Phishing Attacks 10_6_2021

 





(1)

Sender ip

193.56.29.138

From

"Adolfo Posada Duque <gerencia@bioquirama.com>"

Subject

"Bioquiram-Purchase request"

Attachment

"Customer001987_rfq-deaho.xlsx"

MD5

009c97a279ca9082088dba2dcf8907e4

SHA256

e4be4ce928395ea670d27d2103761ed240cc5a2fb46e8e7ee34c88aef6fa156e

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

46.183.223.126

From

"Shreyas Ramesh" <shreyas@djs.ae>"

Subject

"Purchase Order Confirmation "

Attachment

"Purchase Order.doc"

MD5

68fe0bd120a18d2a247f3322e948463b

SHA256

0479439b257470151391a12e00899084a9455b750fd87ef44f3d68daa2c8a6f6

Family

Unknown

 

(3)

 

Sender ip

185.222.58.158

From

"Saif Khan<sales3@cvshvac.com>"

Subject

"RE:Bank Slip and our New P.O copy."

Attachment

"Bank Slip and our New P.O copy.pdf.ace"

MD5

3d487ab8ebbba7bad5687c981ec9ccbf

SHA256

499ef36050a153956d152d098eb77810da5418a7611903d3ab38644ccd4eef17

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

185.222.58.149

From

"=?UTF-8?B?RGF2aWQgTmfCoA==?=<customercare@omfreight.com.cn>"

Subject

"=?UTF-8?B?UkU6UkVDT05GSVJNIEJBTksgREVUQUlMUyBGT1LCoFBBWU1FTlQ=?="

Attachment

"BANK DETAILS.zip"

MD5

59a096315bff6761129aaa01bde9fd48

SHA256

af275a56902333d452e5851bdbbf6423d367f8cf1fbb454cf7b6bee5dd48b707

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"INVO090090202.zip"

MD5

c1f36d29ed3c343563e7db949f70d30f

SHA256

05aa1ccabf21b2476832f9b686d83652d5a977c5db28c1c334bd4247a969ff41

Family

SnakeKeylogger

 

(6)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"40900900090000.LZH"

MD5

e8c250f9df1e7efabc97e05da34993f0

SHA256

277198b8d7f23797cbbb2c65643df0ef07d259bdabb33afe54b77a4be09c0694

Family

SnakeKeylogger


(7)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"00404000004.UUE"

MD5

2d5a96bdf8bdc3107fe8c044a880d3d8

SHA256

3f547f553540fe1703af427ae21d481b1626f702277799f5f909dc0cbe587cb6

Family

SnakeKeylogger


(8)

Sender ip

103.4.65.245

From

"Accounts <moinul.islam@azimgroup.com>"

Subject

"Re: Quotation"

Attachment

"Q 1468 Cunnigham Pharma.r01"

MD5

a148e3c4b6b3d96a8a3e00a62a53461f

SHA256

967f9f45a143a8f901a37d3b7b7eacbcc743c027fd6e0bcd4548727793ad141a

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

103.232.53.200

From

"Roberto Cagliero <tina@bssjkt.com>"

Subject

"New Order No. 211128"

Attachment

"211128.doc"

MD5

824439aca685176f57c2149be357c0d5

SHA256

5e7a8b39eff3dfe0374c975fe75a5304dc64b85da4788153796a9bb1f6d44c3c

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

192.119.110.90

From

"<contact@oeeg.net>"

Subject

"PURCAHSE ORDER {SC_20210610.z}."

Attachment

"SC_20210610.z.z"

MD5

381b7939bf726253b7c08f3883da37de

SHA256

9b35cbd73208090bc92abc19799591e644d55fa6b76f91d661d8e8e9679bf7a6

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

185.222.57.171

From

"Fawwaz Sawan <Fawwaz.Sawan@sib.ae>"

Subject

"=?UTF-8?B?2LfZhNioINi52LHYtiDYo9iz2LnYp9ixICAtUkZR?="

Attachment

"RFQ-sib.r00"

MD5

e5e2492c305743886345a0d987bab4a4

SHA256

349bfbd56d690c615b831f392a57321740906908b43b0f4b8eede1fc270ed618

Family

Unknown


(12)

Sender ip

195.158.25.118

From

"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?= <bandar.alshammari.1@aramco.com>"

Subject

"Fwd: Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY

RENOVATIONS"

Attachment

"SAUDI ARAMCO Tender Documents - BOQ and ITB.r01"

MD5

c16f930ca96f671a3fefaae1e81ec83e

SHA256

9beb8409acf0951c4bceddaefa9d09950804a0ac4868f85625d6149f3696d082

Family

Unknown


(13)

Sender ip

195.158.25.118

From

"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?= <bandar.alshammari.1@aramco.com>"

Subject

"Fwd: Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY

RENOVATIONS"

Attachment

"Tender specifications.ace"

MD5

73ccad1dcad08d3ae7e0989a04976085

SHA256

31b763a83c956043644826fcdda1dd1883336639c9dbdc1c2ba90a2fb46b7078

Family

Unknown


(14)

Sender ip

168.168.42.35

From

"GIMD Data <GIMD.data@mercer.com>"

Subject

"Mercer GIMD Update June 2021"

Attachment

"FeeSchedule_2021.xls"

MD5

d84e77336ccedc4e48a9f2439b56ec18

SHA256

76e038bfeed37652cbc02b18bec95f219acb57544dc20d2b185d033fb1b39bde

Family

Unknown


(15)

Sender ip

168.168.42.40

From

"GIMD Data <GIMD.data@mercer.com>"

Subject

"Mercer GIMD Update June 2021"

Attachment

"FeeSchedule_2021.xls"

MD5

1791510b3ce20b1c65a7627992ee67da

SHA256

6aca300602ab7154e213a7869d4b93378028e8f09671baea4591320544eb62ff

Family

Unknown


(16)

Sender ip

185.222.58.149

From

"Kelly Cochrane< klcochrane@btxglobal.com>"

Subject

"RE: SOA & Invoices 440086"

Attachment

"SOA & Invoices 440086.zip"

MD5

4b445fd00f0e2e2b185bcae70e91fca7

SHA256

58851ea095a81281950b14dc6e91f3e3347c4ae8b38c69e307d6e9ba2de42554

Family

Unknown


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Thank you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more