Phishing Attacks 3_6_2021

 





(1)

Sender ip

185.222.58.149

From

"Wu Xueming"<accountsknp@taborfreight.com>"

Subject

"FW: SOA Review Done : Inter Bank Transfer(IBG) URGENT"

Attachment

"Bank swift.zip"

MD5

eaf4bec0c1103fa6f87aaddbaa631454

SHA256

7bc8e9198c499b6c48d39e99734d3c9081d0eae625f5ac9a2ca4f571946a1501

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(2)

Sender ip

45.137.22.149

From

"M.Hilpert@serafimaint.com"

Subject

"RE:Reconfirm Bank Details"

Attachment

"Bank Details.r00"

MD5

21ab3f0250d6a797fae7f179e428c539

SHA256

b0fb5eb8dad64e67ded64e20c20075ad3198295ded5646c9cff81cdcb527f6b5

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

103.155.80.187

From

"karen marshall" <karen.marshall@olympus.co.uk>"

Subject

"Fwd: Quotations New Order"

Attachment

"new order.rar"

MD5

c2551fe8efe908d1ebcea82607408aef

SHA256

fd80bdd9cb1cb0f140ce78a39a8c73087f27c85322ca17ed66a39026ac09c151

Family

AgentTesla

 

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(4)

 

Sender ip

103.155.80.187

From

"Sales Manager" <sales@htglover.com>"

Subject

"RE: STATEMENT OF ACCOUNT"

Attachment

"outstanding invoices.rar"

MD5

c745accf0132345f01aac2323bb345fe

SHA256

5b9d8a84ee305113d9915edb5c6adf6182894fefa40e046b536971083064b5fd

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(5)

Sender ip

155.94.136.153

From

"Mattia Comelli<mattia.comelli@tekube.com>"

Subject

"New RFQ Check-up item CS1528240.2"

Attachment

"EQPC-0029-02.xlsx"

MD5

173a76273a1d9617f5b2cde725aa47bf

SHA256

60afc72d245d76fae7ff9087aa81f677e03f6517bd69a5e8040e5fee7e1449bf

Family

Unknown

 

(6)

Sender ip

155.94.136.153

From

"Mattia Comelli<mattia.comelli@tekube.com>"

Subject

"New RFQ Check-up item CS1528240.2"

Attachment

"3034501.zip"

MD5

2bae8f71a486883503d04c462a6240d2

SHA256

6973dab1da8d0bcb8185df7aa63b8474bc9491f16f7642a347b529789f19d6da

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

195.133.40.234

From

"Khamis Salim <k.salim@oxy.com>"

Subject

"RFQ-14000135846 NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM "

Attachment

"RFQ-14000135846_Scanned from a Xerox multifunction device (2).zip"

MD5

92ac9dbc5783ddeab66cff673b4bbae4

SHA256

a70495ddde64524d6c16dca86296d44ea78c15c3ac97609dac318559ee2644de

Family

Unknown


(8)

Sender ip

185.121.120.197

From

"=?UTF-8?Q?KOLAGOM_K=C4=B0MYASALLAR_SAN=2E_VE_T=C4=B0C=2E_LTD=2E_?=

=?UTF-8?Q?=C5=9ET=C4=B0=2E?= <esraa@kolagom.com>"

Subject

"New Inquiry"

Attachment

"Product list.xlsx"

MD5

8f310f476d94685424314ab47316f4fe

SHA256

d4800340fbd1803a42df8ac5b06b47b8d2cafa64738f02282fe4b32e97fa872b

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

45.137.22.149

From

"Natchac@eiamheng.com"

Subject

"RE:Reconfirm Bank Details"

Attachment

"Bank Details.ARJ"

MD5

998aa8498fe9c96865842d82fc1b680f

SHA256

e9b4cb23f9e8a68d296ba0f51cbfd513f7e621e0461e560f1cb910b38d172244

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

185.222.57.200

From

"purchase"<purchase.r40@sanjivani.co.in>"

Subject

"Order Enquiry No: 3308"

Attachment

"Inquiry.r15"

MD5

365cef6b9f1d3672cf86d043e48845a9

SHA256

9e6994570cedbc6d1bc2b077bda2bdf38c26ab2f2d09ea3797c45d786fd1b2d9

Family

SnakeKeylogger


(11)

Sender ip

185.222.58.153

From

"Tina Donini<tina@stmsaldatura.it>"

Subject

"PAYMENT COPY"

Attachment

"Swift-copy.zip"

MD5

0dec0263243d7a3b2f69e139f41c455f

SHA256

a9c17a18861e01200624ea6c949d9ac252478a80496add163211973f171f807d

Family

SnakeKeylogger


(12)

Sender ip

45.95.168.220

From

"Shruti" <n.khalilova@globalinklogistics.com>"

Subject

"Wire confirmation"

Attachment

"Wire-Payment.pdf.cab"

MD5

f0ab5f07a02cbe6511ae426f9d746563

SHA256

74336b753bee56d595e5420bccaa26e0f124200cb5071e853983118f49009654

Family

Formbook


(13)

Sender ip

103.207.38.69

From

"=?UTF-8?B?ICLljb/kupHluoYi?= <qingyunqing@snsp-tj.com>"

Subject

"NEW ORDER"

Attachment

"NEW ORDER.zip"

MD5

61357bd29f719f4b7f2a237b42eff70d

SHA256

33129214b46df54bc7a37e566e20bcbffc70de1d672a8379c114fb88b6c13c67

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

185.222.58.153

From

"Sajeer Kanniyath<finance.sedra@rotana.com >"

Subject

"BALANCE COMFIRMATION FOR MAY 2021"

Attachment

"Invoice-Copy.zip"

MD5

49290d6def5f028d43f5b3dfc943a11c

SHA256

60c12eb1e87d0fac641179d79c750a8cd46e325a57d7a454d708f95e6d83db54

Family

SnakeKeylogger


(15)

Sender ip

185.222.58.153

From

"Sajeer Kanniyath<finance.sedra@rotana.com >"

Subject

"BALANCE COMFIRMATION FOR MAY 2021"

Attachment

"Balance___5132.zip"

MD5

7b1af7564887531abe7565e16c909dbb

SHA256

c281a7861483a39ff4da8236c5b2a202f88562caa737f4d7060049fd1b5fb980

Family

SnakeKeylogger


(16)

Sender ip

185.222.57.232

From

"HSBC Advicing Service" <sales@derryauto.cn>"

Subject

"Payment Advice - Advice Ref:[GB1860369674] / Priority payment / Customer Ref:[0000568988]"

Attachment

"MT103-06022021987636472-PDF.ARJ"

MD5

8246a4b29d8dc66ee42fd1992e93f02e

SHA256

6e362240f8c0314c8c10319312b7abe77fd4821f5ace2b8e2837e07c86f3ab75

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021