Phishing Attacks 3_5_2021

 






(1)

Sender ip

69.16.227.88

From

"Bernard Pang<u00a0febjobs@applianceworld.co.ug>"

Subject

"Re: Commercial Invoice & Bill Of lading, Packing List "

Attachment

"Commercial Invoice.pdf.gz"

MD5

e3491d32da391c4da1127c296a3cb4d3

SHA256

6b92dd05b73397369b13a8f5244ce67f0fa29953ed7d4cbdcbd48fd1097239aa

Family

Formbook

 

(2)

Sender ip

103.99.1.148

From

"Prusseit, Kerstin, Volkswagen"<kerstin.prusseit@volkswagen.de>"

Subject

"AW: ***URGENT*** VOLKSWAGEN- OUTSTANDING PAYMENT FOR MONTH END APRIL"

Attachment

"Volkswagen_outstanding payment.exe.xz.001"

MD5

a34b18fdf9b75612ffe5f78c9a4e83a3

SHA256

a240b49760d1a3aaefd18d42b9aae087c4d56b14916a6ce0190e90ea637e62a8

Family

AgentTesla

 

(3)

 

Sender ip

31.210.21.118

From

"ksangani@emirates.net.ae"

Subject

"RE: SHIPMENT FOR LOAD"

Attachment

"R587010077110031772.rar"

MD5

3add61e8603750817ce7fa7ad6195cfb

SHA256

058d61b071d717b126f3515d6289c127d842aae15e812a36689e24d164928b90

Family

SnakeKeylogger

 

(4)

 

Sender ip

103.99.1.148

From

"Dong Sen Xue(EAO CSD)(DHL CN)"<dongsen.xue@dhl.com>"

Subject

"AW: REQUEST FOR STATEMENT OF ACCOUNT (SOA) "

Attachment

"NINGBO_STATEMENT OF ACCOUNT.wim.001"

MD5

b04c48c77b91e7133bae8bfb1b308cb8

SHA256

787185aa382fbdbf3b9f3c09bfdf5a5c01c73f079878d3808ee1e3365a34e5e2

Family

AgentTesla

 

(5)

Sender ip

31.210.21.118

From

"ashok123@emirates.net.ae"

Subject

"RE: Job # 0726/21 PO#18172-21 ETS: 7/5 ETA: 11/5"

Attachment

"insurance certificate , BL, FedEx.rar"

MD5

a53da4247e9e15bed5eed9c5b05dd9b4

SHA256

ea39c0fefbd8c9e853a81c994c2c5e649a78ec371a70a71b780a299c6f12dd60

Family

AgentTesla

 

(6)

Sender ip

103.99.1.147

From

"=?UTF-8?B?Iuimg+WGsOWGsCI=?= <shzhxn.sales7@xinning.com.cn>"

Subject

"=?UTF-8?B?UkXkuK3muK/orqLovaY0LzMwIOW3tOilvzYxTTLlkozlt7Topb82MUsy5ou86L2mIChDYXJwb29saW5nIGluIENoaW5hIGFuZCBIb25nIEtvbmcgNC8zMCBCcmF6aWwgNjFNMiBhbmQgQnJhemlsIDYxSzIgQ2FycG9vbCk=?="

Attachment

"1 1500 4.30巴西61K2和巴西61M2车中港订车.xls.rar"

MD5

6bfa2a7892b9a6678ac6e57b390b7c46

SHA256

ac2920d92671cc53fb3264b2366932bc826bdbfe91b811376e3a9215571be340

Family

AgentTesla


(7)

Sender ip

35.163.189.64

From

"Accountant Assistant<rud-division@alkuhaimi.com>"

Subject

"Urgent PO"

Attachment

"PO.pdf.z"

MD5

d5d40977c436316b6e2ba7ad24f803a6

SHA256

c6528a2f402c01f8ba0d4e23114b8910a0510b887f556eb5631d895d1d6b80da

Family

NanoCore


(8)

Sender ip

185.222.57.90

From

"<donotreply@wef.org.in>"

Subject

"RE: Orders From Export Manager EU & Overseas Marketers"

Attachment

"ARIX SRLVl (MN) - Italy.zip"

MD5

24a0ebee15762d2ca8a1af09dd5cba2b

SHA256

95a3a4bd86ed11bb44372eaae0151c677ece271d3d4181e3046b3143e8f1540c

Family

AgentTesla


(9)

Sender ip

159.203.6.19

From

"Ashraf Mustafa<sandford@eim.ae>"

Subject

"SANFORD - PI No. 20KNSF0615 - Order No. 1536-R -SF8125RAC0 "

Attachment

"BL Draft - HL-88312627.zip"

MD5

1b10d74995d9fb10d0b9a95446ac3910

SHA256

347ff0bd20e61084f232c6d1ca7626edf097d59383fb6238dab00b848561ab43

Family

AgentTesla


(10)

Sender ip

45.137.22.71

From

"Probona Info <info@probona.com.tr>"

Subject

"EMAILMING BANK PAPER PAYMENT OF USD 48.867,06"

Attachment

"SWIT BANK PAPER PAYMENT.r00"

MD5

85f438d998369541669209b987f0985c

SHA256

5f98e18c91045da2be067a8769817a55f3200324ae7535229fa83e7b67616c54

Family

Formbook


(11)

Sender ip

162.214.171.231

From

"=?UTF-8?B?QmVya2FudCDDllpUVU5B?= <info@cargopowernetwork.com>"

Subject

"MSO7177/08/025A"

Attachment

"PO 105008.zip"

MD5

87b8b0903721ab5ef3ed7d2db612e323

SHA256

cfd2a46ed0fc43964cab3e8b75a49edb8409fe5e5c4be240d1f9aa1655a6b1eb

Family

AgentTesla


(12)

Sender ip

51.195.135.77

From

"Jenifer" <jennifer@dragontech-group.com>"

Subject

"Payment slip"

Attachment

"SLIP (2).zip"

MD5

6cae26bd050de4f844b2f157bdfa4dc0

SHA256

85ad6e48c7e5a341382d6b475e965fa06d3e4604bfc61907dfde9d159b3d4e07

Family

AgentTesla


(13)

Sender ip

185.222.57.90

From

"<info@alarabahgroup.com>"

Subject

"RE: Orders From Export Manager EU & Overseas Marketers"

Attachment

"ARIX SRLVl (MN) - Italy.zip"

MD5

aff69b2d7788ee9fbf4323c2ad3999a9

SHA256

273392e7b5795f5ef8bfe23aff7f97ca7a631b02c82096bceeec7a42ddbc37d4

Family

AgentTesla


(14)

Sender ip

164.90.170.237

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@dhl.com>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"Consignment Details.gz"

MD5

60721a923e12b59ff62e5cf6e659d402

SHA256

2dea4d8d7e8f204ffaed04e03260c51e259084b2a68eb0f7660f9f5dc46941cd

Family

GuLoader


(15)

Sender ip

164.90.170.237

From

"=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <support@dhl.com>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"Consignment Details.gz"

MD5

60721a923e12b59ff62e5cf6e659d402

SHA256

2dea4d8d7e8f204ffaed04e03260c51e259084b2a68eb0f7660f9f5dc46941cd

Family

GuLoader


(16)

Sender ip

31.210.21.141

From

"China DHL Express <5idhl_noreply@dhl.com"

Subject

"=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzQ3MjU3OTQ=?="

Attachment

"DHL_document11022020680908911.doc.zip"

MD5

856738be534eab755a88618e22df2a7b

SHA256

b094b7a684f3778c403f0fa63dfa17b8628825f97541a95bc3569f940559d11b

Family

AgentTesla


(17)

Sender ip

45.143.147.194

From

"Asako Kato <a-kato@ml.tanaka.co.jp>"

Subject

"=?UTF-8?B?UkU6IOS+oeagvOimi+epjeOCiuOBruimgeaxgi3nt4rmgKUgLSBSRVFVRVNUIEZPUiBQUklDRSBRVU9URSAtIFVSR0VOVA==?="

Attachment

"attachments.zip"

MD5

9bfc8ae0fa3185c4ae412dd109fcc081

SHA256

018745d5c6c9ed5ea159daf32aa885904ff682863e60cfa0138328a5de2425f0

Family

AgentTesla


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more