Phishing Attacks 6_7_2021

 



(1)

Sender ip

143.198.61.133

From

"HSBC BANK PLC <Admin@lgpartner.ch>"

Subject

"Payment Advice - Advice Ref:[G51096567060] / Priority payment / Customer Ref!!!"

Attachment

"Payment copy.cab"

MD5

5ff76c76c29d309adc9f4d007d71603f

SHA256

137e5b7da690b6315d40c99848c61e7b0dd9ff8647fed73a14de6091b8691c2c

Family

Formbook

 


(2)

Sender ip

185.222.57.72

From

"ACCOUNTS <hassan@nwakth-cn.com>"

Subject

"RE:TT slip"

Attachment

"TT slip.zip"

MD5

c6f75761184f97ec52ed280d842ef95e

SHA256

10d6cd22738b4c398a63c37069bea83bc6f7219ec27b10fd3f031051f2f96800

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

77.247.110.207

From

"Bandar Al-Shammari <BANDAR.ALSHAMMARI.1@ARAMCO.COM>"

Subject

"FINAL REMINDER!!! Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY RENOVATION - Phase 2 Project"

Attachment

"Saudi aramco tender documents-BOQ and ITB.TAR"

MD5

1e95296d32bdae680afc245dd62a54c0

SHA256

6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3

Family

SnakeKeylogger

 


(4)

 

Sender ip

185.222.57.72

From

"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>"

Subject

"RE: Statement Of Account"

Attachment

"Statement Of Account.zip"

MD5

86a531bfa7963c79478e937ee52e2b94

SHA256

4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(5)

Sender ip

103.155.80.90

From

"sales@exalo.pl"

Subject

"Reply:_RE_:ORDER040721 WITH SAMPLES "

Attachment

"order list.zip"

MD5

fa7277a8a3a9202181490ffd626f57ff

SHA256

d8552704ee0f7077c48d86faa51b543e1e74a3981a94287cec5c6d4173f594dd

Family

Loki

 

(6)

Sender ip

45.137.22.110

From

"info@dijlashipping.com"

Subject

"RE: SHIPPING DOCUMENT & PACKING LIST"

Attachment

"DOC.r00"

MD5

2b91ba0a89ac19d2de47c38c4bdc84f9

SHA256

33d1397a0366fc393fa61f7f2a9aa42c2da10a255edb6e08f49edeba3fc74b3c

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

23.94.160.230

From

"DHL EXPRESS <info@pg-conct.live>"

Subject

"DHL-EXPRESS / YOUR DELIVERY IS TODAY."

Attachment

"DHL Shipment_pdf.cab"

MD5

5d66909a2b0872f57566377e25aa001d

SHA256

456f8f697d8c196c8852af66e8add347ee85ee0e678a0bccb424843a560333bd

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

103.139.44.91

From

"show.t@anteksc.com"<show.t@anteksc.com"

Subject

"RE Re: USD160,603.05"

Attachment

"transfer slip.rar"

MD5

36676256f4733bbe2ec8e15afd067e1c

SHA256

cefed318fa62d6b9581acb1d0475f1236a56e3ba5e8f48140e6a2f51da250286

Family

Unknown


(9)

Sender ip

185.222.57.89

From

"David Brediceanu <info@triogenerator.com>"

Subject

"Re: Invoice Copy"

Attachment

"SWIFT COPY - Invoices 464A62042150 - 25.485.rar"

MD5

ed57c1c7397b4503c170f93e9878661a

SHA256

898903bcbcce6dacdb39dab8fd336e8600798b4069dc73b4825cf27d6c6b4084

Family

SnakeKeylogger


(10)

Sender ip

213.246.110.56

From

"HAMEED ERIC <INFO@ESSAR.COM>"

Subject

"Urgent July RFQ for supply of offshore(oil gas and marine equipment)

for Khazzan BP Phase II Well site facilities project."

Attachment

"specifications and drawings.TAR"

MD5

c18351e4dd289982f99e54f21e46b74f

SHA256

7a1134e1803e5a226110d7c7706a164cce25a2ed23e872cc47a0879b22487e8d

Family

SnakeKeylogger


(11)

Sender ip

185.222.57.149

From

"maurorayo"<maurorayo@merquimiacolombia.com>"

Subject

"RE:New Purchase Order/Photo-Samples"

Attachment

"Photo-Sample 7t09250..zip"

MD5

68f6f53ad3002d79ae3fa563c7af529c

SHA256

37bef47276edb2c03eed3e9c06065746676b874bc5b66fbf0c7ce167de3efc52

Family

Unknown


(12)

Sender ip

92.52.218.122

From

"Yu Kuwahara - accounts dept HSBC <treybd@gmail.com>"

Subject

"Fwd: MT103-Single Customer Credit Transfer for invoice"

Attachment

"MT103_20210701084_USD35,660.93.iso"

MD5

99adce8a64a582e6e1fd98f2fa7eb404

SHA256

eff94544aa4d01176bc39e7ed1d06f4cb2da84458a0e5129d22e817ac2016b13

Family

Formbook


(11)

Sender ip

84.38.133.131

From

"Apex Enterprise ltd<julesendkate@gmail.com>"

Subject

"Re: Urgent Quotation Needed"

Attachment

"Quotation.gz"

MD5

9174b9434f0c9ffa1922461cbe7bc1d8

SHA256

0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623

Family

SnakeKeylogger


(12)

Sender ip

185.222.57.149

From

"Wu Xueming"<accountsknp@taborfreight.com>"

Subject

"FW: SOA Review Done : Inter Bank Transfer(IBG) URGENT"

Attachment

"Bank Swife slsx.zip"

MD5

a57ae470f5c7fcd242c675d4540abb50

SHA256

5310ad5684488ca2cea9a3994bcabd2bb85cdc99f6cfc3eca77d03761fc0ff95

Family

Unknown


(13)

Sender ip

185.222.57.89

From

"Sunpower Solutions<sales.sunpowersolutions@gmail.com>"

Subject

"Re: Payment Acknowledgement Is Attached "

Attachment

"Payment Invoice.rar"

MD5

9ca0806f39893ac6ae0c95bb5c075546

SHA256

87d41a48bf0352879c87e185e359fc15edb09c0ff0daae5e137aac2b6a3a22a8

Family

SnakeKeylogger


(14)

Sender ip

103.139.44.229

From

"Vishwa Pratap Yadav <stores@manoramagroup.co.in>"

Subject

"Request for quotation"

Attachment

"Manorama___RFQ.zip"

MD5

38a11d5ba2ed91631d443b0fad223ca2

SHA256

664484dfb0bbbef8bf25f0174447112f7733896f24bde007cbf97ef2e7f3d14a

Family

Formbook


(15)

Sender ip

103.139.44.229

From

"Vishwa Pratap Yadav <stores@manoramagroup.co.in>"

Subject

"Request for quotation"

Attachment

"Manorama___RFQ.zip"

MD5

38a11d5ba2ed91631d443b0fad223ca2

SHA256

664484dfb0bbbef8bf25f0174447112f7733896f24bde007cbf97ef2e7f3d14a

Family

Formbook


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

IOCs 7_8_2021

Phishing Attacks 3_3_2021

Phishing Attacks 23_4_2022