Phishing Attacks 10_6_2021

 





(1)

Sender ip

193.56.29.138

From

"Adolfo Posada Duque <gerencia@bioquirama.com>"

Subject

"Bioquiram-Purchase request"

Attachment

"Customer001987_rfq-deaho.xlsx"

MD5

009c97a279ca9082088dba2dcf8907e4

SHA256

e4be4ce928395ea670d27d2103761ed240cc5a2fb46e8e7ee34c88aef6fa156e

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

46.183.223.126

From

"Shreyas Ramesh" <shreyas@djs.ae>"

Subject

"Purchase Order Confirmation "

Attachment

"Purchase Order.doc"

MD5

68fe0bd120a18d2a247f3322e948463b

SHA256

0479439b257470151391a12e00899084a9455b750fd87ef44f3d68daa2c8a6f6

Family

Unknown

 

(3)

 

Sender ip

185.222.58.158

From

"Saif Khan<sales3@cvshvac.com>"

Subject

"RE:Bank Slip and our New P.O copy."

Attachment

"Bank Slip and our New P.O copy.pdf.ace"

MD5

3d487ab8ebbba7bad5687c981ec9ccbf

SHA256

499ef36050a153956d152d098eb77810da5418a7611903d3ab38644ccd4eef17

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

185.222.58.149

From

"=?UTF-8?B?RGF2aWQgTmfCoA==?=<customercare@omfreight.com.cn>"

Subject

"=?UTF-8?B?UkU6UkVDT05GSVJNIEJBTksgREVUQUlMUyBGT1LCoFBBWU1FTlQ=?="

Attachment

"BANK DETAILS.zip"

MD5

59a096315bff6761129aaa01bde9fd48

SHA256

af275a56902333d452e5851bdbbf6423d367f8cf1fbb454cf7b6bee5dd48b707

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"INVO090090202.zip"

MD5

c1f36d29ed3c343563e7db949f70d30f

SHA256

05aa1ccabf21b2476832f9b686d83652d5a977c5db28c1c334bd4247a969ff41

Family

SnakeKeylogger

 

(6)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"40900900090000.LZH"

MD5

e8c250f9df1e7efabc97e05da34993f0

SHA256

277198b8d7f23797cbbb2c65643df0ef07d259bdabb33afe54b77a4be09c0694

Family

SnakeKeylogger


(7)

Sender ip

185.222.58.136

From

"elifkardes@gmail.com"

Subject

"=?UTF-8?B?5paw5o6h6LO86KiC5Zau77yaNDgwMTA0NzM=?="

Attachment

"00404000004.UUE"

MD5

2d5a96bdf8bdc3107fe8c044a880d3d8

SHA256

3f547f553540fe1703af427ae21d481b1626f702277799f5f909dc0cbe587cb6

Family

SnakeKeylogger


(8)

Sender ip

103.4.65.245

From

"Accounts <moinul.islam@azimgroup.com>"

Subject

"Re: Quotation"

Attachment

"Q 1468 Cunnigham Pharma.r01"

MD5

a148e3c4b6b3d96a8a3e00a62a53461f

SHA256

967f9f45a143a8f901a37d3b7b7eacbcc743c027fd6e0bcd4548727793ad141a

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

103.232.53.200

From

"Roberto Cagliero <tina@bssjkt.com>"

Subject

"New Order No. 211128"

Attachment

"211128.doc"

MD5

824439aca685176f57c2149be357c0d5

SHA256

5e7a8b39eff3dfe0374c975fe75a5304dc64b85da4788153796a9bb1f6d44c3c

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

192.119.110.90

From

"<contact@oeeg.net>"

Subject

"PURCAHSE ORDER {SC_20210610.z}."

Attachment

"SC_20210610.z.z"

MD5

381b7939bf726253b7c08f3883da37de

SHA256

9b35cbd73208090bc92abc19799591e644d55fa6b76f91d661d8e8e9679bf7a6

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

185.222.57.171

From

"Fawwaz Sawan <Fawwaz.Sawan@sib.ae>"

Subject

"=?UTF-8?B?2LfZhNioINi52LHYtiDYo9iz2LnYp9ixICAtUkZR?="

Attachment

"RFQ-sib.r00"

MD5

e5e2492c305743886345a0d987bab4a4

SHA256

349bfbd56d690c615b831f392a57321740906908b43b0f4b8eede1fc270ed618

Family

Unknown


(12)

Sender ip

195.158.25.118

From

"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?= <bandar.alshammari.1@aramco.com>"

Subject

"Fwd: Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY

RENOVATIONS"

Attachment

"SAUDI ARAMCO Tender Documents - BOQ and ITB.r01"

MD5

c16f930ca96f671a3fefaae1e81ec83e

SHA256

9beb8409acf0951c4bceddaefa9d09950804a0ac4868f85625d6149f3696d082

Family

Unknown


(13)

Sender ip

195.158.25.118

From

"=?UTF-8?b?0JzQsNC70L7RhdCw0YI=?= <bandar.alshammari.1@aramco.com>"

Subject

"Fwd: Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY

RENOVATIONS"

Attachment

"Tender specifications.ace"

MD5

73ccad1dcad08d3ae7e0989a04976085

SHA256

31b763a83c956043644826fcdda1dd1883336639c9dbdc1c2ba90a2fb46b7078

Family

Unknown


(14)

Sender ip

168.168.42.35

From

"GIMD Data <GIMD.data@mercer.com>"

Subject

"Mercer GIMD Update June 2021"

Attachment

"FeeSchedule_2021.xls"

MD5

d84e77336ccedc4e48a9f2439b56ec18

SHA256

76e038bfeed37652cbc02b18bec95f219acb57544dc20d2b185d033fb1b39bde

Family

Unknown


(15)

Sender ip

168.168.42.40

From

"GIMD Data <GIMD.data@mercer.com>"

Subject

"Mercer GIMD Update June 2021"

Attachment

"FeeSchedule_2021.xls"

MD5

1791510b3ce20b1c65a7627992ee67da

SHA256

6aca300602ab7154e213a7869d4b93378028e8f09671baea4591320544eb62ff

Family

Unknown


(16)

Sender ip

185.222.58.149

From

"Kelly Cochrane< klcochrane@btxglobal.com>"

Subject

"RE: SOA & Invoices 440086"

Attachment

"SOA & Invoices 440086.zip"

MD5

4b445fd00f0e2e2b185bcae70e91fca7

SHA256

58851ea095a81281950b14dc6e91f3e3347c4ae8b38c69e307d6e9ba2de42554

Family

Unknown



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Thank you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware