Phishing Attacks 4_6_2021

 








(1)

Sender ip

143.198.229.54

From

"dwh.amy@msa.hinet.net"

Subject

"PO - RFQ # 097663899 NEW ORDER"

Attachment

"PO-8372929.rar"

MD5

5a1fccf7150a84fb38627fffea46743c

SHA256

b772003aa618473001ecb1689c3ccdef48d320ea11ea06249114452f02720e31

Family

SnakeKeylogger

 


(2)

Sender ip

93.189.43.36

From

"DHL <Brown@kolbehouse.org>"

Subject

"Updated information"

Attachment

"Invoice.xlsm"

MD5

37dddaca38ad99f97ee0855e6de00c17

SHA256

c177f507a8625a50fd3cbbe0cdd5f76947f9fb6a2872c0da80fcdf6a7a2ff31b

Family

Unknown

 

(3)

 

Sender ip

104.168.144.215

From

"orp-andamiosnorte.pw" <orp@andamiosnorte.pw>"

Subject

"Statement Of Account"

Attachment

"SOA #220953.rar"

MD5

31150b7160c3054cf207ae1258d06e6e

SHA256

762cbe6d920583c755fd36c6c4622802d70b71b642d032da308585f7847c3380

Family

Formbook

 


(4)

 

Sender ip

185.222.57.171

From

"Mohannad Anis Azem (Admin Dept)" <Mohannad.Azem@dib.ae>"

Subject

"Re; Payment Confirmation "

Attachment

"Payment Slip.r00"

MD5

0cbb36e99c586414ee7ccca726a5cca1

SHA256

1c425aba59d9eace9493b8b7efb6cf7f3c82263162f954f77479d663be9255ef

Family

SnakeKeylogger

 


(5)

Sender ip

45.137.22.37

From

"Saleem<sales@digitaleyechart.com>"

Subject

"Bank Payment Details"

Attachment

"Bank Payment Details.lzh"

MD5

4a216619538529cc3b54e8e55fcdcbad

SHA256

71e3486d117a94cd96f40208c6f38981d1403d1374aca9c0449e2f0a9f20f534

Family

Formbook

 

(6)

Sender ip

45.137.22.37

From

"Abdelmajid IJRHA<amit@coolbuddy.com>"

Subject

"Purchase Order 0060/2021"

Attachment

"Purchase Order.lzh"

MD5

60e727a946237b7ec51e4f38b8033013

SHA256

75b2bb256f609bb8529f2b53f2abc183630950efdb105b327d4c958ab6a8b20b

Family

Formbook


(7)

Sender ip

185.222.58.153

From

"Interplex<info@cz.interplex.com>"

Subject

"RE: INVOICE SC1289"

Attachment

"INVOICE SC1289.zip"

MD5

081c7f0993e65adeb2b72ce5fe878db0

SHA256

3c3e4ab4c7f951f407783c91146c7233446440d28f6c6834a533b667178c4b3c

Family

SnakeKeylogger


(8)

Sender ip

185.222.58.149

From

"Chusui<chusui@tzdegree.com>"

Subject

"=?UTF-8?B?UkU6TkVXIFBPIEZST00gQUxBTlRFQ0ggQ08uLExURCBRVFRZIChQTyM3QTY4RDIwKcKg?="

Attachment

"PURCHASE LIST.zip"

MD5

5cf71283955d596551a1780b2f67c287

SHA256

478b5d9549a07c23815c5559f7cb39cab965b91977eaa46c0d56483b411669ce

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

193.56.29.192

From

"Miguel Cordoba <office@aspoeck.com>"

Subject

"Enquiry (BVHEI2021/2505-02)CLOSING28/5/2021"

Attachment

"RFQ-BVHEI2021.xlsx"

MD5

750056c758ce9628cbe2a39d018264dd

SHA256

a924bd7239e5c95f3116a195b5b34b733dcdbbcdd65d91465fc0d822dae1c8ac

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

195.201.227.104

From

"Morello <morello@motormarineservice.com>"

Subject

"New order PO#1088063401"

Attachment

"New order PO#1088063401.zip"

MD5

749fd3506c5c5b5c278210063fa3ba78

SHA256

65a752436f875975229ce6ff0e7c224090f86138c04c0b119f0cc8180befdbb1

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

103.232.53.200

From

"Catherine Liu" <accountspayable@fiscal.treasury.gov>"

Subject

"FW: Proof Of Payment"

Attachment

"TT Swif_66E3563653553_PDF_.uu"

MD5

2b70f4aebb96864780b33a6d78b199be

SHA256

fd0173c1edaf0c1b01c63e63f75c1ec1efdbe9f939d485864f90e4bd1503888b

Family

Matiex


(12)

Sender ip

195.133.40.234

From

"HSBC Advising Service <advising.service.8621898.631623.1955390372@mail.hsbcnet.hsbc.com>"

Subject

"Payment Advice - Advice Ref:[GLVB15894514] / ACH credits / Customer Ref:[JB11068847] /Second Party Ref:[286625-P] "

Attachment

"COMPANY LETTER.zip"

MD5

c158b3b3431a93620c1977853c7d1b90

SHA256

52876c02626b9fd25fdf3fc86b3178b68e3d1c04067bd39d9f88b94c1f7144ce

Family

Unknown


(13)

Sender ip

185.222.57.135

From

"Terence So <terence.so@otlsystems.com>"

Subject

"Re: PO 2020208"

Attachment

"INVOICE.gz"

MD5

5429336e843b50dc3b968f0e29e41774

SHA256

baab27475406e896cf4ee9bb81edef9026a3080366d75b5035b0341607cd84d2

Family

Formbook


(14)

Sender ip

199.10.31.238

From

"sales@mkepl.com"

Subject

"RFQ: Request For Price List and FOB To Lebanon."

Attachment

"RFQ PRICE LIST FOR LEABANON 8938920993.gz"

MD5

6648f77b01198f4fc07899039ebdb6fe

SHA256

dad4919aa346d287d13960834c9267519427045ff3358eb43dae4d9669954570

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

185.222.58.149

From

"Chusui<chusui@tzdegree.com>"

Subject

"=?UTF-8?B?UkU6TkVXIFBPIEZST00gQUxBTlRFQ0ggQ08uLExURCBRVFRZIChQTyM3QTY4RDIwKcKg?="

Attachment

"PURCHASE LIST.zip"

MD5

54f35da53283811fdaa7dd3136afef10

SHA256

6bd86882d42b0a615a2d9a2ff8591a10efd31db0182097c17b1731658df296ce

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(16)

Sender ip

103.125.190.80

From

"HSBC Advising Service <advising.service@mail.hsbcnet.hsbc.com>"

Subject

"Payment Advice - Advice Ref:[GLV410796721] / Priority payment / Customer Ref:[2000000559]"

Attachment

"Payment_Advice.zip"

MD5

9be2d1fe68c3e4489190a700fe4efbaf

SHA256

22f91fd6ef47d8e00f3846dc92310f13b8a0d036792685170bdab124efc1f280

Family

Formbook


(17)

Sender ip

159.65.154.225

From

"Yvonne Milli <yvonne@milli.com.tw>"

Subject

"RE: doc of Ningbo, china to CAMBODIA SIHANOUKVILLE-(NBEJ1910038A&B)"

Attachment

"print PO#6321023.docx"

MD5

3eb620f82132d7715cde30887fa24ed5

SHA256

07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc

Family

Loki




If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021