Phishing Attacks 19_6_2021

 





(1)

Sender ip

45.137.22.38

From

"m.askari@tiamtejarat.com"

Subject

"Payment Advice For Outstanding SOA, $67,000.00,"

Attachment

"MT-103.rar"

MD5

cea8f9c8ab91d0cf6d51aa715615dc75

SHA256

77ee9bb85ad3e7b325c619eb99229546bd980ffed3accbc24821248992211fcb

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

159.65.55.247

From

"Tengku Muhammad" <Muhammad@petronas.com.my"

Subject

"RE:RE:PETRONAS INVOICE"

Attachment

"PETRONAS INVOICE.PDF.cab"

MD5

a9e1b3e3c6ddac6d39b98366c8013a06

SHA256

7a7983e48b7476ce96bfde0978015c4e89dd58357d421be00ab225e85d53f21e

Family

Loki

 

(3)

 

Sender ip

84.38.130.222

From

"Nanda Kishore<n.kishore@tehamaship.com>"

Subject

"Re: In The File Vessel Schedule "

Attachment

"Price.r00"

MD5

255608e0061c48fbaeecf84f8038282f

SHA256

8acf97d2e4ea86a2a3d7e3ea84fe5fb96e1229c45e1dc7f2df870759bf4345c1

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(4)

 

Sender ip

45.137.22.38

From

"mohammed.ali@algharshobgroup.com"

Subject

"RE: Flight Details With Shipping Invoice"

Attachment

"shippinginvoice.zip"

MD5

ab316dcda907f92d689924053881b05c

SHA256

98ec0a49ce8bb1fa047da66fc023332321bae4c11a2b472b99d9bb78becb6df2

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

185.222.57.244

From

"LC Dept, Almuftah LC Dept" <lcdept@almuftah.com>"

Subject

"TT SWIFT COPY AGAIN PI NO 071968"

Attachment

"MX-2310U_20210616_225343.r00"

MD5

e0b830e26acf33f4bb40a09330f7302a

SHA256

e4bb885674f142f06943ebac7bc26c17d21634a4f407b5adca78651f9cbc5fe9

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

103.140.250.188

From

"noreply@qnbefinans.com"

Subject

"Summary of the Meeting"

Attachment

"Minutes Of Meeting.r00"

MD5

28891ba7490527715a00e3d65d931645

SHA256

e15286e4dbca6cd8c52c3966e69c9bd0aae4490112dcedfea10d8f4067f3d52e

Family

SnakeKeylogger


(7)

Sender ip

93.125.31.217

From

"valerie.lefevre@labomoderne.com"

Subject

"Re: Purchase Order"

Attachment

"Order.pdf.r04"

MD5

7d89cc96825b503c52114b22a3e3f8a3

SHA256

e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

103.155.80.187

From

"Heine" <heine@tiongliong.com>"

Subject

"=?UTF-8?B?UkU6IOuMgOufiSDso7zrrLggU09B?="

Attachment

"statement of account.rar"

MD5

22ec3bbc99bae9d21d80e411e812a8c2

SHA256

02b3e2180394b3057040cdb77fc9efc7a0b26b61a9ff4a530564a277b12e179d

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

185.222.58.149

From

"Fatemeh Mahini"<munir@akkatoglu.com>"

Subject

"Re: Request for Quotation - Urgent 6/15/2021"

Attachment

"scan11062020.doc.zip"

MD5

347477d85a0dfdf382bc8a7895cdb1f3

SHA256

71c2043b9fea6c7af5cb3ebb0a6399f02c592144fc9242760ce8ced5b20d6b71

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

162.144.38.36

From

"PAYU INTERNATIONAL <sales8@oxy99.in>"

Subject

"Inward remittance"

Attachment

"Remittance Form-Payu.img"

MD5

588efab1ef2fe1a2d2d832002f9f2d01

SHA256

46f0bdf29f5e98be379bc1fea1b44306c14f58305fd237f45039e625e3741cc4

Family

NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..

(11)

Sender ip

104.168.246.155

From

"Meena Zolyn" <zolyn@ascenduum.pw>"

Subject

"Remittance form PO No.: SBIN321"

Attachment

"Remittance_Form.cab"

MD5

e51bf99f44cca1f9bdc56877b8614afd

SHA256

e111e9e9334a405bf7596e196d0199bd70595122b0922824f9e0f32f07189fa8

Family

Formbook


(12)

Sender ip

104.168.246.155

From

"Meena Zolyn" <zolyn@ascenduum.pw>"

Subject

"Remittance form PO No.: SBIN321"

Attachment

"Remittance_Form.cab"

MD5

e51bf99f44cca1f9bdc56877b8614afd

SHA256

e111e9e9334a405bf7596e196d0199bd70595122b0922824f9e0f32f07189fa8

Family

Formbook

(13)

Sender ip

161.35.17.44

From

"DHL EXPRESS <support@dhl.com>"

Subject

"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"

Attachment

"consignment details.rar"

MD5

8cb33040c9f75754659ac2b3055b84ca

SHA256

8dd5df1ce192b6101814de114129b653f7179714ff4ccd3654769f45ba237bc6

Family

SnakeKeylogger


(14)

Sender ip

45.137.22.36

From

"<nomination@vrlogistic.net>"

Subject

"Fwd: New Order!!!!"

Attachment

"70654 SSEBACT.zip"

MD5

bbf3392b78d7733b58d028d91e323d72

SHA256

0ddcbed6d8dd0e3ff4e2df474a8557b5935c69e5daf405903af90977bff03d83

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

185.222.58.149

From

"=?UTF-8?B?TGluZGEgTWFydGVuYcKg?=<purchase@vibrantgroupqatar.com>"

Subject

"=?UTF-8?B?UkU6IFBVUkNIQVNFIE9SREVSwqAxMjExMjA=?="

Attachment

"NEW ORDER 121120.zip"

MD5

1ed2f336f8999aee6a9a4608d4ce12f9

SHA256

e760efcf956cf894cad3ef31de4120a29c486343fdafaad816dfae9863b2e4f4

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(16)

Sender ip

84.38.130.222

From

"Scotsman Guide <Originator@scotsmanguide.com>"

Subject

"Re: Arrange Charges In The File"

Attachment

"Arrange Charge.r00"

MD5

e31312c6e1e07113ec617791060f2f20

SHA256

97f0dc5d6cccc16d4e147799580d302b3c2236433f3973451b31f8d8139a0bba

Family

AgentTesla


If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware