Phishing Attacks 29_6_2021

 





(1)

Sender ip

193.169.255.220

From

"WHEELS TRADINGS<info@tradewheel.com>"

Subject

"URGENT REQUIREMENT"

Attachment

"RFQ MRG-QTRTQWK_PRTTMMHJBG-GHTTWQ_KRT.ARJ"

MD5

675634ac79ee0ddc5b781ebe5c98da51

SHA256

c2e9085091bab9583f251007823455205cc7613547a77a4e7eb76fec102af79b

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

212.60.13.5

From

"BLACN - RTM.CHINAOPS<rtm_chinaops@benline.com>"

Subject

"None"

Attachment

"ITINERARY.rar"

MD5

198f983668b1c95b79a0fe32cac498e1

SHA256

a48a4f23ad1705d46b21354781376254c2bf0dc4f34eb4075bed0e0c8cdb86a5

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla. 


(3)

 

Sender ip

81.31.197.6

From

"info@gervanne.com"

Subject

"RFQ"

Attachment

"RFQ1.xlsx"

MD5

22600d57c5c9b99fb6e58a8d0b9b4757

SHA256

027ad84058c49bcfc35ef73d675d7813002c74210d28bb970a78e047588f00d0

Family

GuLoader

 


(4)

 

Sender ip

74.201.28.108

From

"=?UTF-8?B?WWXFn2ltIEFLVEHFniBLQVlIQU4=?= <yesim.kayhan@globelink-unimar.com>"

Subject

"Sample Invitation to Bid"

Attachment

"Agreement.zip"

MD5

62daf2901c9f1297ea00ed54439ae584

SHA256

3399d9ffed32e491c929c18b2319a2442738ac44931d44934fc776a50413e907

Family

SnakeKeylogger

 

(5)

Sender ip

74.201.28.108

From

"=?UTF-8?B?WWXFn2ltIEFLVEHFniBLQVlIQU4=?= <yesim.kayhan@globelink-unimar.com>"

Subject

"Sample Invitation to Bid"

Attachment

"Instructions to Bidders.lzh"

MD5

34c7ca58ecd60828eeec4277afcbe468

SHA256

38c8157793f04a945e0b665f3575ab22b6dcaf3a88e305706837298fda5ced84

Family

SnakeKeylogger

 

(6)

Sender ip

93.189.41.161

From

"DHL+ Team" <Hayes@mixreports.com>"

Subject

"DocuSign: Equipment #9611"

Attachment

"Agree Status 28.Password cncyafknngalrwti.xlsm"

MD5

790cd237fca814411d8839dadcb655f4

SHA256

9e782d4fc3dc6acd3edff7e7bb0f68a724b1a2b7575fed939640c5855008aae3

Family

Unknown


(7)

Sender ip

45.137.22.126

From

"Selina Shen <contactus@christcenterofhope.org>"

Subject

"RE: Re: purchase order"

Attachment

"PO-HUATON SO- CERAMIC VASE.xlsx"

MD5

aaaa1eefa79498a5f6e5fe8940827962

SHA256

4da7c61ec6eb75209eb168ec610d851389a01c06975a6236de3729328fdcc450

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

213.246.110.56

From

"Ibtissem Belghoul <ibtissembelghoul@saipem.com>"

Subject

"BID No. 2000541001- REQUEST FOR QUOTATION FOR SHORE APPROACH SERVICE

& EQUIPMENT-H02768 LTA2-43-BERRI DOWNSTEAM PIPELINE PROJECT"

Attachment

"RFQ BID No. 2000541001.TAR"

MD5

80523096e006a7b36157aa9077910c20

SHA256

501bb7c9b9760e453c509331fd11d554b603a45bf4d4bd760221c69b4a6c0165

Family

SnakeKeylogger


(9)

Sender ip

212.60.13.5

From

"DA Dept.Roxana Shipping<da@roxanashipping.com>"

Subject

"MV ATHIRI VOY 87 WILL CALL AT YOUR PORT ETA ON 26TH oct, 2021, IAGW, WOG FOR DISCHARGINGDEAR ALL"

Attachment

"SHIPS PARTICULAR.rar"

MD5

6346d5d3d92f0755421a9f5c82cc4cde

SHA256

4e683d91b95caa1a673f0bae1f5ec98ca1be42c0d1fb755ef0ccf77487f124b5

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA






Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more