Phishing Attacks 27_5_2021
(1)
Sender ip |
185.222.58.153 |
From |
"accounting@portopalace.gr" |
Subject |
"RePayment copy" |
Attachment |
"Scan-copy.rar" |
MD5 |
5bd1604602a9aeeee4332ad2d7bd1bb2 |
SHA256 |
48455ff00d5441fb5eab0db6b46964ec4f14611f15f8d00a7b8b24f960f9ef1e |
Family |
Formbook |
(2)
Sender ip |
45.137.22.68 |
From |
"Josh Adams
<sales@hyperiongroup.com>" |
Subject |
"REQUEST FOR QUOTATION (RFQ REF :
R2100131410)" |
Attachment |
"REQUEST FOR QUOTATION (RFQ REF
R2100131410).zip" |
MD5 |
54646bf78c439ac5def2f0da07e7515e |
SHA256 |
b61bc8dbff7333ce96cf5a5f59575845872e229facd3dc13da76835d5dddc01c |
Family |
Loki |
(3)
Sender ip |
5.180.123.53 |
From |
"Kalayci Bulent"
<sales@medsurage.live>" |
Subject |
"Re: REQUEST FOR QUOTATION" |
Attachment |
"ORDER LIST.pdf.zip" |
MD5 |
372d269702ca0030ed6f74a4420f3110 |
SHA256 |
bdadd78792a7c09144a0fbc30f212c069c3672b809b4ffb1acb1c4375422313c |
Family |
Formbook |
(4)
Sender ip |
103.82.26.199 |
From |
"Hoskins
Eric"<admin@sayyess.site>" |
Subject |
"RFQ" |
Attachment |
"request_list.xlsx" |
MD5 |
f2af2d11edfac75d0d326ceaee8e3c2e |
SHA256 |
07f73ff04ab80e4556fa01e1e93c345d768988b0d4cd344dafb605273bc651fc |
Family |
Formbook |
(5)
Sender ip |
164.52.201.242 |
From |
"nagpur.branch@swiftsecuritas.in" |
Subject |
"PO QT-028564" |
Attachment |
"PO QT-028564.xlsx" |
MD5 |
f050e56ab676181725f01ef44c4c9123 |
SHA256 |
9da6954c23239e9dca041649d884dea2f7d1bc04414e808a9c32c216c2033e2e |
Family |
AgentTesla |
(6)
Sender ip |
188.165.225.23 |
From |
"Grace Chang
<grace.chu@ascoliasia.com>" |
Subject |
"New Customer Purchase Order
Document(s)" |
Attachment |
"Scan docs.rar" |
MD5 |
4ff8bb7a9f01ac5d510b6a5788913165 |
SHA256 |
06edf7ddc282ea3b4f44a968ed79184ae9a9af4d52894f6916e2fe43923b5fe0 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip |
203.159.80.83 |
From |
"Basem
Shaban"<Battia@hydrotech-eg.com>" |
Subject |
"FW: AW: Egyption Arab
Contracting INVOICE REQUEST 3301 - TOP URGENT-" |
Attachment |
"POBKMIN20210000000231PDF.r15" |
MD5 |
6e83277751736eaa28b2f2184be7525b |
SHA256 |
8d0f251cbbeb43f2a100d232e74837d3e93ddd4531b5c0b7461845b10cca3ce0 |
Family |
AZORult |
(8)
Sender ip |
103.232.53.200 |
From |
"Sales Department"
<sales.mitsubishi@leongroup.com.np>" |
Subject |
"RFQ 210525-037 FEAP
(MItsubishi)" |
Attachment |
"210525_332641-pdf.gz" |
MD5 |
022095d6016cd5d5c85ff74724147e14 |
SHA256 |
a9008e9a58111342b709c67862250741f5363222c0b4bd3111e4f78cd434ee13 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip |
206.81.25.122 |
From |
"DHL EXPRESS
<support@dhl.com>" |
Subject |
"DHL CONSIGNMENT NOTIFICATION:
AWB 9899691012 Clearance Doc" |
Attachment |
"Consignment
Details_pdf.rar" |
MD5 |
6c2a1178a96b9859f2b2cb539b43920a |
SHA256 |
eb4435e90357e458b14e53e00945a5c5718db7190640cc09591f72d9ce0d77de |
Family |
SnakeKeylogger |
(10)
Sender ip |
45.137.22.149 |
From |
"armand.omid@padmira.com" |
Subject |
"RE: PAYMENT INSTRUCTIONS" |
Attachment |
"PAYMENT BANK INSTRUCTIONS
COPY.r00" |
MD5 |
c43ae48b7d660e3efc0d4ca9c4e6e710 |
SHA256 |
37ba529fbc8776f8f59bc70e4ffdc15fcbd4794453d7e368e8242dd82df6ad11 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
Sender ip |
103.232.53.200 |
From |
"Sales
Department<elie.chedid@nesma.com>" |
Subject |
"Aw: Purchase Order 5638044" |
Attachment |
"new po.xlsx" |
MD5 |
c860a74a119a235d0c7b67d3bd12cfd0 |
SHA256 |
803dbe4358ea84a8013942e1b5a8b897ac8ce4144740d1a6f7bddb47da4edb7f |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip |
138.68.164.40 |
From |
"Japan Marine-Team C"
<salesfive@jmsgroup.jp>" |
Subject |
"Request for quotation ( ANWP -
APL ANTWERP ) : SPR/ANWP/D/21/020" |
Attachment |
"Request for quotation
SPRANWPD21020.pdf.cab" |
MD5 |
4916a124cc953aa9208ca30525d5bfdb |
SHA256 |
3a2c294202eb4eebbc24a81041afadebae4d11fc741276cb8de8e812382354a6 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip |
138.68.164.40 |
From |
"Ilyas YILDIRIM"
<ilyas@besiktasmarine.com>" |
Subject |
"CURRENT SOA // BESIKTAS
MARINE" |
Attachment |
"ROZ MARINE -
OUTSENDING.pdf.cab" |
MD5 |
c571503d8c0af02d0a942feaf1fb8d63 |
SHA256 |
93ce66cb00a4916fb0949235dd4b009a54d7f1e261652e5f67242f407f5a245c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
103.153.78.166 |
From |
"office@marine-group.eu" |
Subject |
"RE: Invoice Request
17INV06003" |
Attachment |
"Pdf Scen Invoice
17INV06003.r00" |
MD5 |
39ec4073836600acee4d25216f358b42 |
SHA256 |
788d26d24e830328ddb8538a8125af334df8ac92aedc2801af8df7ed0ba90fe8 |
Family |
Formbook |
(15)
Sender ip |
103.153.78.166 |
From |
"Adeline<intrsystm@hotmail.com>" |
Subject |
"RE: PAYMENT INSTRUCTIONS" |
Attachment |
"PAYMENT INSTRUCTIONS
COPY.r01" |
MD5 |
4e9896e40dba8e4090586eec2b126622 |
SHA256 |
a581540b37de1c11b9ea8b2ef286c73f54147dbd4013c1a3dbb3b6f9ef280424 |
Family |
Formbook |
(16)
Sender ip |
103.139.44.91 |
From |
"Boris Liu (Account
CN)"<boris.liu@lyondellbasell.com>" |
Subject |
"Fw: [EXTERNAL]-- Your
Ningbo--Company Account Information" |
Attachment |
"Bank_Information.tar.001" |
MD5 |
70fddb1d09c7870405664cf7abf0a741 |
SHA256 |
dd6d6fec3d550d6a03b813c09df830c9a542e4d4b54401398e4625a5649ed874 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip |
185.222.58.153 |
From |
"accounting@portopalace.gr" |
Subject |
"RePayment copy" |
Attachment |
"Swift-Copy.zip" |
MD5 |
224d0b554919d06c6307a62e8a7ba812 |
SHA256 |
782f81875dd8679b6b6385164239eea4de4a1c2353ab7941a640813fac2fa0e3 |
Family |
SnakeKeylogger |
(18)
Sender ip |
45.137.22.68 |
From |
"Haiyan Zhao
<sales@sabaapharmagroup.com>" |
Subject |
"RE: [Quote JQ102474]RE: new
RFQ" |
Attachment |
"Quote JQ102474.pdf.zip" |
MD5 |
cdfc0ec3ac0a56dbecf5a7765abd96e5 |
SHA256 |
ee4d08cbe3a26c2e8999545350038b61a9eb5f00da7696da7c4a049a650b6bf9 |
Family |
Loki |
(19)
Sender ip |
31.210.21.191 |
From |
"Sindy Teo
<sindyteo@innovalues.com>" |
Subject |
"Items" |
Attachment |
"Purchase order.zip" |
MD5 |
273da8ef023d8bd5bffde174a78a6c26 |
SHA256 |
f89adb62ec915a1b44b2859fb18e8fb8bca65b04c740a9e7045f0b968fd81e34 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment