Phishing Attacks 31_5_2021
(1)
Sender ip |
103.139.44.91 |
From |
"Julia"<Julia@kapton.cn>" |
Subject |
"Re: Reply: New LCL Order
SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
Attachment |
"Billing Information.jar" |
MD5 |
5b13b97de3e069c8231335824d0d87ac |
SHA256 |
8fb45fbea1b2a16c2626c8909c46a499b17c376e96e3c82869cf4bcca4c40c9b |
Family |
AgentTesla |
(2)
Sender ip |
103.139.44.91 |
From |
"Julia"<Julia@kapton.cn>" |
Subject |
"Re: Reply: New LCL Order
SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
Attachment |
"Business License.jar" |
MD5 |
f11053fbbe407ef5d9011f4dfdf982e2 |
SHA256 |
40903fc5f42d516a5ef24e8cc1185268df19616b06d2ac7ed05069a6d5c3d6ec |
Family |
AgentTesla |
(3)
Sender ip |
103.139.44.91 |
From |
" Account
Manager"<opnaccs@pennonshipping.com>" |
Subject |
"RE: RE: PAYMENT FOR SMC 15
INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment |
"INV01562.tar.001" |
MD5 |
0e6d45a00324043f6f24e8f8fe1b2926 |
SHA256 |
a7907cdbe6a094994b2b3b58c161a02fc6921ac7ba8c19b48be647ec2b30c331 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip |
103.139.44.91 |
From |
" Account
Manager"<opnaccs@pennonshipping.com>" |
Subject |
"RE: RE: PAYMENT FOR SMC 15
INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment |
"INV01542.tar.001" |
MD5 |
17e60b9f7acb3038925bedb241114ce9 |
SHA256 |
72a3ca5c0cb9e7376a6e25067160668635e755837209e67ab5297e2b53375cd4 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
Sender ip |
195.201.227.104 |
From |
"Ankit
<ankit@ambelogistics.in>" |
Subject |
"POST SHIPMENT DOCUMENT" |
Attachment |
"POST SHIPMENT DOCUMENT.zip" |
MD5 |
3c026cfba101319a48c790fe8372f944 |
SHA256 |
b16a260c536b47dcf3e8d89c85851654833361c7d0fc583dd66d1891ea0f9bf4 |
Family |
SnakeKeylogger |
(6)
Sender ip |
78.28.205.254 |
From |
"Artimpex Trading group
<info@wowhomeapp.com>" |
Subject |
"Re: New Purchase Order" |
Attachment |
"PO#310521.PDF.rar" |
MD5 |
69ed72f9c348538dbcb97e5cbc215b9a |
SHA256 |
b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f |
Family |
Formbook |
(7)
Sender ip |
45.87.60.27 |
From |
"Artimpex Trading group
<info@wowhomeapp.com>" |
Subject |
"Re: New Purchase Order" |
Attachment |
"PO#310521.PDF.rar" |
MD5 |
69ed72f9c348538dbcb97e5cbc215b9a |
SHA256 |
b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f |
Family |
Formbook |
(8)
Sender ip |
185.121.120.179 |
From |
"ELITE SDN BHD <postmaster@cowbown.com>" |
Subject |
"PURCHASE ORDER" |
Attachment |
"Po.xlsx" |
MD5 |
eb1fcbc470f904f1a944e5144bbf3962 |
SHA256 |
7e2fc2c85360f8aac0306846e4c0680f89c790bc3e562e928f55c55915eaeec8 |
Family |
Unknown |
(9)
Sender ip |
103.153.182.81 |
From |
"Elie Abdel Ahad <sales@iran-bitumen.com>" |
Subject |
"Re: Re: PI" |
Attachment |
"PO (2).pdf.z" |
MD5 |
252dac1a46cbe56375f28aedb6451406 |
SHA256 |
6819c13eb00405acabe777c8e56d3e7303c7f036f9481c3cb4c83de86ff3df5c |
Family |
Loki |
(10)
Sender ip |
103.153.182.81 |
From |
"Elie Abdel Ahad <sales@iran-bitumen.com>" |
Subject |
"Re: Re: PI" |
Attachment |
"PO.pdf.z" |
MD5 |
c13ed3b0b70a64891fce812e3b266882 |
SHA256 |
fce1d2ef1b91a2f2bb6601fd37e1dff8998af1479febc41ec115139f717ac7d0 |
Family |
Loki |
(11)
Sender ip |
194.49.78.221 |
From |
"Shiv <shivs@airasia.com>" |
Subject |
"ARRIVAL NOTICE" |
Attachment |
"SCAN 20210531_010.zip" |
MD5 |
cda896e3c742150675773f3e5531a71d |
SHA256 |
ee8890d81ee1f4b0efa0b637254087b9335a88e2cece751a115cc9f2d3f442a5 |
Family |
SnakeKeylogger |
(12)
Sender ip |
203.159.80.83 |
From |
"Basem
Shaban"<Battia@hydrotech-eg.com>" |
Subject |
"FW: AW: Egyption Arab
Contracting INVOICE REQUEST 3301 - TOP URGENT-" |
Attachment |
"proforma invoice
TRKINV2021000000000003005 TT Slip copy.r17" |
MD5 |
9f2019ff734e0b7c257a3727abe61a7b |
SHA256 |
fd0c218d24dea59dbd62eb5041aaa24dc0c34a6ae0ccea288f496eda3732bbe3 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip |
103.232.53.200 |
From |
"Accounts Payables"
<sales.mitsubishi@leongroup.com.np>" |
Subject |
"Aw: Purchase Order 5638044" |
Attachment |
"PO210530_332641-pdf.gz.rar" |
MD5 |
df0431af6938179c59015403faec7c98 |
SHA256 |
f67644c57b305c7fc377d3a082a51c2e41ab42f623c421b45366c8057b81dabd |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
78.28.205.254 |
From |
"DHL | Global Forwarding
<dispatch@dhl.com>" |
Subject |
"DHL SHIPMENT COMFIRMATION" |
Attachment |
"awb.no4646646464.ace" |
MD5 |
e3b4b0a1a05795089b75336bd9fa92df |
SHA256 |
9765d9471c3a12372d9415e7fdba24ad70d8d61b584776043be61d517312c0ec |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip |
78.28.205.254 |
From |
"DHL | Global Forwarding <dispatch@dhl.com>" |
Subject |
"DHL SHIPMENT COMFIRMATION" |
Attachment |
"dhl-delivery_support.z" |
MD5 |
08af4b63ba599874f07d208b9858b638 |
SHA256 |
1bcf07bff2f07c86e64b158c9e9c729e44a78e1b02510d34118ed6ca98f46787 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
Sender ip |
103.139.44.91 |
From |
"Julia"<Julia@kapton.cn>" |
Subject |
"Re: Re: Reply: New LCL Order
SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
Attachment |
"Billing Information.jar" |
MD5 |
d072fddef702c6312839b412418fb191 |
SHA256 |
25a0cf6601880b7c969febb873da299184312d3da1461fae78a46163510c2925 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip |
103.139.44.91 |
From |
"Julia"<Julia@kapton.cn>" |
Subject |
"Re: Re: Reply: New LCL Order
SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
Attachment |
"Business License.jar" |
MD5 |
22acf7d6e973ad3a207cd5bb09147a14 |
SHA256 |
ed0d0f012eda84b274d46373e8ff3ebf8e5d6aaf3fba272f6e0a514ea7466ae1 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
Sender ip |
103.125.189.175 |
From |
"shipping@DHL.com" |
Subject |
"Re: Import / Pre-Arrival Notification
/ DHL Track No 781226753652 " |
Attachment |
"(DHL) Shipment Import DutyTax
Payment Alert.ace" |
MD5 |
667325a247e436115f53b94fd3373608 |
SHA256 |
1297a6593f2b224a66e882bcc5af02af802012cef77bd244cf14c73f5c76534c |
Family |
Formbook |
(19)
Sender ip |
142.93.196.110 |
From |
"Nguyen Thi Nhu Quynh (Ms.)
<Nguyen@dcc-group.com>" |
Subject |
"RE: Purchase Inquiry:
KPC/PU-231(MECH)NBI/20-21" |
Attachment |
"PO#31052021104221.lzh" |
MD5 |
57deef2c72935a621dfd2bbca743879f |
SHA256 |
dc2a52a1f8ecfdb31bae650c9aacda445ab30fac797e7f201fbac85babcd927a |
Family |
SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment