Phishing Attacks 5_5_2021

 



(1)

Sender ip

45.143.147.194

From

"=?UTF-8?B?V2FuZyBHdW9ob25nwqA=?=<qiaoanna@zpmc.com>"

Subject

"RE:Order Request "

Attachment

"Order Request .pdf.rar"

MD5

a0368e558bc201b1d6a350d73977c90b

SHA256

26deb225cdafe80b335918792324464ff199bbd5a1ed003359698f0c6179c3b2

Family

AgentTesla

 

(2)

Sender ip

34.214.167.131

From

"joy.espectacion-ujifilm@netease.com"

Subject

"Required for new order"

Attachment

"221121,pdf.gz"

MD5

f428ddb4537097b6879a2e9aba109a96

SHA256

3e64f5eda4ef09a85c23e63cd22d7aa3c066df59fb509dcafad4e1f8ab359a60

Family

AgentTesla

 

(3)

 

Sender ip

34.214.167.131

From

"joy.espectacion-ujifilm@netease.com"

Subject

"Required for new order"

Attachment

"New Order 2211,pdf.rar"

MD5

2a1e1e190417126cf1fe1a8263b27a67

SHA256

213b80722c8d52212ea30fda42745d0fc58599b2821a1b474a416dec3af15fe6

Family

AgentTesla

 

(4)

 

Sender ip

35.163.189.64

From

"bora.altun@tnt.com"

Subject

"TNT Shipping Advise/Documents"

Attachment

"Shipping Advise,pdf.rar"

MD5

595818c4cc596f8596d6a96527a89739

SHA256

c4f0bd99f04375a271f8888c51436d2a1b1722c90b3048d9b650a4afa31bb3a6

Family

AgentTesla

 

(5)

Sender ip

185.222.57.229

From

"sales@covein.com"

Subject

"RE: Confirm revised invoice to proceed with payment ASAP"

Attachment

"PI.zip"

MD5

284dd1c9fb125996740ecc4b22e60ace

SHA256

7aeab882ca608569e540bbe1bfe252cedab140b11e364c903a74f9de9249a766

Family

AgentTesla

 

(6)

Sender ip

31.210.20.71

From

"COSCO SHIPPING SPECIALIZED CARRIERS CO., LTD"<liuhs@coscol.com.cn>"

Subject

"AGENCY APPOINMENT / PDA REQUEST"

Attachment

"SHIPS PARTICULAR ,STOWAGE PLAN, CGO MANIFESTS, BLS.zip"

MD5

86939ba71dc80c0dbe57c849f9b024d3

SHA256

43a462b16b2f19b11d18cc193f08e2a9f7882d5c2af3fa4960a1a65d77628cf4

Family

AgentTesla


(7)

Sender ip

198.244.135.246

From

"China DHL Express <5idhl_noreply@dhl.com"

Subject

"=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzQ3MjU3OTQ=?="

Attachment

"DHL_document11022020680908911.doc.zip"

MD5

dfbfbee3e80b0d958c30903bd7ddfa52

SHA256

76f00313f604d1158de7a5bdd8631e541e31ba3ba29082413a599db899b78041

Family

AgentTesla


(8)

Sender ip

199.10.31.238

From

"=?UTF-8?B?VE5UIEV4cHJlc3MgSU5Dwq4=?= <support@240.0.mxvmno.cf>"

Subject

"TNT CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"Consignment Details_pdf.rar"

MD5

b4563d3be50c385f1761b0786b607520

SHA256

4b58992b26f47023772b4651fb523236b890894ac1fbafa7832ce0937b5fcfb0

Family

AgentTesla


(9)

Sender ip

199.10.31.237

From

"sales <RISimon@mednet.ucla.edu>"

Subject

"UCLA PO# 1629NYB41200 - TED PELLA INC --- Quote# 40346"

Attachment

"Quote# 40346.rar"

MD5

94c23db7f44b472e45e0fc6235bff71a

SHA256

71f1031f8d456492618aaa6edc187d4da9cfc670e336e3a3f10c841e922c71a6

Family

AgentTesla


(10)

Sender ip

5.226.138.58

From

"Suresh <psafl_blr@psaflspeedmark.com>"

Subject

"SFO-BLR // 29.04.2021 //"

Attachment

"HL-88352580 DOCAU BC ORIGINAL.zip"

MD5

30d4d9d6684cfba270f93ceb10b4ddfc

SHA256

94f0a89c535061581f27fbfd9707986e8434cb15d16dc3662edddf0569f6ea0e

Family

AgentTesla


(11)

Sender ip

45.133.1.235

From

"Lan Kim - Jenny <asia@faircon.co.kr>"

Subject

"RE: Shipping Docs//INV/PL/THS0094587"

Attachment

"MSKU4460632.SHIPPING DOCS. AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT INVPLTHS0094587231.pdf.r15"

MD5

574133d59bf0817ecebbaf50b128b3cf

SHA256

1df6bbfc96ccb6690190aa435ddd38ef64249181e4c82d9a575960a7b047b1bf

Family

AgentTesla


(12)

Sender ip

45.137.22.41

From

"Kang-woo Shin- International <kwshin@live.co.kr>"

Subject

"RE: 2ND SHIPMENT FROM INDIA -- CLEARENCE FROM JEBEL ALI"

Attachment

"2ND SHIPMENT FROM INDIA -- CLEARENCE FROM JEBEL Ali.Pdf.cab"

MD5

3da84e6a1d1792de750a457bb846b376

SHA256

c002c9e5e8b670aae88ed7e49e38317432a7ed3c9f26c8b75d1e91e44855e76f

Family

Loki


(13)

Sender ip

172.93.165.155

From

"purchasing <info@irannakh.com>"

Subject

"Purchase Order sheet"

Attachment

"purchase order sheet.zip"

MD5

5a9452b7c34b20d751bd7b42c5b1552e

SHA256

b3e73527cd4d681bb873bb6511631515d3feb5659cfa57381746d9bc3c42e6af

Family

AgentTesla


(14)

Sender ip

103.139.44.91

From

"info@hbkaixuan.com"

Subject

"Inquiry Reff: MSEL/H.Arm/280421"

Attachment

"drawings-pdf.gz"

MD5

40db126887fefa12fc5c9b0a6f4ad1ef

SHA256

bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0

Family

AgentTesla


(15)

Sender ip

172.93.166.27

From

"purchase manager <sales@cldzcl.com>"

Subject

"purchase order"

Attachment

"po.zip"

MD5

340f5b45b1c593b135facdaddbbc6ea9

SHA256

b1466a7e6c0799809b9030b5886df9d1c4f1bfc400723a60b4453d439aafd9ed

Family

AgentTesla


(16)

Sender ip

45.137.22.71

From

"Eby | Valtronics DWC <eby@valtronics.ae>"

Subject

"RE: Purchase Order-070/POR/044127"

Attachment

"Purchase Order-070POR044127.r11"

MD5

d4e8a046510a7bc5b0773bca157df201

SHA256

62d55d20a1df423315c5d295e105983a484c691490acb709b9579aa246eadd52

Family

Formbook


(17)

Sender ip

45.137.22.71

From

"Probona Info <info@probona.com.tr>"

Subject

"Acknowledgement Of Quotation Zhejiang Weigang Machinery Co., Ltd."

Attachment

"Acknowledgement JMAX060708 订舱.7z"

MD5

88125dbe8c15bd254962b8bbfa82df91

SHA256

756d0b7c72e13c2d4b4ff16010777c710e42a0a61e8667451cbf9b3bb05e7f2b

Family

unknown


(18)

Sender ip

5.226.138.58

From

"Mazlan Abdulhamid <psafl_blr@psaflspeedmark.com>"

Subject

"SHIPMENT WAIVER FOR BL DXB900944100-12X40 "

Attachment

"HL-88352588 DOCAU BC ORIGINAL.zip"

MD5

7f6315f0f9696e9c05836bc7f49989eb

SHA256

f819f70d0ee6f0cf79832d8afa5ec836c939354cfe7c1ee5a465d21bd7a2a558

Family

AgentTesla


(19)

Sender ip

31.210.21.71

From

"Filiga Lauama | Finance Dept" <filiga@npf.ws>"

Subject

"RE: Re: PAYMENT ADVICE"

Attachment

"Payment Advice.ace"

MD5

8a0e218b840695f1e6e25932b1a4e9b6

SHA256

6430c8386fd933b29f0c267c42fcf227c4d0defc3061af984d5fda413ec38b55

Family

OskiStealer


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more