Phishing Attacks 28_6_2021

 





(1)

Sender ip

103.133.106.156

From

"Wini Zeng wini@bgchuahe.com"

Subject

"Request For Quotation "

Attachment

"Purchase Quotation.gz"

MD5

8960203a1283a4b46d1c0b8573716fe3

SHA256

ecb3d2f8933eb1e048a42128cd5a6d0eb21745f55ff83c89c715be34db170e1c

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

213.246.110.56

From

"=?UTF-8?Q?=E5=88=98=E5=BF=97=E6=9D=B0?= <liuzj.osec@sinopec.com>"

Subject

"[SINOPEC/MIP/PKG17]-RFQ//FENCE MATERIAL-EASTERN FENCE OIL AND

GAS/MARINE"

Attachment

"MIP17-MTA002 TBE Clarification Rev. A - EASTERN.Tar"

MD5

6cb5843f813dbe6aae3c331a1454473f

SHA256

cf0979e009966dcbd4bbfd300daafddf3f36a3b7e384adb4b91e0e97fb7d40ba

Family

SnakeKeylogger

 

(3)

 

Sender ip

159.89.112.172

From

"<support@dhl.com>"

Subject

"DHL Shipment Notification : 3227610761"

Attachment

"WaybillDoc_3227610761.zip"

MD5

516f2d7f6901c0d5e9154dc062dfe994

SHA256

c084f4aecf97e5c7753b9c2fe2a44862926cb2df16df73d4db4af797cb2ea952

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

193.56.29.192

From

"info@ultramol.ru"

Subject

"Ultramol PO 33015- RFQ"

Attachment

"PO 33015.doc"

MD5

c428f38a84f17399a88559e3fc68fff5

SHA256

44f060eefb28b1d90759eb517c0e134e52164a2701e4f4d9ddbbbd27f48cce2c

Family

Formbook

 

(5)

Sender ip

92.204.160.71

From

"UTENTRA SRL || Purcshase Dept <info@allrnedikal.com>"

Subject

"new po 20217602"

Attachment

"new order 20217602.xlsx"

MD5

34ea341a86ef62ca56e400e0df97f3c5

SHA256

b7ec359d9ce5edd99910dc32f7a07ad50dd056fb26791a6aed260a65b6cb684d

Family

Formbook

 

(6)

Sender ip

46.183.220.10

From

"USMAN <noreply@domain-admin.com>"

Subject

"RE: Purchase Order"

Attachment

"Purchase Order.LZH"

MD5

501660f2310efb40ca77a981044c61f5

SHA256

eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b

Family

SnakeKeylogger


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z"
Read more