Phishing Attacks 6_5_2021
(1)
Sender ip |
198.244.135.246 |
From |
"China DHL Express
<5idhl_noreply@dhl.com" |
Subject |
"=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzQ3MjU3OTQ=?=" |
Attachment |
"DHL_document11022020680908911.doc.zip" |
MD5 |
88c83af974071b0ceddd87f41a5a3c2a |
SHA256 |
ac565d2abad42c40e8f622677fd68246d28aeb39a3c1c2c24caa2853b7f7b5af |
Family |
AgentTesla |
(2)
Sender ip |
37.49.225.172 |
From |
"filiga@npf.ws" |
Subject |
"RE: PAYMENT ADVICE" |
Attachment |
"Payment Advice.ace.zip" |
MD5 |
de51ebfcac7ee6e6c56799e68d77a350 |
SHA256 |
b4e9f765030310d800c7d2efb75837130770ddb5788c699d40648558d50f8288 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(3)
Sender ip |
194.49.78.216 |
From |
"Info Cordoba
<infocordoba@familiafalasco.com>" |
Subject |
"Re: Payment" |
Attachment |
"Payment Advise.7z" |
MD5 |
09d54756c5654318ef0a1f5d526a1fb3 |
SHA256 |
3c6d138f6873dc416fb3ef2b3a57ed0afa41022c37fdd98a609d730bd0c684e7 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(4)
Sender ip |
45.143.147.194 |
From |
"Engr. Gao
Qing<qiaoanna@zpmc.com>" |
Subject |
"RE:NEW ORDER CTPO18542#" |
Attachment |
"attachments.zip" |
MD5 |
7b1069c13e708747013c54f5e5fb169d |
SHA256 |
04cbfb054ba2e12e1804dae485ae854ba1baec7b11a834ce407aa86920306ad9 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(5)
Sender ip |
72.249.68.195 |
From |
"HALIM KHATER
<info@biernan.com>" |
Subject |
"RE:Proforma Invoice" |
Attachment |
"PROFORMA
INVOICE210505133444.xlsx" |
MD5 |
f1564a3a6e6a3227169d136c2652eaf2 |
SHA256 |
195f8028bfd632ee22ff9c3e25de3b118f0847fb21fbe91ba722ecbbfa5f2869 |
Family |
Formbook |
(6)
Sender ip |
31.210.20.71 |
From |
"LIUFEI@WINLUCKY.COM.CN"<LIUFEI@WINLUCKY.COM.CN>" |
Subject |
"MV GENCO RESOLUTE/ DISPORT
AGENCY NOMINATION/" |
Attachment |
"MV GENCO RESOLUTE VOY 1
DESCRIPTION.zip" |
MD5 |
c5998c37bb12bff5907a843e108890eb |
SHA256 |
a6556b7eed95166b68b090b32ae7a802a924f22b0fc3e5bc9ed7ee77183ef392 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(7)
Sender ip |
31.210.21.118 |
From |
"mahmoodt@emirates.net.ae" |
Subject |
"RE: RFQ - Shipment #61417" |
Attachment |
"Pre Shipment Doc..rar" |
MD5 |
b8b48f2c320b197144c9df81e5f6f84a |
SHA256 |
a981422143bfa19a5c5f715cae64c88919092a17cd2c3982ece0bbe7350621bc |
Family |
SnakeKeylogger |
(8)
Sender ip |
159.89.162.212 |
From |
"Rowland Sales
<sales@aapain.com>" |
Subject |
"FW: Reminder this is the Revised
Purchase Order for invoice #87726" |
Attachment |
"PO Revised #87726.xlsx" |
MD5 |
2fba2aea6cde2c0ed216396f9a4b9a90 |
SHA256 |
017701bd35ed869f05270d7751c0c436008abc9ed68257d3045064d55c8e1fd0 |
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore
(9)
Sender ip |
45.137.22.149 |
From |
"Pascale.Palaric@eu.umicore.com" |
Subject |
"RE:Balance Payment" |
Attachment |
"proforma invoice.r00" |
MD5 |
68c616d41b682e6858274540d81b2aac |
SHA256 |
63b1cd3b4bd84bc36bd121bfd7640f5ed1c6eff5faa8bf797b349cfcd7fee23e |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(10)
Sender ip |
103.139.44.91 |
From |
"KIM HON
<dbeery@3oaksretreat.com>" |
Subject |
"PROFORMA INVOICE" |
Attachment |
"PROFORMA INVOICE.rar" |
MD5 |
625f88d5ddd8a19d6f28d748c6643c26 |
SHA256 |
bb6626743742717768ceedefffbf11e322e680bb1646a30e724fa691cb04d586 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(11)
Sender ip |
31.210.20.250 |
From |
"Sohaib Muzaffar
<sohaib.muzaffar@byco.com.pk>" |
Subject |
"=?UTF-8?B?UmVxdWVzdCBmb3IgUHJvcG9zYWwg4oCTIEJ5Y28gIHByb2plY3QuIChSZWYgIyA1MTAwMDEwMDQwKQ==?=" |
Attachment |
"Request for Proposal � Byco project. (Ref # 5100010040).zip" |
MD5 |
5986d226b10c441caa648aa0b8221253 |
SHA256 |
c4fb42df0a30f4d84ee0a444f343754738747afcebefbdcb33428109327f4625 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(12)
Sender ip |
45.95.168.182 |
From |
"MSC import service
<info@buzzkavo.live>" |
Subject |
"MSC Arrival Notification Vessel:
MSC EMMA/Voyage: IS116R ETA:6-MAY-21" |
Attachment |
"Original BL_cargo arrival
notice_pdf.gz" |
MD5 |
9ab93ee5d5c33f5d2e24d7da3d7c0548 |
SHA256 |
92fa3ff0d5172b171d48e6a2b6ea7f9a64acf8a1da47da598666067ad8bfa000 |
Family |
Loki |
(13)
Sender ip |
194.49.78.216 |
From |
"Account Dept.
<davidhe@nbpif.com>" |
Subject |
"Re: Outgoing SWIFT COPY " |
Attachment |
"OUTGOING SWIFT.7z" |
MD5 |
24778468ba622dda56135ad34490e34e |
SHA256 |
d5912aec05ecea868637f1e96ebd705a15ba0f2cae7eb8cd5aa149d8dcc64060 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(14)
Sender ip |
64.150.160.67 |
From |
"=?UTF-8?Q?DHL_Global_Mail_Inc_=C2=A9?=
<dolphniest@yahoo.com>" |
Subject |
"DHL Shipment Notification
Status: AWB811470484778" |
Attachment |
"DHL Shipment Notification Status
AWB81147048477820212906-pdf.gz" |
MD5 |
f68cb2cbcaa1b0fafd01abe0266ee377 |
SHA256 |
bde8c4b7d07982a0fc2f3ee6a5e3b5f3d0868b9ec89c57b86953088bd87e5eb0 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(15)
Sender ip |
103.139.44.91 |
From |
"info@henyigroup.com" |
Subject |
"RFQ_ANCHOR E280" |
Attachment |
"TJ190001-P-IW-DP-GA-2047-pdf.gz" |
MD5 |
654d4c7b05ae70c261902a67491dad6e |
SHA256 |
1e1345d2a58358d921cc27865cd7c972b53a9b8718c9ab23428ad3c687f9ffca |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(16)
Sender ip |
5.39.86.24 |
From |
""Joeane Hiap"
<@petronas.com.ml" |
Subject |
"RE:RE:PETRONAS SOA FOR APRIL
2021" |
Attachment |
"SOA FOR APRIL.cab" |
MD5 |
120cdb51978f2b4f035cbc8cbe3368a4 |
SHA256 |
1c90e49314b25bd25286a00d7144d2785f1b6bf3d34c96d021025ad26b209cfa |
Family |
Loki |
(17)
Sender ip |
40.92.90.77 |
From |
"Fabulous Reward.
<webdcsdfui@outlook.com>" |
Subject |
"Quest Recognition." |
Attachment |
"ENCORE.docx" |
MD5 |
340cbe45fc0a00576f478ab8d647a6ce |
SHA256 |
cd738e08b99aa563dde5793df51c3a5a8945c97ff067823b4090ebb1874dfd80 |
Family |
unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment