Phishing Attacks 30_5_2021

 




(1)

Sender ip

103.139.44.91

From

" Account Manager"<opnaccs@pennonshipping.com>"

Subject

"RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) "

Attachment

"INV01542.tar.001"

MD5

70afd9a7d98adeaaf110931ae176a27b

SHA256

8d3ca6193a24924258493da59c6ff0f70a0965c1274d9aac2ce17ed02d061667

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(2)

Sender ip

78.28.205.254

From

"FedEx Online Advisory <service@dhl.com>"

Subject

"FEDEX EXPRESS TRACKING - COURIER DELIVERY"

Attachment

"FedEx Courier Tracking.pdf.ace"

MD5

51cc56c40a3d2b7b6540069b0d096dff

SHA256

fb8e126810598e66a8bfd07d710f55b22396d780e0f6fe1a7e0a1725fd65369d

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

103.139.44.91

From

"Jason Wen"<jason.wen@goldjet.com.cn>"

Subject

"RE: RE: [EXTERNAL] Pick Up the PO 960074725 from STRIP // 784-45876876"

Attachment

"Customs declaration form + release form.7z"

MD5

16324127b6a4da2a2c5879267f6ee682

SHA256

ae65556e391f8e8c52a78831ec0033d0368e27de42b6fdc6e68e8ac61f400e5e

Family

AgentTesla

 

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(4)

 

Sender ip

103.133.108.70

From

"ALLAN SNEDDON <galeria@fragtal.com.mx>"

Subject

"Fwd:PAYMENT FOR INV"

Attachment

"swift.45434.r00"

MD5

b1a7d7705fc9f8073431a0df61092b54

SHA256

41acbe3a2677aae75b4024877852155a1fbca6b42005d0efbaca6da9e8682d4c

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(5)

Sender ip

45.137.22.149

From

"manan@nutrichemproducts.com"

Subject

RE: SWIFT COPY"

Attachment

"TT copy.r00"

MD5

afbf062a6ea1cc5d77da65fb4848a552

SHA256

dff962cd61273ec024c5ecfc37b6986a57ddd913e10fbaf4cc392e76fbff406b

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

78.28.205.254

From

"FedEx Online Advisory <service@dhl.com>"

Subject

"FEDEX EXPRESS TRACKING - COURIER DELIVERY"

Attachment

"FedEx Courier Tracking.pdf.ace"

MD5

d17b21dc7292745787900fd1a1f73920

SHA256

dffbd4034771d48648f3ad820ed01ed16c46da3b857dc8f0594d349c98af63a8

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

78.28.205.254

From

"FedEx Online Advisory <service@dhl.com>"

Subject

"FEDEX EXPRESS TRACKING - COURIER DELIVERY"

Attachment

"AWB.NO-786334453366.z"

MD5

333620534be376416f2c8ec92e5654e4

SHA256

d8773d2a6628549f7afc66d8e3aa386414049861e2f456cb5ae339cbbb103ec1

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

194.49.78.221

From

"Rama N. Devadiga <kuwait@wajdagroup.com>"

Subject

"DRAFT DOCUMENTS"

Attachment

"ATTACHED LIST _AMC.zip"

MD5

c32b7b027f9945b15365b1b363f9c489

SHA256

ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

188.165.225.23

From

"Robert Chen <sales@gippsaero.com>"

Subject

"Re: Purchase Order Confirmation"

Attachment

"Scan copy.rar"

MD5

fdafaa9666f1e14bb471dfd6df98ac26

SHA256

dbe95060d7cd98a4193e74fa28f5c5ce8219106b11d669b501d95fe5bf654032

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

167.172.96.72

From

"Phillip Novak" <info@posclinic.com>"

Subject

"Revised PO_2021"

Attachment

"PO.2021.cab"

MD5

8237406a7e9bc1364b11978fa138037e

SHA256

a007cea19b203d9bc907ff3ba8a13988a03ef747a73b3239ebcbbd3442a4093b

Family

Formbook


(11)

Sender ip

109.71.254.78

From

"DHL EXPRESS <courier@dhlexpress.icu>"

Subject

"Shipment arrival notice"

Attachment

"Shipping Receipt.img"

MD5

70e9f4e55debca0ed1e842e64b79daad

SHA256

3c6c0c4e2932fa193f2b88c642b8f9b07b1bbfefbb3da40a3f44310c89954a16

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(12)

Sender ip

69.61.59.207

From

"Starcia Chang<info@vinsilicorsgrau.com>"

Subject

"Re: Order Inquiry ABS PTE LTD"

Attachment

"ABS PTE Order.rar"

MD5

df4eed434ef0f3e5d178659e65fbce9a

SHA256

7e79921690acb371222d6edbd8e6efce922fa133afe5ec8d823a6f39cd1b3014

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(13)

Sender ip

31.210.20.71

From

"MIDEAST | OPS"<beu.gvatrade.operations@bunge.com>"

Subject

"MV PEDHOULAS TRADER PORT INFO | APPOINTMENT //RESENDING//"

Attachment

"MV PEDHOULAS TRADER.zip"

MD5

8a90e7c9a30e03ee9ed3031601d40483

SHA256

071a4606d681d058836106eb6e9eb180919b32b6ab776f73be3a14a729430d8e

Family

Formbook


(14)

Sender ip

103.139.44.91

From

" Account Manager"<opnaccs@pennonshipping.com>"

Subject

"RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) "

Attachment

"INV01542.tar.001"

MD5

1475f6b0957df200e039e743288c3db8

SHA256

5ba66a4ff6b37c47656fead5bd2bdc902db6de858aa77548795f0fe4b8a7f1f3

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

185.222.57.79

From

"info@cnggasequipment.com"

Subject

"Re: Invoice Query & PAYMENT COPY"

Attachment

"Re Invoice Query & PAYMENT COPY.r15"

MD5

62046aa50ccaead65f979c5c459e3b76

SHA256

a4e07f0854fd631a182ebc562988b619e7a7a52d65e8b75e413781143066478c

Family

Unknown


(16)

Sender ip

103.139.44.91

From

"Tang, Xiaonan, Account Dept"<Xiaonan.Tang@grupoantolin.com>"

Subject

"***Urgent!*** Ningbo--Outstanding payment for month end May,28"

Attachment

"Ningbo--Outstanding_Payments.exe.bz2.001"

MD5

e3374628150ddd998f5f064067f57332

SHA256

31c7a172c119c906515700c843fef30c007d148c2ee67d89f4e3f88579696987

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(17)

Sender ip

185.222.58.153

From

"accounting@portopalace.gr"

Subject

"Invoice number 2100799"

Attachment

"invoice number 2100799.rar"

MD5

0c81822ce6bb0ec525116b35e300aff7

SHA256

ce5586dac5454b6dd0f49a4218be2adda86a663a2a2c925f90f4d4215674db51

Family

Formbook


(18)

Sender ip

45.87.60.140

From

"Ali Aslam Head Office <davidhe@nbpif.com>" (likely spoofed)

Subject

"Signed Contract INVOICE."

Attachment

"SIGNED CONTRACT.xlsx"

MD5

0df04247a510caf5ef08cb8997a2443f

SHA256

9fccbe7844fa0d92de8e745ca672019db23a09777b56128bc4116ed0c7dfeb1a

Family

SnakeKeylogger


(19)

Sender ip

45.137.22.50

From

"Nguyen Xuan Binh" <marketing@acousticsind.com>"

Subject

"THUAN HIEP THANH CO., LTD - Ref. #20880 (PURCHASE ORDER AND CONTRACT)"

Attachment

"Purchase Order & Contract.rar"

MD5

6a07a539a2ee474e0b5e11b49b9cc8a5

SHA256

d1bbd92fdf96bb1feea37d7047f5e65a2200e0177e4012befee993d3521fd7a7

Family

NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(20)

Sender ip

194.49.78.201

From

"vicky wong <vicky.wong@idealfastener.com.hk>"

Subject

"ORDER #PO#35Tg1s"

Attachment

"35Tg1s.zip"

MD5

ce788a689b976f6226a18a2f1c40fce6

SHA256

9f9d13830571e2d929eb95922586b9b80dbd7aac35771cc4b0fc6a2bb5c1ccc0

Family

SnakeKeylogger


(21)

Sender ip

185.222.58.153

From

"operations@spharma.co.zw"

Subject

"Invoice number 2100799"

Attachment

"48499400994094pdf.rar"

MD5

3c6eae5658d7ba0ad3f2f35ab824b53f

SHA256

f01d9ace959acfa77d3be870ae5444776087e9d50333b362f845d1b5d1ce5ec9

Family

SnakeKeylogger

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021