Phishing Attacks 14_6_2021

 





(1)

Sender ip

185.222.57.171

From

"Mohannad Anis Azem (Admin Dept) <Mohannad.Azem@dib.ae>"

Subject

"Fwd: dib Payment Notice "

Attachment

"Bank Swift.r00"

MD5

72323e57bf89e4ff5558c17139ca0e23

SHA256

5ada22900521d5d10af5b785121c9fce55027117a681246d9781f0eb087a9f3c

Family

SnakeKeylogger

 


(2)

Sender ip

209.127.189.51

From

"enquiries@kmpl.com.au"

Subject

"New Order & Packing List"

Attachment

"LS0061321.zip"

MD5

16dd94a96015805abc129d9a14f265f2

SHA256

97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

209.127.189.51

From

"enquiries@dplgroup.com"

Subject

"New Order enquiries "

Attachment

"PO_061421.zip"

MD5

f11872e4e4042e3c6591ae860f5af545

SHA256

dd86052fcd2d7211d77f59b18651536936c2894007f2b3733e91650a2b83d798

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

134.209.158.228

From

"StefaniaScigulinska<budgetnotifications@srl.com>"

Subject

“RE: New Order for Pietra Grey shipment"

Attachment

"PO#450011-quotation01.docx"

MD5

4dfd0caa1bba34d41e02ac53f8d609b9

SHA256

81fe8f7d3f171aa2065b541d1fca3ac861dcb905a87016f24ff40317f044127e

Family

Unknown

 

(5)

Sender ip

209.127.189.51

From

"enquiries@dplgroup.com"

Subject

"New Order enquiries "

Attachment

"Order.zip"

MD5

bba9a981e6fa97c0d2b0a771653efe23

SHA256

f085a75ddaceab9aec2662368a1545f9d7d185ae39b09a1a342a250437f61f9e

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

217.25.95.86

From

"noreply@dhl" <sales@0emgs.com>"

Subject

"Notification of shipment - 00000000000010001"

Attachment

"DHL_RECEIPT.PDF.r00"

MD5

10b260a8523ac9c3ec698acb1ca5f50a

SHA256

01911794d3f2b32f3e5311c7367e985160151545d29fb2f9514a7c0a41db6d58

Family

SnakeKeylogger


(7)

Sender ip

185.222.58.153

From

"yilia.xu@hiseas.cn <yilia.xu@hiseas.cn>"

Subject

"Re:Re:Revised PI"

Attachment

"Revised PI.rar"

MD5

8e88d33198d22070fb6563f7db349de2

SHA256

15d9a7464d49d541d77a402486ca299fe77031a9dc362bcfd83d60339fd0558d

Family

Formbook


(8)

Sender ip

159.89.150.50

From

"Mr. Le Thi Hau" <accounts@236.mxvmno.gq>"

Subject

"PI 20210519-MMH-UDOM"

Attachment

"IMG_003_166_372.R01"

MD5

fcd3ebaa7306b28ec112a08bac6a32be

SHA256

3f8ee48e117cfcc67443dbcfb0f1ce85ccdc5f06975298234b40e0115224661b

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

104.168.214.251

From

"UPS <pur1@binhnam.vn>"

Subject

"UPS SHIPMENT CONFIRMATION"

Attachment

"UPS#SHIPMENT_CONFIRMATION_CBJ19051700013_11Z35Q6Q80446518864888.rar"

MD5

15f7f83b186e80f4bb0b86077f90b2f4

SHA256

8d8cf7ec30c5c05ce315c8fe411f83966840adf03047bc032d9f776740fbe742

Family

Formbook


(10)

Sender ip

185.222.57.200

From

"Ms Divya"<purchase.r40@sanjivani.co.in>"

Subject

"Order Enquiry No: 3308"

Attachment

"Enquiry.r15"

MD5

36fab3a442339e69ad9aa74d609d6153

SHA256

4ad218e760572a242d82691c7f3a9de510986d16c6345ec57090d19e9c45d6c7

Family

Formbook


(11)

Sender ip

203.159.80.83

From

"Lan Kim - Sales4 <asia@faircon.co.kr>"

Subject

"FW: Shipping Docs//INV/PL/THS0094587"

Attachment

"Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r17"

MD5

b74c6eac5ef1aeef99933ff9bca06f41

SHA256

2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(12)

Sender ip

23.254.229.14

From

"Emily-Logistics" <emily@sixgigasolution.live>"

Subject

"Shipping documents for ZH210300 ZH210385 PO#60059611 60060602 60061258 60061531 60062575 "

Attachment

"177RJNJNQ8033VFB BL60059611 HLCUTA12104FKNC0ZH210385 6006153160062575.rar"

MD5

2251458bc8bebb6e24ad0b38714d32f8

SHA256

74d85fffa66636fd8c21cdd04617a4c39b8156ccb9dfc84b94c190c42b1baa83

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(13)

Sender ip

45.137.22.60

From

"<corporate@prima-alkesindo.com>"

Subject

"Scanned Copy Of Payment"

Attachment

"Scanned Copy for our payment.z"

MD5

2bd37c2c98f5934ecabcf0fe748e70c2

SHA256

b860ca3d367ef99f5737c030e9ac79f434d6bd3c0817b5ec09f37ef4dacd9c5b

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

203.159.80.83

From

"=?UTF-8?B?7J207KCQ6rec?= sales@soopgil.co.kr"

Subject

"order PRT/1542 (SAP 15198539)"

Attachment

"4 Pallet Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r27"

MD5

40e4a6b483fcba9ff6e500cc6c20924a

SHA256

57415ce89fed352f579259b19da939df9635f8e2272838bebbfb4d48e59c68e1

Family

AZORult


(15)

Sender ip

64.227.111.195

From

"Harjot Kathuria" <office@imaginaton.com>"

Subject

"RFQ ///MILEXP2021M67"

Attachment

"RFQ_Template.iso"

MD5

cbf03e1a562baede9d94c215a74ac817

SHA256

df61529ef0eb5ae7fb3510ec72f36e820fe4b2eebbaae0379bc103074d2cdfb1

Family

Formbook


(16)

Sender ip

45.137.22.60

From

"THANH GAM"<ajay@raamtel.com>"

Subject

"RE:Products Listing"

Attachment

"Product Listing pdf.rar"

MD5

d46a6d9505955c408cb5ed33141ef873

SHA256

9f86835cf833e1f0a9d2d84e853241bd3db9a5aae9de834e114694517f922151

Family

NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA





Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware