Phishing Attacks 14_6_2021
(1)
Sender ip |
185.222.57.171 |
From |
"Mohannad Anis Azem (Admin Dept)
<Mohannad.Azem@dib.ae>" |
Subject |
"Fwd: dib Payment Notice " |
Attachment |
"Bank Swift.r00" |
MD5 |
72323e57bf89e4ff5558c17139ca0e23 |
SHA256 |
5ada22900521d5d10af5b785121c9fce55027117a681246d9781f0eb087a9f3c |
Family |
SnakeKeylogger |
(2)
Sender ip |
209.127.189.51 |
From |
"enquiries@kmpl.com.au" |
Subject |
"New Order & Packing
List" |
Attachment |
"LS0061321.zip" |
MD5 |
16dd94a96015805abc129d9a14f265f2 |
SHA256 |
97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b |
Family |
AgentTesla |
(3)
Sender ip |
209.127.189.51 |
From |
"enquiries@dplgroup.com" |
Subject |
"New Order enquiries " |
Attachment |
"PO_061421.zip" |
MD5 |
f11872e4e4042e3c6591ae860f5af545 |
SHA256 |
dd86052fcd2d7211d77f59b18651536936c2894007f2b3733e91650a2b83d798 |
Family |
AgentTesla |
(4)
Sender ip |
134.209.158.228 |
From |
"StefaniaScigulinska<budgetnotifications@srl.com>" |
Subject |
“RE: New Order for Pietra Grey
shipment" |
Attachment |
"PO#450011-quotation01.docx" |
MD5 |
4dfd0caa1bba34d41e02ac53f8d609b9 |
SHA256 |
81fe8f7d3f171aa2065b541d1fca3ac861dcb905a87016f24ff40317f044127e |
Family |
Unknown |
(5)
Sender ip |
209.127.189.51 |
From |
"enquiries@dplgroup.com" |
Subject |
"New Order enquiries " |
Attachment |
"Order.zip" |
MD5 |
bba9a981e6fa97c0d2b0a771653efe23 |
SHA256 |
f085a75ddaceab9aec2662368a1545f9d7d185ae39b09a1a342a250437f61f9e |
Family |
AgentTesla |
(6)
Sender ip |
217.25.95.86 |
From |
"noreply@dhl"
<sales@0emgs.com>" |
Subject |
"Notification of shipment -
00000000000010001" |
Attachment |
"DHL_RECEIPT.PDF.r00" |
MD5 |
10b260a8523ac9c3ec698acb1ca5f50a |
SHA256 |
01911794d3f2b32f3e5311c7367e985160151545d29fb2f9514a7c0a41db6d58 |
Family |
SnakeKeylogger |
(7)
Sender ip |
185.222.58.153 |
From |
"yilia.xu@hiseas.cn
<yilia.xu@hiseas.cn>" |
Subject |
"Re:Re:Revised PI" |
Attachment |
"Revised PI.rar" |
MD5 |
8e88d33198d22070fb6563f7db349de2 |
SHA256 |
15d9a7464d49d541d77a402486ca299fe77031a9dc362bcfd83d60339fd0558d |
Family |
Formbook |
(8)
Sender ip |
159.89.150.50 |
From |
"Mr. Le Thi Hau" <accounts@236.mxvmno.gq>" |
Subject |
"PI 20210519-MMH-UDOM" |
Attachment |
"IMG_003_166_372.R01" |
MD5 |
fcd3ebaa7306b28ec112a08bac6a32be |
SHA256 |
3f8ee48e117cfcc67443dbcfb0f1ce85ccdc5f06975298234b40e0115224661b |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip |
104.168.214.251 |
From |
"UPS <pur1@binhnam.vn>" |
Subject |
"UPS SHIPMENT CONFIRMATION" |
Attachment |
"UPS#SHIPMENT_CONFIRMATION_CBJ19051700013_11Z35Q6Q80446518864888.rar" |
MD5 |
15f7f83b186e80f4bb0b86077f90b2f4 |
SHA256 |
8d8cf7ec30c5c05ce315c8fe411f83966840adf03047bc032d9f776740fbe742 |
Family |
Formbook |
(10)
Sender ip |
185.222.57.200 |
From |
"Ms
Divya"<purchase.r40@sanjivani.co.in>" |
Subject |
"Order Enquiry No: 3308" |
Attachment |
"Enquiry.r15" |
MD5 |
36fab3a442339e69ad9aa74d609d6153 |
SHA256 |
4ad218e760572a242d82691c7f3a9de510986d16c6345ec57090d19e9c45d6c7 |
Family |
Formbook |
(11)
Sender ip |
203.159.80.83 |
From |
"Lan Kim - Sales4
<asia@faircon.co.kr>" |
Subject |
"FW: Shipping
Docs//INV/PL/THS0094587" |
Attachment |
"Shipping Docs.Commercial
Invoice. Packing List. Bill of LandingTHS0094587.r17" |
MD5 |
b74c6eac5ef1aeef99933ff9bca06f41 |
SHA256 |
2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip |
23.254.229.14 |
From |
"Emily-Logistics"
<emily@sixgigasolution.live>" |
Subject |
"Shipping documents for ZH210300
ZH210385 PO#60059611 60060602 60061258 60061531 60062575 " |
Attachment |
"177RJNJNQ8033VFB BL60059611
HLCUTA12104FKNC0ZH210385 6006153160062575.rar" |
MD5 |
2251458bc8bebb6e24ad0b38714d32f8 |
SHA256 |
74d85fffa66636fd8c21cdd04617a4c39b8156ccb9dfc84b94c190c42b1baa83 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip |
45.137.22.60 |
From |
"<corporate@prima-alkesindo.com>" |
Subject |
"Scanned Copy Of Payment" |
Attachment |
"Scanned Copy for our
payment.z" |
MD5 |
2bd37c2c98f5934ecabcf0fe748e70c2 |
SHA256 |
b860ca3d367ef99f5737c030e9ac79f434d6bd3c0817b5ec09f37ef4dacd9c5b |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
203.159.80.83 |
From |
"=?UTF-8?B?7J207KCQ6rec?=
sales@soopgil.co.kr" |
Subject |
"order PRT/1542 (SAP
15198539)" |
Attachment |
"4 Pallet Shipping
Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r27" |
MD5 |
40e4a6b483fcba9ff6e500cc6c20924a |
SHA256 |
57415ce89fed352f579259b19da939df9635f8e2272838bebbfb4d48e59c68e1 |
Family |
AZORult |
(15)
Sender ip |
64.227.111.195 |
From |
"Harjot Kathuria"
<office@imaginaton.com>" |
Subject |
"RFQ ///MILEXP2021M67" |
Attachment |
"RFQ_Template.iso" |
MD5 |
cbf03e1a562baede9d94c215a74ac817 |
SHA256 |
df61529ef0eb5ae7fb3510ec72f36e820fe4b2eebbaae0379bc103074d2cdfb1 |
Family |
Formbook |
(16)
Sender ip |
45.137.22.60 |
From |
"THANH
GAM"<ajay@raamtel.com>" |
Subject |
"RE:Products Listing" |
Attachment |
"Product Listing pdf.rar" |
MD5 |
d46a6d9505955c408cb5ed33141ef873 |
SHA256 |
9f86835cf833e1f0a9d2d84e853241bd3db9a5aae9de834e114694517f922151 |
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment