Phishing Attacks 27_5_2021

 




(1)

Sender ip

185.222.58.153

From

"accounting@portopalace.gr"

Subject

"RePayment copy"

Attachment

"Scan-copy.rar"

MD5

5bd1604602a9aeeee4332ad2d7bd1bb2

SHA256

48455ff00d5441fb5eab0db6b46964ec4f14611f15f8d00a7b8b24f960f9ef1e

Family

Formbook

 


(2)

Sender ip

45.137.22.68

From

"Josh Adams <sales@hyperiongroup.com>"

Subject

"REQUEST FOR QUOTATION (RFQ REF : R2100131410)"

Attachment

"REQUEST FOR QUOTATION (RFQ REF R2100131410).zip"

MD5

54646bf78c439ac5def2f0da07e7515e

SHA256

b61bc8dbff7333ce96cf5a5f59575845872e229facd3dc13da76835d5dddc01c

Family

Loki

 

(3)

 

Sender ip

5.180.123.53

From

"Kalayci Bulent" <sales@medsurage.live>"

Subject

"Re: REQUEST FOR QUOTATION"

Attachment

"ORDER LIST.pdf.zip"

MD5

372d269702ca0030ed6f74a4420f3110

SHA256

bdadd78792a7c09144a0fbc30f212c069c3672b809b4ffb1acb1c4375422313c

Family

Formbook

 


(4)

 

Sender ip

103.82.26.199

From

"Hoskins Eric"<admin@sayyess.site>"

Subject

"RFQ"

Attachment

"request_list.xlsx"

MD5

f2af2d11edfac75d0d326ceaee8e3c2e

SHA256

07f73ff04ab80e4556fa01e1e93c345d768988b0d4cd344dafb605273bc651fc

Family

Formbook

 


(5)

Sender ip

164.52.201.242

From

"nagpur.branch@swiftsecuritas.in"

Subject

"PO QT-028564"

Attachment

"PO QT-028564.xlsx"

MD5

f050e56ab676181725f01ef44c4c9123

SHA256

9da6954c23239e9dca041649d884dea2f7d1bc04414e808a9c32c216c2033e2e

Family

AgentTesla

 

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

188.165.225.23

From

"Grace Chang <grace.chu@ascoliasia.com>"

Subject

"New Customer Purchase Order Document(s)"

Attachment

"Scan docs.rar"

MD5

4ff8bb7a9f01ac5d510b6a5788913165

SHA256

06edf7ddc282ea3b4f44a968ed79184ae9a9af4d52894f6916e2fe43923b5fe0

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

203.159.80.83

From

"Basem Shaban"<Battia@hydrotech-eg.com>"

Subject

"FW: AW: Egyption Arab Contracting INVOICE REQUEST 3301 - TOP URGENT-"

Attachment

"POBKMIN20210000000231PDF.r15"

MD5

6e83277751736eaa28b2f2184be7525b

SHA256

8d0f251cbbeb43f2a100d232e74837d3e93ddd4531b5c0b7461845b10cca3ce0

Family

AZORult


(8)

Sender ip

103.232.53.200

From

"Sales Department" <sales.mitsubishi@leongroup.com.np>"

Subject

"RFQ 210525-037 FEAP (MItsubishi)"

Attachment

"210525_332641-pdf.gz"

MD5

022095d6016cd5d5c85ff74724147e14

SHA256

a9008e9a58111342b709c67862250741f5363222c0b4bd3111e4f78cd434ee13

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

206.81.25.122

From

"DHL EXPRESS <support@dhl.com>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"Consignment Details_pdf.rar"

MD5

6c2a1178a96b9859f2b2cb539b43920a

SHA256

eb4435e90357e458b14e53e00945a5c5718db7190640cc09591f72d9ce0d77de

Family

SnakeKeylogger


(10)

Sender ip

45.137.22.149

From

"armand.omid@padmira.com"

Subject

"RE: PAYMENT INSTRUCTIONS"

Attachment

"PAYMENT BANK INSTRUCTIONS COPY.r00"

MD5

c43ae48b7d660e3efc0d4ca9c4e6e710

SHA256

37ba529fbc8776f8f59bc70e4ffdc15fcbd4794453d7e368e8242dd82df6ad11

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

103.232.53.200

From

"Sales Department<elie.chedid@nesma.com>"

Subject

"Aw: Purchase Order 5638044"

Attachment

"new po.xlsx"

MD5

c860a74a119a235d0c7b67d3bd12cfd0

SHA256

803dbe4358ea84a8013942e1b5a8b897ac8ce4144740d1a6f7bddb47da4edb7f

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(12)

Sender ip

138.68.164.40

From

"Japan Marine-Team C" <salesfive@jmsgroup.jp>"

Subject

"Request for quotation ( ANWP - APL ANTWERP ) : SPR/ANWP/D/21/020"

Attachment

"Request for quotation SPRANWPD21020.pdf.cab"

MD5

4916a124cc953aa9208ca30525d5bfdb

SHA256

3a2c294202eb4eebbc24a81041afadebae4d11fc741276cb8de8e812382354a6

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(13)

Sender ip

138.68.164.40

From

"Ilyas YILDIRIM" <ilyas@besiktasmarine.com>"

Subject

"CURRENT SOA // BESIKTAS MARINE"

Attachment

"ROZ MARINE - OUTSENDING.pdf.cab"

MD5

c571503d8c0af02d0a942feaf1fb8d63

SHA256

93ce66cb00a4916fb0949235dd4b009a54d7f1e261652e5f67242f407f5a245c

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

103.153.78.166

From

"office@marine-group.eu"

Subject

"RE: Invoice Request 17INV06003"

Attachment

"Pdf Scen Invoice 17INV06003.r00"

MD5

39ec4073836600acee4d25216f358b42

SHA256

788d26d24e830328ddb8538a8125af334df8ac92aedc2801af8df7ed0ba90fe8

Family

Formbook


(15)

Sender ip

103.153.78.166

From

"Adeline<intrsystm@hotmail.com>"

Subject

"RE: PAYMENT INSTRUCTIONS"

Attachment

"PAYMENT INSTRUCTIONS COPY.r01"

MD5

4e9896e40dba8e4090586eec2b126622

SHA256

a581540b37de1c11b9ea8b2ef286c73f54147dbd4013c1a3dbb3b6f9ef280424

Family

Formbook


(16)

Sender ip

103.139.44.91

From

"Boris Liu (Account CN)"<boris.liu@lyondellbasell.com>"

Subject

"Fw: [EXTERNAL]-- Your Ningbo--Company Account Information"

Attachment

"Bank_Information.tar.001"

MD5

70fddb1d09c7870405664cf7abf0a741

SHA256

dd6d6fec3d550d6a03b813c09df830c9a542e4d4b54401398e4625a5649ed874

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(17)

Sender ip

185.222.58.153

From

"accounting@portopalace.gr"

Subject

"RePayment copy"

Attachment

"Swift-Copy.zip"

MD5

224d0b554919d06c6307a62e8a7ba812

SHA256

782f81875dd8679b6b6385164239eea4de4a1c2353ab7941a640813fac2fa0e3

Family

SnakeKeylogger


(18)

Sender ip

45.137.22.68

From

"Haiyan Zhao <sales@sabaapharmagroup.com>"

Subject

"RE: [Quote JQ102474]RE: new RFQ"

Attachment

"Quote JQ102474.pdf.zip"

MD5

cdfc0ec3ac0a56dbecf5a7765abd96e5

SHA256

ee4d08cbe3a26c2e8999545350038b61a9eb5f00da7696da7c4a049a650b6bf9

Family

Loki


(19)

Sender ip

31.210.21.191

From

"Sindy Teo <sindyteo@innovalues.com>"

Subject

"Items"

Attachment

"Purchase order.zip"

MD5

273da8ef023d8bd5bffde174a78a6c26

SHA256

f89adb62ec915a1b44b2859fb18e8fb8bca65b04c740a9e7045f0b968fd81e34

Family

AgentTesla


 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.





If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Popular posts from this blog

IOCs 7_8_2021

Phishing Attacks 3_3_2021

Phishing Attacks 23_4_2022