Phishing Attacks 30_5_2021
(1)
Sender ip |
103.139.44.91 |
From |
" Account
Manager"<opnaccs@pennonshipping.com>" |
Subject |
"RE: PAYMENT FOR SMC 15
INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment |
"INV01542.tar.001" |
MD5 |
70afd9a7d98adeaaf110931ae176a27b |
SHA256 |
8d3ca6193a24924258493da59c6ff0f70a0965c1274d9aac2ce17ed02d061667 |
Family |
AgentTesla |
(2)
Sender ip |
78.28.205.254 |
From |
"FedEx Online Advisory
<service@dhl.com>" |
Subject |
"FEDEX EXPRESS TRACKING - COURIER
DELIVERY" |
Attachment |
"FedEx Courier
Tracking.pdf.ace" |
MD5 |
51cc56c40a3d2b7b6540069b0d096dff |
SHA256 |
fb8e126810598e66a8bfd07d710f55b22396d780e0f6fe1a7e0a1725fd65369d |
Family |
AgentTesla |
(3)
Sender ip |
103.139.44.91 |
From |
"Jason
Wen"<jason.wen@goldjet.com.cn>" |
Subject |
"RE: RE: [EXTERNAL] Pick Up the
PO 960074725 from STRIP // 784-45876876" |
Attachment |
"Customs declaration form +
release form.7z" |
MD5 |
16324127b6a4da2a2c5879267f6ee682 |
SHA256 |
ae65556e391f8e8c52a78831ec0033d0368e27de42b6fdc6e68e8ac61f400e5e |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip |
103.133.108.70 |
From |
"ALLAN SNEDDON
<galeria@fragtal.com.mx>" |
Subject |
"Fwd:PAYMENT FOR INV" |
Attachment |
"swift.45434.r00" |
MD5 |
b1a7d7705fc9f8073431a0df61092b54 |
SHA256 |
41acbe3a2677aae75b4024877852155a1fbca6b42005d0efbaca6da9e8682d4c |
Family |
AgentTesla |
(5)
Sender ip |
45.137.22.149 |
From |
"manan@nutrichemproducts.com" |
Subject |
RE: SWIFT COPY" |
Attachment |
"TT copy.r00" |
MD5 |
afbf062a6ea1cc5d77da65fb4848a552 |
SHA256 |
dff962cd61273ec024c5ecfc37b6986a57ddd913e10fbaf4cc392e76fbff406b |
Family |
AgentTesla |
(6)
Sender ip |
78.28.205.254 |
From |
"FedEx Online Advisory
<service@dhl.com>" |
Subject |
"FEDEX EXPRESS TRACKING - COURIER
DELIVERY" |
Attachment |
"FedEx Courier
Tracking.pdf.ace" |
MD5 |
d17b21dc7292745787900fd1a1f73920 |
SHA256 |
dffbd4034771d48648f3ad820ed01ed16c46da3b857dc8f0594d349c98af63a8 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip |
78.28.205.254 |
From |
"FedEx Online Advisory
<service@dhl.com>" |
Subject |
"FEDEX EXPRESS TRACKING - COURIER
DELIVERY" |
Attachment |
"AWB.NO-786334453366.z" |
MD5 |
333620534be376416f2c8ec92e5654e4 |
SHA256 |
d8773d2a6628549f7afc66d8e3aa386414049861e2f456cb5ae339cbbb103ec1 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip |
194.49.78.221 |
From |
"Rama N. Devadiga
<kuwait@wajdagroup.com>" |
Subject |
"DRAFT DOCUMENTS" |
Attachment |
"ATTACHED LIST _AMC.zip" |
MD5 |
c32b7b027f9945b15365b1b363f9c489 |
SHA256 |
ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip |
188.165.225.23 |
From |
"Robert Chen
<sales@gippsaero.com>" |
Subject |
"Re: Purchase Order
Confirmation" |
Attachment |
"Scan copy.rar" |
MD5 |
fdafaa9666f1e14bb471dfd6df98ac26 |
SHA256 |
dbe95060d7cd98a4193e74fa28f5c5ce8219106b11d669b501d95fe5bf654032 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip |
167.172.96.72 |
From |
"Phillip Novak"
<info@posclinic.com>" |
Subject |
"Revised PO_2021" |
Attachment |
"PO.2021.cab" |
MD5 |
8237406a7e9bc1364b11978fa138037e |
SHA256 |
a007cea19b203d9bc907ff3ba8a13988a03ef747a73b3239ebcbbd3442a4093b |
Family |
Formbook |
(11)
Sender ip |
109.71.254.78 |
From |
"DHL EXPRESS
<courier@dhlexpress.icu>" |
Subject |
"Shipment arrival notice" |
Attachment |
"Shipping Receipt.img" |
MD5 |
70e9f4e55debca0ed1e842e64b79daad |
SHA256 |
3c6c0c4e2932fa193f2b88c642b8f9b07b1bbfefbb3da40a3f44310c89954a16 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip |
69.61.59.207 |
From |
"Starcia
Chang<info@vinsilicorsgrau.com>" |
Subject |
"Re: Order Inquiry ABS PTE
LTD" |
Attachment |
"ABS PTE Order.rar" |
MD5 |
df4eed434ef0f3e5d178659e65fbce9a |
SHA256 |
7e79921690acb371222d6edbd8e6efce922fa133afe5ec8d823a6f39cd1b3014 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip |
31.210.20.71 |
From |
"MIDEAST |
OPS"<beu.gvatrade.operations@bunge.com>" |
Subject |
"MV PEDHOULAS TRADER PORT INFO |
APPOINTMENT //RESENDING//" |
Attachment |
"MV PEDHOULAS TRADER.zip" |
MD5 |
8a90e7c9a30e03ee9ed3031601d40483 |
SHA256 |
071a4606d681d058836106eb6e9eb180919b32b6ab776f73be3a14a729430d8e |
Family |
Formbook |
(14)
Sender ip |
103.139.44.91 |
From |
" Account
Manager"<opnaccs@pennonshipping.com>" |
Subject |
"RE: RE: PAYMENT FOR SMC 15
INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment |
"INV01542.tar.001" |
MD5 |
1475f6b0957df200e039e743288c3db8 |
SHA256 |
5ba66a4ff6b37c47656fead5bd2bdc902db6de858aa77548795f0fe4b8a7f1f3 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip |
185.222.57.79 |
From |
"info@cnggasequipment.com" |
Subject |
"Re: Invoice Query & PAYMENT
COPY" |
Attachment |
"Re Invoice Query & PAYMENT
COPY.r15" |
MD5 |
62046aa50ccaead65f979c5c459e3b76 |
SHA256 |
a4e07f0854fd631a182ebc562988b619e7a7a52d65e8b75e413781143066478c |
Family |
Unknown |
(16)
Sender ip |
103.139.44.91 |
From |
"Tang, Xiaonan, Account
Dept"<Xiaonan.Tang@grupoantolin.com>" |
Subject |
"***Urgent!***
Ningbo--Outstanding payment for month end May,28" |
Attachment |
"Ningbo--Outstanding_Payments.exe.bz2.001" |
MD5 |
e3374628150ddd998f5f064067f57332 |
SHA256 |
31c7a172c119c906515700c843fef30c007d148c2ee67d89f4e3f88579696987 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip |
185.222.58.153 |
From |
"accounting@portopalace.gr" |
Subject |
"Invoice number 2100799" |
Attachment |
"invoice number 2100799.rar" |
MD5 |
0c81822ce6bb0ec525116b35e300aff7 |
SHA256 |
ce5586dac5454b6dd0f49a4218be2adda86a663a2a2c925f90f4d4215674db51 |
Family |
Formbook |
(18)
Sender ip |
45.87.60.140 |
From |
"Ali Aslam Head Office
<davidhe@nbpif.com>" (likely spoofed) |
Subject |
"Signed Contract INVOICE." |
Attachment |
"SIGNED CONTRACT.xlsx" |
MD5 |
0df04247a510caf5ef08cb8997a2443f |
SHA256 |
9fccbe7844fa0d92de8e745ca672019db23a09777b56128bc4116ed0c7dfeb1a |
Family |
SnakeKeylogger |
(19)
Sender ip |
45.137.22.50 |
From |
"Nguyen Xuan Binh"
<marketing@acousticsind.com>" |
Subject |
"THUAN HIEP THANH CO., LTD - Ref.
#20880 (PURCHASE ORDER AND CONTRACT)" |
Attachment |
"Purchase Order &
Contract.rar" |
MD5 |
6a07a539a2ee474e0b5e11b49b9cc8a5 |
SHA256 |
d1bbd92fdf96bb1feea37d7047f5e65a2200e0177e4012befee993d3521fd7a7 |
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(20)
Sender ip |
194.49.78.201 |
From |
"vicky wong
<vicky.wong@idealfastener.com.hk>" |
Subject |
"ORDER #PO#35Tg1s" |
Attachment |
"35Tg1s.zip" |
MD5 |
ce788a689b976f6226a18a2f1c40fce6 |
SHA256 |
9f9d13830571e2d929eb95922586b9b80dbd7aac35771cc4b0fc6a2bb5c1ccc0 |
Family |
SnakeKeylogger |
(21)
Sender ip |
185.222.58.153 |
From |
"operations@spharma.co.zw" |
Subject |
"Invoice number 2100799" |
Attachment |
"48499400994094pdf.rar" |
MD5 |
3c6eae5658d7ba0ad3f2f35ab824b53f |
SHA256 |
f01d9ace959acfa77d3be870ae5444776087e9d50333b362f845d1b5d1ce5ec9 |
Family |
SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment