh (Ms.)
<Nguyen@dcc-group.com>" |
|
Subject |
"RE: Purchase Inquiry:
KPC/PU-231(MECH)NBI/20-21" |
|
Attachment |
"Purchase Inquiry&Product
Specification.r00" |
|
MD5 |
23a91d37feb73cca8d36f6f2c437fdff |
|
SHA256 |
b582530cfda26d9dc2ca430fd46bb5e0f2967589c99d7900e21ac177fd517814 |
|
Family |
Formbook |
(19)
|
Sender ip |
45.137.22.101 |
|
From |
"pamel_21_02@hotmail.com" |
|
Subject |
"=?UTF-8?B?4LmD4Lia4LmB4LiI4LmJ4LiH4Lir4LiZ4Li14LmJIF84OTM0NTQ=?=" |
|
Attachment |
"INVOICE0900080.R10" |
|
MD5 |
c568291f6d3bfe7b5157f53929e99ebc |
|
SHA256 |
bfb97d72b32b51a7a6d9d23ed2e30992f815a8275c75905dc4a31576d5d66496 |
|
Family |
StormKitty |
(20)
|
Sender ip |
174.138.28.252 |
|
From |
"Ranjith
Kumar<exports@asvcompany.biz>" |
|
Subject |
"Purchase Order" |
|
Attachment |
"Purchase order.xlsx" |
|
MD5 |
fbe979170054fe0274f6332aace920b3 |
|
SHA256 |
88f2688c1d5405bb3ebac4098042dde3a79b2c2e10b026df3a3f797496a70c22 |
|
Family |
Loki |
(21)
|
Sender ip |
45.137.22.68 |
|
From |
"Leon Lee
<sales@lprautoparts.cn>" |
|
Subject |
"REQUEST FOR QUOTATION" |
|
Attachment |
"RFQ REF
R2100131410.pdf.zip" |
|
MD5 |
817b7442ec7e8dff6cde5dfb15ee31af |
|
SHA256 |
3a59e86f85536f7ebf3edf43bd675a0b187b6423c379f9f3be63d89aefc98a77 |
|
Family |
Loki |
(22)
|
Sender ip |
185.222.57.79 |
|
From |
"sales@imachine-tech.com" |
|
Subject |
"RE: WRONG IBAN/PAYMENT
RETURNED" |
|
Attachment |
"RE WRONG IBANPAYMENT
RETURNED.zip" |
|
MD5 |
37aaa999e22f780e152cebcd85b20ebd |
|
SHA256 |
b0d763f47e40d7c81811432d29dc33943705d577caa97a076f616b509a87ff07 |
|
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment