Phishing Attacks 25_5_2021

 



(1)

Sender ip

185.222.58.136

From

"mastersealandlogistics2@gmail.com"

Subject

"=?UTF-8?B?6KiC5Zau77yDMDkwMDA5MDA=?="

Attachment

"SKTT090800.UUE"

MD5

709d3babbc93d5ade9fb261bf3fd4253

SHA256

17cb2a091ccd9e86a391fb54125ec26b297e4b7abf63d4f87eedf098cea3f766

Family

QuasarRAT

 


(2)

Sender ip

194.49.78.247

From

"Fayyaz TFM<ops@team-freight.com>"

Subject

"Shipping & Packing Instructions for S0002B-T-1 // PO-17C3266B-S0002"

Attachment

"Email Copy - HAWB No_ PSGA00688171.zip"

MD5

349918de990a0fac92c8b4d689718823

SHA256

a1155a01831cfc48560f691c3feaf5d3d443d781672a7ffea78b9ad8a8d5ffdb

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

89.40.173.102

From

"shabbir" < shabbir@alhatim.com.pk>"

Subject

"Purchase Order - PT-110/21"

Attachment

"Purchase Order - PT-110/21"

MD5

b73b9452fe8e2a08ae3ce442c6b2e268

SHA256

14be1b927fba34318fdaa1b2a6c2090e30ecf3da8edc1d94553e15050282fcce

Family

SnakeKeylogger

 


(4)

 

Sender ip

45.137.22.149

From

"sale@yichaobio.com"

Subject

"RE: NEW ORDER (160336-1001461)"

Attachment

"new purchase order.r00"

MD5

d1900b639ad9e043b1fdf368da5db70a

SHA256

0951f2acee4b1466ac04f11c815dae1c4888cdf37646e32c6db154e05f6c0b10

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(5)

Sender ip

187.217.245.25

From

"Aseem Narang medical Zhangjiagang Co., Ltd Email: "

<aseem@ascomedical.com>"

Subject

"Remittance Reference Note - TT1802200//MT1036752"

Attachment

"TT (Ref 018006 6743).rar"

MD5

16a6d4f7aedb43d9a9e01e0624ab295f

SHA256

c07018ac47b4918fb64cd1d2ec4727fedcdbb09fa4cdf21f33f16f47da422eaa

Family

SnakeKeylogger

 

(6)

Sender ip

185.222.58.153

From

"Sales<seppo@lopakka.fi>"

Subject

"Re:Re:Re:Re:P/I"

Attachment

"Scan0COPY0002.rar"

MD5

e57ca51e0a429088a5735bd9978aee98

SHA256

97451a8bf2551e89239489a6e8d8dce8cbc3348468d4a0d007894d0cf6c85ca9

Family

Formbook


(7)

Sender ip

196.41.32.157

From

"=?UTF-8?Q?Estelle_Zhang_=E5=BC=A0=E7=84=B6?= <jpark8@kent.edu>"

Subject

"RE: Overdue invoice"

Attachment

"Inv-96400-0085.iso"

MD5

d5fa7d008d71c1b792740b3970964981

SHA256

509d5d4949cceda97f6af1213e8933b841368e7a0b6367a2af14697f9d41d45c

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

194.30.246.194

From

"Global P2P Payment Systems<mirza@finesurgical.com>"

Subject

"Re: Outstanding Payment"

Attachment

"INVs(2341).zip"

MD5

8445e1b48154c36afb7117be89e68181

SHA256

9045f62892b10e80459e6c265feee4c59f747a8a510b35c6d234fae7f0e786eb

Family

NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(9)

Sender ip

103.232.54.82

From

"ZAHID <zahid@ahnaflogistics.com.bd>"

Subject

"Re: RE : Project Contract"

Attachment

"Contract AHNAF-1289.arj"

MD5

4438561f837792e6517f4adf8b001187

SHA256

455b2b7edc5b44ba25f52c3bcc1899ffb9b35997f3e40d3c6f8d893112ea0c0e

Family

RemcosRAT


(10)

Sender ip

103.232.53.200

From

"Briana Kovak-Lewis <elie.chedid@nesma.com>"

Subject

"PO No. 1081"

Attachment

"02242021_PO.PDF.rar"

MD5

b35298a2d4bd87fa4a6af9f8642fc897

SHA256

e39f414150a8d2e3f60454024df66c6a7a11ca53502b7b66f01cad9ff907b497

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

134.209.227.224

From

"=?UTF-8?B?U2FuaXllIFXEnlVSQ0FO?=" <saniyeugurcan@cono.uk>"

Subject

"Cono Partnership Opportunities"

Attachment

"WEB2020 Catalog and Professional Export Priclist Cono Group.rar"

MD5

0ac86f8275fc1d195b0e961c6afdcbd2

SHA256

e1228e2ad27292b1197a1847d18f9e886699fa8b31f1874ce54cbcfd16b11885

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(12)

Sender ip

103.232.53.200

From

"Briana Kovak-Lewis <elie.chedid@nesma.com>"

Subject

"PO No. 1081"

Attachment

"41000548564100054851.pdf.gz"

MD5

98051140cd2ae71adb85035cb1e7f368

SHA256

1a3414f52c190693968b8b234eb047e00aceb037da619f2258736398a39d50c6

Family

Unknown


(13)

Sender ip

103.139.44.91

From

"Jair Saavedra"<Jair.Saavedra@us.bitron-ind.com>"

Subject

"RE: Reply: [URGENT!] Payment Confirmation Copy - Kindly Release Our Order"

Attachment

"Payment_Confirmation_Copy.tar.001"

MD5

39c24d6652ac62a41b179324e0afb579

SHA256

b0cb5b4cabd7e1a0eaf9b905fb6bc41a8d29fc0733fdeb11df46e120de055ba2

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

103.139.44.91

From

"Jair Saavedra"<Jair.Saavedra@us.bitron-ind.com>"

Subject

"RE: Reply: [URGENT!] Payment Confirmation Copy - Kindly Release Our Order"

Attachment

"Blanket order 20210423001.tar.001"

MD5

964b9f1bc9e4f27731c2c4121270b33b

SHA256

9f3918c6ce5406cb85808f0e427a2423e5463b85cf2ba2f1d7de955e3f424872

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

84.38.133.220

From

"Nader Goerges <naderb@idm-lb.net>"

Subject

"info@letempsmedia.ch RE: Urgent Inquiry For Back Order #8936615"

Attachment

"Order List No1638829.xlsx"

MD5

eb93fc661361cb451a46cb98964504c5

SHA256

96175ad7703c5e1e1b479f8e5fd3b36061cb28c701bbcff0f10627982bc82641

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(16)

Sender ip

45.95.168.161

From

"HSBC Middle East" <info@algadeed.com>"

Subject

"HSBC Remittance Notification"

Attachment

"swift.cab"

MD5

78cffa370b01bd910e905f32d418db14

SHA256

1e25617ff9da5aef6ace63873905c8f59f7cfa68bf8d49a7ca38f68c2be26245

Family

GuLoader


(17)

Sender ip

194.49.78.221

From

"Mangili Marco <cro.msaad@cma-cgm.com>"

Subject

"Collecting Authorization"

Attachment

"Collecting Authorization.zip"

MD5

c0003cd0d487534a8c631abb2fda3c01

SHA256

61312c4e30d365cd50f80632f497b62d9164719b5c96fe9c7fcacff8219441f5

Family

SnakeKeylogger


(18)

Sender ip

162.13.154.159

From

"Nguyen Thi Nhu Quynh (Ms.) <Nguyen@dcc-group.com>"

Subject

"RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-21"

Attachment

"Purchase Inquiry&Product Specification.r00"

MD5

23a91d37feb73cca8d36f6f2c437fdff

SHA256

b582530cfda26d9dc2ca430fd46bb5e0f2967589c99d7900e21ac177fd517814

Family

Formbook


(19)

Sender ip

45.137.22.101

From

"pamel_21_02@hotmail.com"

Subject

"=?UTF-8?B?4LmD4Lia4LmB4LiI4LmJ4LiH4Lir4LiZ4Li14LmJIF84OTM0NTQ=?="

Attachment

"INVOICE0900080.R10"

MD5

c568291f6d3bfe7b5157f53929e99ebc

SHA256

bfb97d72b32b51a7a6d9d23ed2e30992f815a8275c75905dc4a31576d5d66496

Family

StormKitty

(20)

Sender ip

174.138.28.252

From

"Ranjith Kumar<exports@asvcompany.biz>"

Subject

"Purchase Order"

Attachment

"Purchase order.xlsx"

MD5

fbe979170054fe0274f6332aace920b3

SHA256

88f2688c1d5405bb3ebac4098042dde3a79b2c2e10b026df3a3f797496a70c22

Family

Loki


(21)

Sender ip

45.137.22.68

From

"Leon Lee <sales@lprautoparts.cn>"

Subject

"REQUEST FOR QUOTATION"

Attachment

"RFQ REF R2100131410.pdf.zip"

MD5

817b7442ec7e8dff6cde5dfb15ee31af

SHA256

3a59e86f85536f7ebf3edf43bd675a0b187b6423c379f9f3be63d89aefc98a77

Family

Loki


(22)

Sender ip

185.222.57.79

From

"sales@imachine-tech.com"

Subject

"RE: WRONG IBAN/PAYMENT RETURNED"

Attachment

"RE WRONG IBANPAYMENT RETURNED.zip"

MD5

37aaa999e22f780e152cebcd85b20ebd

SHA256

b0d763f47e40d7c81811432d29dc33943705d577caa97a076f616b509a87ff07

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021