Phishing Attacks 26_5_2021
(1)
|
Sender ip |
103.232.53.200 |
|
From |
"info@sarcigroup.com" |
|
Subject |
"RE: Quotation for M/S Unique
Forgings ( Primary Shafts )" |
|
Attachment |
"Quotation 03143-pdf.gz" |
|
MD5 |
9a3e328d7d6e72c321bd38f3c54ed037 |
|
SHA256 |
74754f6af0fa4e1eb419e3e6d6ce478c0fdb6bbc81848456c3ac493b61e02ce2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
|
Sender ip |
66.7.148.92 |
|
From |
"ASHWIN SHAH"
<ashwin@jashbin.com>" |
|
Subject |
"New Request For Quote" |
|
Attachment |
"LIST AND SAMPLE OF
ITEMS.xz" |
|
MD5 |
3783ca35b4ab5b32204b3d58f51e1aab |
|
SHA256 |
a316e4e6cc44bf9b539e8867622d4109fd2c8f9e86f43c064f022253e50dec48 |
|
Family |
AgentTesla |
(3)
|
Sender ip |
45.137.22.149 |
|
From |
"Mantana@eiamheng.com" |
|
Subject |
"RE: PAYMENT COPY MT103" |
|
Attachment |
"payment copy.r00" |
|
MD5 |
c49d734b1558a910cb818dfedcde59a6 |
|
SHA256 |
d8a8dfa118c2df00beb4b1d1c2225fdcad8a9cd616e018c359f29f11c3fe0c6a |
|
Family |
AgentTesla |
(4)
|
Sender ip |
103.153.78.166 |
|
From |
"transferencias_supernet@bancosantander.es" |
|
Subject |
"Crossborder transfer" |
|
Attachment |
"Pdf MT103 -
Remittance.pdf.r00" |
|
MD5 |
0a806f14c6bdeefd9244e22533e5c50a |
|
SHA256 |
e0de4490d27525f239ee513375c97daf4f3d818b6214814727aff8578d190fea |
|
Family |
Formbook |
(5)
|
Sender ip |
103.232.53.200 |
|
From |
"info@rafidgroup.com" |
|
Subject |
"PURCHASE ORDER FOR
MG005107RM" |
|
Attachment |
"Drawing 34726-pdf.gz" |
|
MD5 |
07d867640032d6708fd17b32a793256e |
|
SHA256 |
abad1aafcf4cd310369ed51591f5bc1d7503fa0eb93a9c58dfad608e9b3f4d45 |
|
Family |
AgentTesla |
(6)
|
Sender ip |
194.49.78.247 |
|
From |
"Fayyaz
TFM<ops@team-freight.com>" |
|
Subject |
"Shipping & Packing
Instructions for S0002B-T-1 // PO-17C3266B-S0002" |
|
Attachment |
"HL-883525800 DOCAU BC
ORIGINAL.zip" |
|
MD5 |
c1d4b3c5dcaa5334ae1944f80f87378c |
|
SHA256 |
b4b1781dda8a8e68ca7a4937d0c22c5ce7c651e0ddb3cd58420704fab2b433b2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
|
Sender ip |
45.137.22.68 |
|
From |
"Michael
<sales@nwpump.com>" |
|
Subject |
"*URGENT SUPPLY* QUOTE
B1020363" |
|
Attachment |
"QUOTE B1020363.zip" |
|
MD5 |
2b4a29ccd466868351bcc15717151ccd |
|
SHA256 |
d9ff98c9543843e57ea54fc1d46bc3859b140d98795cd6a9c843269804504a11 |
|
Family |
Loki |
(8)
|
Sender ip |
185.222.57.72 |
|
From |
"Account2
<rud-division@alkuhaimi.com>" |
|
Subject |
"Re: Invoice" |
|
Attachment |
"Payment Recipt_MT103.r00" |
|
MD5 |
f548077aae981098b74b97a9742390e5 |
|
SHA256 |
e79a8a554653e23ee5b00792e0a605ce5e3b3103c33270666b1c73aab99c7b71 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
|
Sender ip |
209.85.219.179 |
|
From |
"Rajiv Mehrishi
<mehrishirajiv77@gmail.com>" |
|
Subject |
"Re:Good News" |
|
Attachment |
"United Nations Poverty
Mitigation Program Lottery.doc" |
|
MD5 |
6d3817e8ea41da6d8a420a03808c5bde |
|
SHA256 |
fb7967ee95b77b5359e16dc3f28ee5f3242a8fc0c4846fea4bc2a7cce1fa9639 |
|
Family |
Unknown |
(10)
|
Sender ip |
46.37.232.45 |
|
From |
"Giovanni Arrigoni"
<service1@ctssistemi.it>" |
|
Subject |
"R: Payment" |
|
Attachment |
"SWIFT-EUR 51720.IMG" |
|
MD5 |
d53fb7a4ceeac253dff70df83c2b607d |
|
SHA256 |
786a4ac3cd2c3518ceb31ffff1defc8ca1c77820ae2985fbfeda4e2af8a46425 |
|
Family |
Formbook |
(11)
|
Sender ip |
84.38.130.220 |
|
From |
"Adel
Al-Ofi"<ofiaf@sabic.com>" |
|
Subject |
"PO-RF5X500300518" |
|
Attachment |
"PO-RFX5500300518.rar" |
|
MD5 |
94b3c55598198c8ff1b5ede1d5ee0c9c |
|
SHA256 |
6f16bcd7e63b12a83ac2c7729d75053dc63f73dc99e4b95a07ab4c9b895168c9 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender ip |
199.10.31.238 |
|
From |
"exportsdoc@tnt.com" |
|
Subject |
"TNT Shipping Document" |
|
Attachment |
"TNT SHIPPING DOCUMENT.docx" |
|
MD5 |
200dafe1819ed68933ba25435158368e |
|
SHA256 |
1855630cf9d2fc68b702b6c2009741ba9855bbccfbd867ffeacb808625339a70 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
|
Sender ip |
178.62.62.36 |
|
From |
"Imtiaz Mahmod
<no-replay@idverify.pro>" |
|
Subject |
"RE: RE: RE: RE: RE: New Order of
2021" |
|
Attachment |
"38 X 38 X 2.5 MM.xlsx" |
|
MD5 |
487ad1263c69b646deea3281714af9d7 |
|
SHA256 |
96dfbd66f0f66fcde3a600b7fba76137e246e946e5dc90f4bfc849125e16cb62 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
|
Sender ip |
103.139.44.91 |
|
From |
"James Ni (DHL
CN)"<5idhl_noreply@dhl.com>" |
|
Subject |
"[URGENT!] China DHL Express - Invoices
Follow Up May,26" |
|
Attachment |
"DHL-Overdue_Invoices.exe.xz.001" |
|
MD5 |
b105e0d65f4a7d9c66ddf339386fcc1b |
|
SHA256 |
6324e8ec61dfd5c38592581c010a0db0c61298ddb1b07a4212e5ce55395970d1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
|
Sender ip |
185.222.57.135 |
|
From |
"Terence So
<terence.so@otlsystems.com>" |
|
Subject |
"Re: PO 2020208" |
|
Attachment |
"NEW ORDER.gz" |
|
MD5 |
69af76698c77771e6923da240a9bd79a |
|
SHA256 |
da84f9f0c9934f8518ec4e2b6f1586e6670029e1235c377d596843059e14f101 |
|
Family |
Formbook |
(16)
|
Sender ip |
185.104.112.102 |
|
From |
"JAIME PRADANA
LOPEZ<jaime.pradana@bbva.com>" |
|
Subject |
"=?UTF8?B?Y29uZmlybWFjacOzbiBkZSBwYWdvIDA4LTAgNC0yMDIx?=" |
|
Attachment |
"pago_080402020184767.gz" |
|
MD5 |
a889c0c38a9d15dfe92d67ec3751efba |
|
SHA256 |
2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
|
Sender ip |
180.214.239.97 |
|
From |
"Aaron
<Aaron@GSYS.COM>" |
|
Subject |
"Swift " |
|
Attachment |
"SWIFT.rar" |
|
MD5 |
42aaaf1fc8f15ea0fd6361ad312b8de4 |
|
SHA256 |
b9cfef20666887c643c8cc4e536640b778f75a8d4fb619cb43ac143c10a43bb1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
|
Sender ip |
194.49.78.247 |
|
From |
"QKLBOOK<QKLBOOK@hlag.com>" |
|
Subject |
"HL-88661535 DOCAU " |
|
Attachment |
"HL-88661535 DOCAU BC
ORIGINAL.zip" |
|
MD5 |
d68c2edd277acd1cb238eede626280a1 |
|
SHA256 |
bc635ecabff0a4afa527d345d862e2c35a0adaf0262e391552c001cc705dc7ba |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
|
Sender ip |
134.209.120.202 |
|
From |
"Japan Marine-Team C"
<salesfive@jmsgroup.jp>" |
|
Subject |
"Request for quotation ( ANWP -
APL ANTWERP ) : SPR/ANWP/D/21/020" |
|
Attachment |
"Request for quotation
SPRANWPD21020.pdf.cab" |
|
MD5 |
cb56306bfff4f4a08798d95689d64b76 |
|
SHA256 |
f46eab47d29c284d649403e6f7709bdc34123d1576c44cb8fa6b9dad720d6acd |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
|
Sender ip |
134.209.120.202 |
|
From |
"Ilyas YILDIRIM" <ilyas@besiktasmarine.com>" |
|
Subject |
"CURRENT SOA // BESIKTAS
MARINE" |
|
Attachment |
"ROZ MARINE -
OUTSENDING.pdf.gz" |
|
MD5 |
2b8bd67d831fa6ef103181d6aeb67117 |
|
SHA256 |
cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
|
Sender ip |
103.153.78.166 |
|
From |
"office@marine-group.eu" |
|
Subject |
"RE: Invoice Request
17INV06003" |
|
Attachment |
"Pdf Scen Invoice
17INV06003.r00" |
|
MD5 |
576f8e40054ea7dd88aa93307233b2e5 |
|
SHA256 |
0dcd24b31b9b4c02af0d470b6212b2a3cee318c5745dd002e9c900f5dc6375a1 |
|
Family |
Formbook |
(22)
|
Sender ip |
185.222.57.229 |
|
From |
"salesgroup_2@chinamould.net" |
|
Subject |
"RE: Revise PI" |
|
Attachment |
"PI1942100023.zip" |
|
MD5 |
7305a54b5ad583a0ca1539d51ce91dd4 |
|
SHA256 |
d55be05b5dd111d22304305b4303c9496b2fcc0db25e12c8fc74ed84dbeace5a |
|
Family |
Formbook |
(23)
|
Sender ip |
74.208.85.196 |
|
From |
"purchase
<xsanchez@brenntagla.com>" |
|
Subject |
"=?UTF-8?Q?RE=3A_Nueva_consulta_/_orden_de_cotizaci=C3=B3n=2E=2E?= =?UTF-8?Q?=2E?=" |
|
Attachment |
"requested product
lists.PDF_________________________________________________.lzh" |
|
MD5 |
2b485dc45272da1dd7d13d03b14f9adb |
|
SHA256 |
9ff0617ab1bb17359e3de9edf4dd5b88ff6dbbeea8d8df7ab49a3a027570ce1b |
|
Family |
SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment