Phishing Attacks 31_5_2021

 





(1)

Sender ip

103.139.44.91

From

"Julia"<Julia@kapton.cn>"

Subject

"Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany"

Attachment

"Billing Information.jar"

MD5

5b13b97de3e069c8231335824d0d87ac

SHA256

8fb45fbea1b2a16c2626c8909c46a499b17c376e96e3c82869cf4bcca4c40c9b

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

103.139.44.91

From

"Julia"<Julia@kapton.cn>"

Subject

"Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany"

Attachment

"Business License.jar"

MD5

f11053fbbe407ef5d9011f4dfdf982e2

SHA256

40903fc5f42d516a5ef24e8cc1185268df19616b06d2ac7ed05069a6d5c3d6ec

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

103.139.44.91

From

" Account Manager"<opnaccs@pennonshipping.com>"

Subject

"RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) "

Attachment

"INV01562.tar.001"

MD5

0e6d45a00324043f6f24e8f8fe1b2926

SHA256

a7907cdbe6a094994b2b3b58c161a02fc6921ac7ba8c19b48be647ec2b30c331

Family

AgentTesla

 

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(4)

 

Sender ip

103.139.44.91

From

" Account Manager"<opnaccs@pennonshipping.com>"

Subject

"RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) "

Attachment

"INV01542.tar.001"

MD5

17e60b9f7acb3038925bedb241114ce9

SHA256

72a3ca5c0cb9e7376a6e25067160668635e755837209e67ab5297e2b53375cd4

Family

AgentTesla

 

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

195.201.227.104

From

"Ankit <ankit@ambelogistics.in>"

Subject

"POST SHIPMENT DOCUMENT"

Attachment

"POST SHIPMENT DOCUMENT.zip"

MD5

3c026cfba101319a48c790fe8372f944

SHA256

b16a260c536b47dcf3e8d89c85851654833361c7d0fc583dd66d1891ea0f9bf4

Family

SnakeKeylogger

 

(6)

Sender ip

78.28.205.254

From

"Artimpex Trading group <info@wowhomeapp.com>"

Subject

"Re: New Purchase Order"

Attachment

"PO#310521.PDF.rar"

MD5

69ed72f9c348538dbcb97e5cbc215b9a

SHA256

b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f

Family

Formbook


(7)

Sender ip

45.87.60.27

From

"Artimpex Trading group <info@wowhomeapp.com>"

Subject

"Re: New Purchase Order"

Attachment

"PO#310521.PDF.rar"

MD5

69ed72f9c348538dbcb97e5cbc215b9a

SHA256

b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f

Family

Formbook


(8)

Sender ip

185.121.120.179

From

"ELITE SDN BHD <postmaster@cowbown.com>"

Subject

"PURCHASE ORDER"

Attachment

"Po.xlsx"

MD5

eb1fcbc470f904f1a944e5144bbf3962

SHA256

7e2fc2c85360f8aac0306846e4c0680f89c790bc3e562e928f55c55915eaeec8

Family

Unknown


(9)

Sender ip

103.153.182.81

From

"Elie Abdel Ahad <sales@iran-bitumen.com>"

Subject

"Re: Re: PI"

Attachment

"PO (2).pdf.z"

MD5

252dac1a46cbe56375f28aedb6451406

SHA256

6819c13eb00405acabe777c8e56d3e7303c7f036f9481c3cb4c83de86ff3df5c

Family

Loki


(10)

Sender ip

103.153.182.81

From

"Elie Abdel Ahad <sales@iran-bitumen.com>"

Subject

"Re: Re: PI"

Attachment

"PO.pdf.z"

MD5

c13ed3b0b70a64891fce812e3b266882

SHA256

fce1d2ef1b91a2f2bb6601fd37e1dff8998af1479febc41ec115139f717ac7d0

Family

Loki


(11)

Sender ip

194.49.78.221

From

"Shiv <shivs@airasia.com>"

Subject

"ARRIVAL NOTICE"

Attachment

"SCAN 20210531_010.zip"

MD5

cda896e3c742150675773f3e5531a71d

SHA256

ee8890d81ee1f4b0efa0b637254087b9335a88e2cece751a115cc9f2d3f442a5

Family

SnakeKeylogger


(12)

Sender ip

203.159.80.83

From

"Basem Shaban"<Battia@hydrotech-eg.com>"

Subject

"FW: AW: Egyption Arab Contracting INVOICE REQUEST 3301 - TOP URGENT-"

Attachment

"proforma invoice TRKINV2021000000000003005 TT Slip copy.r17"

MD5

9f2019ff734e0b7c257a3727abe61a7b

SHA256

fd0c218d24dea59dbd62eb5041aaa24dc0c34a6ae0ccea288f496eda3732bbe3

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(13)

Sender ip

103.232.53.200

From

"Accounts Payables" <sales.mitsubishi@leongroup.com.np>"

Subject

"Aw: Purchase Order 5638044"

Attachment

"PO210530_332641-pdf.gz.rar"

MD5

df0431af6938179c59015403faec7c98

SHA256

f67644c57b305c7fc377d3a082a51c2e41ab42f623c421b45366c8057b81dabd

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

78.28.205.254

From

"DHL | Global Forwarding <dispatch@dhl.com>"

Subject

"DHL SHIPMENT COMFIRMATION"

Attachment

"awb.no4646646464.ace"

MD5

e3b4b0a1a05795089b75336bd9fa92df

SHA256

9765d9471c3a12372d9415e7fdba24ad70d8d61b584776043be61d517312c0ec

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

78.28.205.254

From

"DHL | Global Forwarding <dispatch@dhl.com>"

Subject

"DHL SHIPMENT COMFIRMATION"

Attachment

"dhl-delivery_support.z"

MD5

08af4b63ba599874f07d208b9858b638

SHA256

1bcf07bff2f07c86e64b158c9e9c729e44a78e1b02510d34118ed6ca98f46787

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(16)

Sender ip

103.139.44.91

From

"Julia"<Julia@kapton.cn>"

Subject

"Re: Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany"

Attachment

"Billing Information.jar"

MD5

d072fddef702c6312839b412418fb191

SHA256

25a0cf6601880b7c969febb873da299184312d3da1461fae78a46163510c2925

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(17)

Sender ip

103.139.44.91

From

"Julia"<Julia@kapton.cn>"

Subject

"Re: Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany"

Attachment

"Business License.jar"

MD5

22acf7d6e973ad3a207cd5bb09147a14

SHA256

ed0d0f012eda84b274d46373e8ff3ebf8e5d6aaf3fba272f6e0a514ea7466ae1

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(18)

Sender ip

103.125.189.175

From

"shipping@DHL.com"

Subject

"Re: Import / Pre-Arrival Notification / DHL Track No 781226753652 "

Attachment

"(DHL) Shipment Import DutyTax Payment Alert.ace"

MD5

667325a247e436115f53b94fd3373608

SHA256

1297a6593f2b224a66e882bcc5af02af802012cef77bd244cf14c73f5c76534c

Family

Formbook


(19)

Sender ip

142.93.196.110

From

"Nguyen Thi Nhu Quynh (Ms.) <Nguyen@dcc-group.com>"

Subject

"RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-21"

Attachment

"PO#31052021104221.lzh"

MD5

57deef2c72935a621dfd2bbca743879f

SHA256

dc2a52a1f8ecfdb31bae650c9aacda445ab30fac797e7f201fbac85babcd927a

Family

SnakeKeylogger




If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021