Phishing Attacks 30_6_2021

 



(1)

Sender ip

81.31.197.53

From

"VIVO <contadigital@vivo.com.br>"

Subject

"A Conta Digital Vivo chegou"

Attachment

"fatura_vivo_01072021.zip"

MD5

aef5024a83edc00e6540c720d061d4a9

SHA256

451b4fb4bbd1132305a70846d178321c1cdf291d51c51974ff5beb98674e14ba

Family

Unknown

 


(2)

Sender ip

45.137.22.110

From

"info@dijlashipping.com"

Subject

"RE: SHIPPING DOCUMENT & PACKING LIST"

Attachment

"DOC.zip"

MD5

a951a2a98623826a7f0734652a52ec6d

SHA256

794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084

Family

Unknown

 

(3)

 

Sender ip

213.246.110.56

From

"Tender Iraq 07 (IRQ/PCSB)" <tender.iraq07@petronas.com.my>"

Subject

"RFQ/PCIHBV/2021/MRP/2711/ PROVISION OF SUPPLY AND DELIVERY OF

MECHANICAL SPARE PARTS FOR PETRONAS CARIGALI IRAQ HOLDING B.V."

Attachment

"PETRONAS RFQPCIHBV2021MRP2711.TAR"

MD5

4240db0af6ad10bcb1c5d9eea2008dda

SHA256

6014a249398a77294a8e0533975dad4bc14e3e85c99f706dd768dcd877c11410

Family

SnakeKeylogger

 


(4)

 

Sender ip

213.246.110.56

From

"Tender Iraq 07 (IRQ/PCSB)" <tender.iraq07@petronas.com.my>"

Subject

"RFQ/PCIHBV/2021/MRP/2711/ PROVISION OF SUPPLY AND DELIVERY OF

MECHANICAL SPARE PARTS FOR PETRONAS CARIGALI IRAQ HOLDING B.V."

Attachment

"MECHANICAL SPARE PARTS FOR PETRONAS CARIGALI IRAQ HOLDING B.V.TAR"

MD5

21d41eda5fb0d8a00f9e58203801316a

SHA256

43999a31cf39af3b63ad19da61ab8d5828a86ee4ea0cd77d49143427d1bd0cca

Family

SnakeKeylogger

 

(5)

Sender ip

193.142.59.37

From

"Info <willkommen@vendor.de>"

Subject

"invoice & kgs #5375"

Attachment

"Invoice.doc"

MD5

8878f2a3a7a71b648afca597c3d907c6

SHA256

14813f2f1c5a3dc1eb83a867d1a1537c38061af136c0d54e8ec0707f103b29e6

Family

Unknown

 

(6)

Sender ip

45.137.22.110

From

"sales@mecord.com"

Subject

"RE: PAYMENT COPY MT103"

Attachment

"payment copy.r00"

MD5

7b28895fe4c010db8d8e0b36db3bda77

SHA256

99b99539800b783d66b35c5e977816a6541c03dd1b683f14a998cf840ba39171

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

185.222.58.104

From

"Elena Borovik <mailto:e.borovik@btsgroup.by>"

Subject

"Please send us your quotation for BK Vision"

Attachment

"nwhgu8941.lzh"

MD5

bf778b5aa367352b64544506c785037c

SHA256

964627926c709efa2260eb2d141b2afd7bdd2e73acdc0adf38d99e44865e7f17

Family

Unknown


(8)

Sender ip

103.114.106.156

From

"Yan Lidong" <service@ngccoin.hk>"

Subject

"=?UTF-8?B?562U5aSNOiBEb3duIHBheW1lbnQ=?="

Attachment

"swift transfer_copy.pdf.rar"

MD5

5140f9f0a829e10592e1d6867d5bb5b1

SHA256

f58908fe6ee795a218f978f8c7d01433f5189f523625c3327fa5ae3d520bd442

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

185.222.58.104

From

"Laurent YAO <laurentyao@liedsgroup.com>"

Subject

"Please send us your quotation for BK Vision"

Attachment

"quotation (2).lzh"

MD5

5fd9592605456a3a9336187df19d3d05

SHA256

5e5537e2c5ca877e3a7bb6cefb0258ded276d88a4b15d806e4a64cdeb0a44c9d

Family

Unknown


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more