Phishing Attacks 6_7_2021
(1)
Sender ip |
143.198.61.133 |
From |
"HSBC BANK PLC
<Admin@lgpartner.ch>" |
Subject |
"Payment Advice - Advice
Ref:[G51096567060] / Priority payment / Customer Ref!!!" |
Attachment |
"Payment copy.cab" |
MD5 |
5ff76c76c29d309adc9f4d007d71603f |
SHA256 |
137e5b7da690b6315d40c99848c61e7b0dd9ff8647fed73a14de6091b8691c2c |
Family |
Formbook |
(2)
Sender ip |
185.222.57.72 |
From |
"ACCOUNTS
<hassan@nwakth-cn.com>" |
Subject |
"RE:TT slip" |
Attachment |
"TT slip.zip" |
MD5 |
c6f75761184f97ec52ed280d842ef95e |
SHA256 |
10d6cd22738b4c398a63c37069bea83bc6f7219ec27b10fd3f031051f2f96800 |
Family |
AgentTesla |
(3)
Sender ip |
77.247.110.207 |
From |
"Bandar Al-Shammari
<BANDAR.ALSHAMMARI.1@ARAMCO.COM>" |
Subject |
"FINAL REMINDER!!! Request for
Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY RENOVATION - Phase 2
Project" |
Attachment |
"Saudi aramco tender
documents-BOQ and ITB.TAR" |
MD5 |
1e95296d32bdae680afc245dd62a54c0 |
SHA256 |
6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3 |
Family |
SnakeKeylogger |
(4)
Sender ip |
185.222.57.72 |
From |
"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>" |
Subject |
"RE: Statement Of Account" |
Attachment |
"Statement Of Account.zip" |
MD5 |
86a531bfa7963c79478e937ee52e2b94 |
SHA256 |
4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2 |
Family |
AgentTesla |
(5)
Sender ip |
103.155.80.90 |
From |
"sales@exalo.pl" |
Subject |
"Reply:_RE_:ORDER040721 WITH
SAMPLES " |
Attachment |
"order list.zip" |
MD5 |
fa7277a8a3a9202181490ffd626f57ff |
SHA256 |
d8552704ee0f7077c48d86faa51b543e1e74a3981a94287cec5c6d4173f594dd |
Family |
Loki |
(6)
Sender ip |
45.137.22.110 |
From |
"info@dijlashipping.com" |
Subject |
"RE: SHIPPING DOCUMENT &
PACKING LIST" |
Attachment |
"DOC.r00" |
MD5 |
2b91ba0a89ac19d2de47c38c4bdc84f9 |
SHA256 |
33d1397a0366fc393fa61f7f2a9aa42c2da10a255edb6e08f49edeba3fc74b3c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip |
23.94.160.230 |
From |
"DHL EXPRESS
<info@pg-conct.live>" |
Subject |
"DHL-EXPRESS / YOUR DELIVERY IS
TODAY." |
Attachment |
"DHL Shipment_pdf.cab" |
MD5 |
5d66909a2b0872f57566377e25aa001d |
SHA256 |
456f8f697d8c196c8852af66e8add347ee85ee0e678a0bccb424843a560333bd |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip |
103.139.44.91 |
From |
"show.t@anteksc.com"<show.t@anteksc.com" |
Subject |
"RE Re: USD160,603.05" |
Attachment |
"transfer slip.rar" |
MD5 |
36676256f4733bbe2ec8e15afd067e1c |
SHA256 |
cefed318fa62d6b9581acb1d0475f1236a56e3ba5e8f48140e6a2f51da250286 |
Family |
Unknown |
(9)
Sender ip |
185.222.57.89 |
From |
"David Brediceanu
<info@triogenerator.com>" |
Subject |
"Re: Invoice Copy" |
Attachment |
"SWIFT COPY - Invoices
464A62042150 - 25.485�.rar" |
MD5 |
ed57c1c7397b4503c170f93e9878661a |
SHA256 |
898903bcbcce6dacdb39dab8fd336e8600798b4069dc73b4825cf27d6c6b4084 |
Family |
SnakeKeylogger |
(10)
Sender ip |
213.246.110.56 |
From |
"HAMEED ERIC <INFO@ESSAR.COM>" |
Subject |
"Urgent July RFQ for supply of
offshore(oil gas and marine equipment) for Khazzan BP Phase II Well site
facilities project." |
Attachment |
"specifications and
drawings.TAR" |
MD5 |
c18351e4dd289982f99e54f21e46b74f |
SHA256 |
7a1134e1803e5a226110d7c7706a164cce25a2ed23e872cc47a0879b22487e8d |
Family |
SnakeKeylogger |
(11)
Sender ip |
185.222.57.149 |
From |
"maurorayo"<maurorayo@merquimiacolombia.com>" |
Subject |
"RE:New Purchase
Order/Photo-Samples" |
Attachment |
"Photo-Sample 7t09250..zip" |
MD5 |
68f6f53ad3002d79ae3fa563c7af529c |
SHA256 |
37bef47276edb2c03eed3e9c06065746676b874bc5b66fbf0c7ce167de3efc52 |
Family |
Unknown |
(12)
Sender ip |
92.52.218.122 |
From |
"Yu Kuwahara - accounts dept HSBC
<treybd@gmail.com>" |
Subject |
"Fwd: MT103-Single Customer Credit
Transfer for invoice" |
Attachment |
"MT103_20210701084_USD35,660.93.iso" |
MD5 |
99adce8a64a582e6e1fd98f2fa7eb404 |
SHA256 |
eff94544aa4d01176bc39e7ed1d06f4cb2da84458a0e5129d22e817ac2016b13 |
Family |
Formbook |
(11)
Sender ip |
84.38.133.131 |
From |
"Apex Enterprise
ltd<julesendkate@gmail.com>" |
Subject |
"Re: Urgent Quotation
Needed" |
Attachment |
"Quotation.gz" |
MD5 |
9174b9434f0c9ffa1922461cbe7bc1d8 |
SHA256 |
0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623 |
Family |
SnakeKeylogger |
(12)
Sender ip |
185.222.57.149 |
From |
"Wu
Xueming"<accountsknp@taborfreight.com>" |
Subject |
"FW: SOA Review Done : Inter Bank
Transfer(IBG) URGENT" |
Attachment |
"Bank Swife slsx.zip" |
MD5 |
a57ae470f5c7fcd242c675d4540abb50 |
SHA256 |
5310ad5684488ca2cea9a3994bcabd2bb85cdc99f6cfc3eca77d03761fc0ff95 |
Family |
Unknown |
(13)
Sender ip |
185.222.57.89 |
From |
"Sunpower
Solutions<sales.sunpowersolutions@gmail.com>" |
Subject |
"Re: Payment Acknowledgement Is
Attached " |
Attachment |
"Payment Invoice.rar" |
MD5 |
9ca0806f39893ac6ae0c95bb5c075546 |
SHA256 |
87d41a48bf0352879c87e185e359fc15edb09c0ff0daae5e137aac2b6a3a22a8 |
Family |
SnakeKeylogger |
(14)
Sender ip |
103.139.44.229 |
From |
"Vishwa Pratap Yadav
<stores@manoramagroup.co.in>" |
Subject |
"Request for quotation" |
Attachment |
"Manorama___RFQ.zip" |
MD5 |
38a11d5ba2ed91631d443b0fad223ca2 |
SHA256 |
664484dfb0bbbef8bf25f0174447112f7733896f24bde007cbf97ef2e7f3d14a |
Family |
Formbook |
(15)
Sender ip |
103.139.44.229 |
From |
"Vishwa Pratap Yadav <stores@manoramagroup.co.in>" |
Subject |
"Request for quotation" |
Attachment |
"Manorama___RFQ.zip" |
MD5 |
38a11d5ba2ed91631d443b0fad223ca2 |
SHA256 |
664484dfb0bbbef8bf25f0174447112f7733896f24bde007cbf97ef2e7f3d14a |
Family |
Formbook |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment