Phishing Attacks 29_6_2021
(1)
Sender ip |
193.169.255.220 |
From |
"WHEELS
TRADINGS<info@tradewheel.com>" |
Subject |
"URGENT REQUIREMENT" |
Attachment |
"RFQ
MRG-QTRTQWK_PRTTMMHJBG-GHTTWQ_KRT.ARJ" |
MD5 |
675634ac79ee0ddc5b781ebe5c98da51 |
SHA256 |
c2e9085091bab9583f251007823455205cc7613547a77a4e7eb76fec102af79b |
Family |
AgentTesla |
(2)
Sender ip |
212.60.13.5 |
From |
"BLACN -
RTM.CHINAOPS<rtm_chinaops@benline.com>" |
Subject |
"None" |
Attachment |
"ITINERARY.rar" |
MD5 |
198f983668b1c95b79a0fe32cac498e1 |
SHA256 |
a48a4f23ad1705d46b21354781376254c2bf0dc4f34eb4075bed0e0c8cdb86a5 |
Family |
AgentTesla |
(3)
Sender ip |
81.31.197.6 |
From |
"info@gervanne.com" |
Subject |
"RFQ" |
Attachment |
"RFQ1.xlsx" |
MD5 |
22600d57c5c9b99fb6e58a8d0b9b4757 |
SHA256 |
027ad84058c49bcfc35ef73d675d7813002c74210d28bb970a78e047588f00d0 |
Family |
GuLoader |
(4)
Sender ip |
74.201.28.108 |
From |
"=?UTF-8?B?WWXFn2ltIEFLVEHFniBLQVlIQU4=?=
<yesim.kayhan@globelink-unimar.com>" |
Subject |
"Sample Invitation to Bid" |
Attachment |
"Agreement.zip" |
MD5 |
62daf2901c9f1297ea00ed54439ae584 |
SHA256 |
3399d9ffed32e491c929c18b2319a2442738ac44931d44934fc776a50413e907 |
Family |
SnakeKeylogger |
(5)
Sender ip |
74.201.28.108 |
From |
"=?UTF-8?B?WWXFn2ltIEFLVEHFniBLQVlIQU4=?=
<yesim.kayhan@globelink-unimar.com>" |
Subject |
"Sample Invitation to Bid" |
Attachment |
"Instructions to
Bidders.lzh" |
MD5 |
34c7ca58ecd60828eeec4277afcbe468 |
SHA256 |
38c8157793f04a945e0b665f3575ab22b6dcaf3a88e305706837298fda5ced84 |
Family |
SnakeKeylogger |
(6)
Sender ip |
93.189.41.161 |
From |
"DHL+ Team"
<Hayes@mixreports.com>" |
Subject |
"DocuSign: Equipment #9611" |
Attachment |
"Agree Status 28.Password
cncyafknngalrwti.xlsm" |
MD5 |
790cd237fca814411d8839dadcb655f4 |
SHA256 |
9e782d4fc3dc6acd3edff7e7bb0f68a724b1a2b7575fed939640c5855008aae3 |
Family |
Unknown |
(7)
Sender ip |
45.137.22.126 |
From |
"Selina Shen
<contactus@christcenterofhope.org>" |
Subject |
"RE: Re: purchase order" |
Attachment |
"PO-HUATON SO- CERAMIC
VASE.xlsx" |
MD5 |
aaaa1eefa79498a5f6e5fe8940827962 |
SHA256 |
4da7c61ec6eb75209eb168ec610d851389a01c06975a6236de3729328fdcc450 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip |
213.246.110.56 |
From |
"Ibtissem Belghoul
<ibtissembelghoul@saipem.com>" |
Subject |
"BID No. 2000541001- REQUEST FOR
QUOTATION FOR SHORE APPROACH SERVICE & EQUIPMENT-H02768 LTA2-43-BERRI
DOWNSTEAM PIPELINE PROJECT" |
Attachment |
"RFQ BID No. 2000541001.TAR" |
MD5 |
80523096e006a7b36157aa9077910c20 |
SHA256 |
501bb7c9b9760e453c509331fd11d554b603a45bf4d4bd760221c69b4a6c0165 |
Family |
SnakeKeylogger |
(9)
Sender ip |
212.60.13.5 |
From |
"DA Dept.Roxana
Shipping<da@roxanashipping.com>" |
Subject |
"MV ATHIRI VOY 87 WILL CALL AT
YOUR PORT ETA ON 26TH oct, 2021, IAGW, WOG FOR DISCHARGINGDEAR ALL" |
Attachment |
"SHIP�S PARTICULAR.rar" |
MD5 |
6346d5d3d92f0755421a9f5c82cc4cde |
SHA256 |
4e683d91b95caa1a673f0bae1f5ec98ca1be42c0d1fb755ef0ccf77487f124b5 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment