Phishing Attacks 7_5_2021
(1)
|
Sender ip |
103.139.44.91 |
|
From |
"SAM CHEN
<dbeery@3oaksretreat.com>" |
|
Subject |
"NEW ORDER #776483 " |
|
Attachment |
"NEW ORDER #776483 -
Copy.rar" |
|
MD5 |
4d7fd81ab316988becd9d10e520ced98 |
|
SHA256 |
7e124e2b43350542e69a9a40e9c2f66ec43b54e155e54744b3c1f8ae0a87e6ad |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(2)
|
Sender ip |
31.210.21.71 |
|
From |
"Filiga Lauama | Finance
Dept" <filiga@npf.ws>" |
|
Subject |
"RE: Re: PAYMENT ADVICE" |
|
Attachment |
"Payment Advice.ace" |
|
MD5 |
9734315e8f21a21af680fa517d56deb0 |
|
SHA256 |
d8a3f997814712c60b6db89d30b8b9faf71be66a95afdb7c48685ff2124728bc |
|
Family |
OskiStealer |
(3)
|
Sender ip |
185.121.120.125 |
|
From |
"Banca March
<G0275@bancamarch.es>" |
|
Subject |
"ABONO FACTURAS-CONFIRMING BANCA
MARCH" |
|
Attachment |
"Documento.xlsx" |
|
MD5 |
f978cac45dfd04ded9c301c492d45c69 |
|
SHA256 |
372a5b41afc06f25c0c2a27b4bb1a362f4fb9772deb9ad996a7dfe4ad7bd96e3 |
|
Family |
unknown |
(4)
|
Sender ip |
199.10.31.238 |
|
From |
"Olavi Autio
<OlaviAutio@teleworm.com>" |
|
Subject |
"AW : New Business
Opportunity" |
|
Attachment |
"New Order Requirement
2204.ace" |
|
MD5 |
2b3ec0cd498878fd0e5de24a9a7d428a |
|
SHA256 |
a2442bb8a9aeb8af98ccfb07ad9afd62bdbedeb942971a8644d63687dbb65490 |
|
Family |
OskiStealer |
(5)
|
Sender ip |
103.133.106.100 |
|
From |
"Sofien Ben JEMAA
<info@4sps.in>" |
|
Subject |
"CHM invoice" |
|
Attachment |
"Scan 20210507_178854.zip" |
|
MD5 |
6328e4ce2a827c2026aaaefbba470e9b |
|
SHA256 |
cdc6f7d17ba04cf4b1f66126c1d8b7bb14cf6e7cf0d600fdfb92904262cd2fb5 |
|
Family |
AgentTesla |
(6)
|
Sender ip |
103.133.106.100 |
|
From |
"Iris Chen
<chenqihui@shpni.com.cn>" |
|
Subject |
"Submission of Commission Invoice" |
|
Attachment |
"Commission Invoice.zip" |
|
MD5 |
b7f346e08a59ff0612b9c42713b984bd |
|
SHA256 |
4a46677d63fcd885bac9a1fd3aefc41a856dc527af989f116faf9c7435218e44 |
|
Family |
SnakeKeylogger |
(7)
|
Sender ip |
45.137.22.149 |
|
From |
"info@dijlashipping.com" |
|
Subject |
"RE: SHIPPING DOCUMENT &
PACKING LIST" |
|
Attachment |
"PMSHIPPING DOCUMENT &
PL.r00" |
|
MD5 |
8f1d3b0ef919775f563e4c6fe4cc2f91 |
|
SHA256 |
3f21c1dadbb99df098bc46b886abcd6d8e9d4093e9283f6bf9de185a2446dddf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(8)
|
Sender ip |
185.222.57.162 |
|
From |
"Van Ryn Rubber
Holdings<vijayj@vanrynrubber.co.za>" |
|
Subject |
"RE: PRICE LIST OF OUR
OFFER" |
|
Attachment |
"PRICE LIST.zip" |
|
MD5 |
86d2c7008eb5dad31b77ed619b2c7e7b |
|
SHA256 |
592f466fc7eed27d377915a732e30c9582cdc6d456bf58d87a1161fbbc494c7c |
|
Family |
AgentTesla |
(9)
|
Sender ip |
165.227.140.187 |
|
From |
"<customerservicehls@mairon.de>" |
|
Subject |
"DDP shipment /// MAWB #
607-20263025/HLSB01463 & HL260337100 | Consignee:lgpartner.ch " |
|
Attachment |
"260337100 HBL.zip" |
|
MD5 |
688fcf858494815d70acd0ecf3f01a28 |
|
SHA256 |
2e5457602d420ce29d96c2b95b566976c2315b4bd73db3a18264c177d4bab60a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(10)
|
Sender ip |
185.222.57.229 |
|
From |
"sales@covein.com" |
|
Subject |
"RE: Confirm revised invoice to
proceed with payment ASAP" |
|
Attachment |
"proforma invoice.zip" |
|
MD5 |
f770038b37702193a086d66371832fbd |
|
SHA256 |
6be43ab36faddafa332267ee763dd5b58fbe5e23d1a3a14e61f07c29c04647b1 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(11)
|
Sender ip |
45.143.147.194 |
|
From |
"=?UTF-8?B?Q2hyaXMgU2NoaXJtZXLCoA==?=<salez@ettinger.de>" |
|
Subject |
"RE:RFQ 11054 - REQUEST FOR
QUOTATION" |
|
Attachment |
"RFQ 11054.pdf.zip" |
|
MD5 |
67bfe027b60278a7c538e3cc5a7b5ab2 |
|
SHA256 |
48f60cae51e51d9eb76e65c8afacb3248ab8d6227d15028ebc9ab00a58b2d4fa |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(12)
|
Sender ip |
103.133.106.100 |
|
From |
"Tarek ABIDA
<info@probona.com.tr>" |
|
Subject |
"Official VAT Bulletin" |
|
Attachment |
"VAT Bulletin.zip" |
|
MD5 |
a6475073b162f05363ba4fd3d55dfa7b |
|
SHA256 |
d2e6de2957b1309319e05496d6d0c4d9735150f86d0336a17dd6e2c07b127c02 |
|
Family |
SnakeKeylogger |
(13)
|
Sender ip |
45.137.22.149 |
|
From |
"gicdelhi@general-gauges.com" |
|
Subject |
"RE: PAYMENT INSTRUCTIONS" |
|
Attachment |
"PAYMENT INSTRUCTIONS
COPY.r00" |
|
MD5 |
e158955e61b2f8d5d5534d55d255a52b |
|
SHA256 |
fc3048b49f76549b9af326740510bca78205dd37b26f10378f5028f7db692485 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(14)
|
Sender ip |
185.121.120.135 |
|
From |
"Wang Wei
<sales@besmed.com> |
|
Subject |
"RE: QUOTE NEW ORDER- SCAN &
SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##" |
|
Attachment |
"FW RE TEXGEEK INVOICE &
PACKING LIST - SCAN & SOFT COPY.PDF.gz" |
|
MD5 |
0b0c8900ce047f05c23052cd7ee3f80c |
|
SHA256 |
e4f77717914eac20b42ac6886aa29d8ea14eb89829f9e8b6c9d4277a125f603e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(15)
|
Sender ip |
45.137.22.36 |
|
From |
"<ahmed@hicinfrastructure.com>" |
|
Subject |
"Re: FW: Invoice" |
|
Attachment |
"image002.png@01D4EB98.FAE33E60.rar" |
|
MD5 |
845e5449b1cbcda129921bc273b38955 |
|
SHA256 |
41e349119b9a1aebc063485f05b1110c7f4f6524560dff0dd7f2b832b544261b |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(16)
|
Sender ip |
193.169.255.128 |
|
From |
"Krrint Tradings
LTD.<enquiry@krrinternational.com>" |
|
Subject |
"Urgent Inquiry!" |
|
Attachment |
"oder mcdq.arj" |
|
MD5 |
3ab2ef437054eab9c57e9b8bfb02f2d4 |
|
SHA256 |
85676ce2ff8483e0e6167360c33caf0e023e5d51d236eec49f35a5159787ed4d |
|
Family |
AveMariaRAT |
(17)
|
Sender ip |
103.139.44.91 |
|
From |
"info@guxiandao.com" |
|
Subject |
"RFQ NEW PART FOR ED53224 (ETB _
PRO 2110 XP CNG )" |
|
Attachment |
"drawing of ED53224-pdf.gz" |
|
MD5 |
2762a569b3d682b1933d7468a0aab14d |
|
SHA256 |
dd45ca037db58414d7242293cbf0f3a6ff6cf31a03a364e6e322d85691092f63 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(18)
|
Sender ip |
103.139.44.91 |
|
From |
"info@grupoian.com" |
|
Subject |
"RFQ NEW PART FOR ED53224 (ETB _
PRO 2110 XP CNG )" |
|
Attachment |
"drawing of Part No
R5-892-pdf.gz" |
|
MD5 |
6fc21917bcfe0f7fd9a6174f6cbd858e |
|
SHA256 |
1b1d4d5e5d506d26803bfdfb9789b04d6b071bd8b8576e8351d2705b7c585619 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(19)
|
Sender ip |
185.121.120.135 |
|
From |
"Gerente de carga de DHL
<pagos.fletes@dhl.com>" |
|
Subject |
"Nueva
=?UTF-8?Q?notificaci=C3=B3n=20de=20env=C3=ADo=20de=20DHL=23?=" |
|
Attachment |
"numero de referencia de los
documentos de envio..gz....pdf" |
|
MD5 |
ce47b6121ac5b0bdfee736a9981540df |
|
SHA256 |
133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(20)
|
Sender ip |
185.121.120.159 |
|
From |
""Omar Baddar"
<postmaster@allstew.com>" |
|
Subject |
"RFQ-50236710-ETECSA" |
|
Attachment |
"IMG_6050_710_33.R03" |
|
MD5 |
341f36724c7fd6d7fcf4b00bba88a56b |
|
SHA256 |
ad4c6d70e83b368d4f060ade367c82584e002b80e6ec80e272d7da1300e3f91a |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(21)
|
Sender ip |
31.210.20.242 |
|
From |
"Veli
<veli@reelsektor.com.tr>" |
|
Subject |
"RE: Proforma ve packing list
" |
|
Attachment |
"Proforma+Packing list.r00" |
|
MD5 |
8d0a647e7bcccf36b16840403183b95d |
|
SHA256 |
6460588f6af7ee7a18cd7acd5c4cb451d9512aa4a14f8d09ee90da44bc82b5a9 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(22)
|
Sender ip |
45.143.147.194 |
|
From |
"=?UTF-8?B?Q2hyaXMgU2NoaXJtZXLCoA==?=<salez@ettinger.de>" |
|
Subject |
"RE:RFQ 11054 - REQUEST FOR
QUOTATION" |
|
Attachment |
"RFQ11054.pdf.rar" |
|
MD5 |
e919b8869c063b9efd15de5d9e50c200 |
|
SHA256 |
eee3a79bdced476a47f4feda2dd96b587cdcaf3aa2394f3af5269ca1b01d40bf |
|
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment