Phishing Attacks 10_6_2021
(1)
Sender ip |
193.56.29.138 |
From |
"Adolfo Posada Duque
<gerencia@bioquirama.com>" |
Subject |
"Bioquiram-Purchase request" |
Attachment |
"Customer001987_rfq-deaho.xlsx" |
MD5 |
009c97a279ca9082088dba2dcf8907e4 |
SHA256 |
e4be4ce928395ea670d27d2103761ed240cc5a2fb46e8e7ee34c88aef6fa156e |
Family |
AgentTesla |
(2)
Sender ip |
46.183.223.126 |
From |
"Shreyas Ramesh"
<shreyas@djs.ae>" |
Subject |
"Purchase Order Confirmation
" |
Attachment |
"Purchase Order.doc" |
MD5 |
68fe0bd120a18d2a247f3322e948463b |
SHA256 |
0479439b257470151391a12e00899084a9455b750fd87ef44f3d68daa2c8a6f6 |
Family |
Unknown |
(3)
Sender ip |
185.222.58.158 |
From |
"Saif
Khan<sales3@cvshvac.com>" |
Subject |
"RE:Bank Slip and our New P.O
copy." |
Attachment |
"Bank Slip and our New P.O
copy.pdf.ace" |
MD5 |
3d487ab8ebbba7bad5687c981ec9ccbf |
SHA256 |
499ef36050a153956d152d098eb77810da5418a7611903d3ab38644ccd4eef17 |
Family |
AgentTesla |
(4)
Sender ip |
185.222.58.149 |
From |
"=?UTF-8?B?RGF2aWQgTmfCoA==?=<customercare@omfreight.com.cn>" |
Subject |
"=?UTF-8?B?UkU6UkVDT05GSVJNIEJBTksgREVUQUlMUyBGT1LCoFBBWU1FTlQ=?=" |
Attachment |
"BANK DETAILS.zip" |
MD5 |
59a096315bff6761129aaa01bde9fd48 |
SHA256 |
af275a56902333d452e5851bdbbf6423d367f8cf1fbb454cf7b6bee5dd48b707 |
Family |
AgentTesla |
(5)
Sender ip |
185.222.58.136 |
From |
"elifkardes@gmail.com" |
Subject |
"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?=" |
Attachment |
"INVO090090202.zip" |
MD5 |
c1f36d29ed3c343563e7db949f70d30f |
SHA256 |
05aa1ccabf21b2476832f9b686d83652d5a977c5db28c1c334bd4247a969ff41 |
Family |
SnakeKeylogger |
(6)
Sender ip |
185.222.58.136 |
From |
"elifkardes@gmail.com" |
Subject |
"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?=" |
Attachment |
"40900900090000.LZH" |
MD5 |
e8c250f9df1e7efabc97e05da34993f0 |
SHA256 |
277198b8d7f23797cbbb2c65643df0ef07d259bdabb33afe54b77a4be09c0694 |
Family |
SnakeKeylogger |
(7)
Sender ip |
185.222.58.136 |
From |
"elifkardes@gmail.com" |
Subject |
"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?=" |
Attachment |
"00404000004.UUE" |
MD5 |
2d5a96bdf8bdc3107fe8c044a880d3d8 |
SHA256 |
3f547f553540fe1703af427ae21d481b1626f702277799f5f909dc0cbe587cb6 |
Family |
SnakeKeylogger |
(8)
Sender ip |
103.4.65.245 |
From |
"Accounts
<moinul.islam@azimgroup.com>" |
Subject |
"Re: Quotation" |
Attachment |
"Q 1468 Cunnigham
Pharma.r01" |
MD5 |
a148e3c4b6b3d96a8a3e00a62a53461f |
SHA256 |
967f9f45a143a8f901a37d3b7b7eacbcc743c027fd6e0bcd4548727793ad141a |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip |
103.232.53.200 |
From |
"Roberto Cagliero
<tina@bssjkt.com>" |
Subject |
"New Order No. 211128" |
Attachment |
"211128.doc" |
MD5 |
824439aca685176f57c2149be357c0d5 |
SHA256 |
5e7a8b39eff3dfe0374c975fe75a5304dc64b85da4788153796a9bb1f6d44c3c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip |
192.119.110.90 |
From |
"<contact@oeeg.net>" |
Subject |
"PURCAHSE ORDER
{SC_20210610.z}." |
Attachment |
"SC_20210610.z.z" |
MD5 |
381b7939bf726253b7c08f3883da37de |
SHA256 |
9b35cbd73208090bc92abc19799591e644d55fa6b76f91d661d8e8e9679bf7a6 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
Sender ip |
185.222.57.171 |
From |
"Fawwaz Sawan
<Fawwaz.Sawan@sib.ae>" |
Subject |
"=?UTF-8?B?2LfZhNioINi52LHYtiDYo9iz2LnYp9ixICAtUkZR?=" |
Attachment |
"RFQ-sib.r00" |
MD5 |
e5e2492c305743886345a0d987bab4a4 |
SHA256 |
349bfbd56d690c615b831f392a57321740906908b43b0f4b8eede1fc270ed618 |
Family |
Unknown |
(12)
Sender ip |
195.158.25.118 |
From |
"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?=
<bandar.alshammari.1@aramco.com>" |
Subject |
"Fwd: Request for Tender for
SAUDI ARAMCO - SAUDI ARABIAN REFINERY RENOVATIONS" |
Attachment |
"SAUDI ARAMCO Tender Documents -
BOQ and ITB.r01" |
MD5 |
c16f930ca96f671a3fefaae1e81ec83e |
SHA256 |
9beb8409acf0951c4bceddaefa9d09950804a0ac4868f85625d6149f3696d082 |
Family |
Unknown |
(13)
Sender ip |
195.158.25.118 |
From |
"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?=
<bandar.alshammari.1@aramco.com>" |
Subject |
"Fwd: Request for Tender for
SAUDI ARAMCO - SAUDI ARABIAN REFINERY RENOVATIONS" |
Attachment |
"Tender specifications.ace" |
MD5 |
73ccad1dcad08d3ae7e0989a04976085 |
SHA256 |
31b763a83c956043644826fcdda1dd1883336639c9dbdc1c2ba90a2fb46b7078 |
Family |
Unknown |
(14)
Sender ip |
168.168.42.35 |
From |
"GIMD Data
<GIMD.data@mercer.com>" |
Subject |
"Mercer GIMD Update June
2021" |
Attachment |
"FeeSchedule_2021.xls" |
MD5 |
d84e77336ccedc4e48a9f2439b56ec18 |
SHA256 |
76e038bfeed37652cbc02b18bec95f219acb57544dc20d2b185d033fb1b39bde |
Family |
Unknown |
(15)
Sender ip |
168.168.42.40 |
From |
"GIMD Data
<GIMD.data@mercer.com>" |
Subject |
"Mercer GIMD Update June
2021" |
Attachment |
"FeeSchedule_2021.xls" |
MD5 |
1791510b3ce20b1c65a7627992ee67da |
SHA256 |
6aca300602ab7154e213a7869d4b93378028e8f09671baea4591320544eb62ff |
Family |
Unknown |
(16)
Sender ip |
185.222.58.149 |
From |
"Kelly Cochrane<
klcochrane@btxglobal.com>" |
Subject |
"RE: SOA & Invoices
440086" |
Attachment |
"SOA & Invoices
440086.zip" |
MD5 |
4b445fd00f0e2e2b185bcae70e91fca7 |
SHA256 |
58851ea095a81281950b14dc6e91f3e3347c4ae8b38c69e307d6e9ba2de42554 |
Family |
Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Thank you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment