Phishing Attacks 7_7_2021

 

(1)

Sender ip

77.247.110.77

From

"Mohamed , Eldaly <m.eldaly@petrozenima.com.eg>"

Subject

"INVITATION TO TENDER NO MAT. 021/PJTS/2021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material"

Attachment

"INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material exe.img"

MD5

35d1dfede00cba54d90273491df9b05c

SHA256

518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e

Family

SnakeKeylogger

 


(2)

Sender ip

45.137.22.110

From

"svl@mbsugars.com"

Subject

"RE: PAYMENT INSTRUCTIONS"

Attachment

"PAYMENT INSTRUCTIONS COPY.r00"

MD5

1d1dcc5646b028d46968d6fbcd2bd747

SHA256

835072bb77faa9d142e5ab3e77b10a6f22f6a4d15277f28928dc5d09f87adbdb

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

185.222.57.72

From

"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>"

Subject

"RE: Statement Of Account"

Attachment

"S O A -44E45T76468.zip"

MD5

5078f73f3f744867e6c5e07cda5b5120

SHA256

4092cc3841bc5e1377fb65e343cb837f0255e33d2194c3b24c8dde82a28511ba

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

202.6.17.96

From

"AVR <traveloka@avisthailand.com>"

Subject

"AVR Signing JULY 07 2021"

Attachment

"AVR JULY 2021.xz"

MD5

bf5029e55445e550dcd79bbed68f6499

SHA256

d76ef633fc30a0fa009064ec2dc22a7d204be5c7e910622cb741cb01d434f1d7

Family

Formbook

 

(5)

Sender ip

66.154.98.178

From

"Albert Kwok albert.kwok@socomec.com"

Subject

"=?UTF-8?B?5Zue5aSN77ya5Zue5aSNOiBXMjc4LTAwMyBSRlEgT3JkZXIgIyAxNzI4MTY1MSAtLSBBQlMgTWF0ZXJpYWxzIFVSR0VOVCBRVU9URSA=?="

Attachment

"RFQ#17281651.zip"

MD5

ecd9624c1db90c4d37c9c13134e7b530

SHA256

b5a94ffe5202310edc5f0b2282060bdebfc81e0b1c384034e3a0865f21bd253b

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

77.247.110.64

From

"<michelle.ludlow@dssmith.com>"

Subject

"New Order"

Attachment

"New Order.r11"

MD5

6dfd3f441cba3bff01eb967ebab0e8ee

SHA256

7c4503efb86aa0f5f353c73a94b14a3e8bf54f3964327f9ef51e6862ca9a8258

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

185.222.57.72

From

"Jenny Ngai <jenny@usienet.com>"

Subject

"RE:ULP202109013K"

Attachment

"NEW PO.zip"

MD5

12f0821def797484f5ac6f71c7df8603

SHA256

12b8f8db5494b23f78d646a7f0cf283e5785cab44159e93bf248959d242b4172

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

103.139.44.91

From

"Birgitta Ulander-Persson"<birgitta.ulander-persson@infranordic.se>"via infranordicab.onmicrosoft.com"

Subject

"RE Re : confirm attached bank account"

Attachment

"bank account details pdf.rar"

MD5

706be901d98176933656792f16bcee15

SHA256

da64f486e27687603d8c053ff40ecc4f4a2028786fa0aaee4ccffd370d87dee2

Family

Unknown


(9)

Sender ip

199.10.31.237

From

"=?UTF-8?B?U2ltZ2Ugw5ZaU09ZIC0gSW1wb3J0cyBEZXBhcnRtZW50?= <admin@nrsssss.com>"

Subject

"Request for Proforma Invoice"

Attachment

"PI.7.7.2021.r00"

MD5

59fd37d3409280d9a1f14186d336863d

SHA256

9627f98b6a50fed8620dae19198edfce38b9ac6e405431ef3b02f90a3904aaa2

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

213.246.110.56

From

"British petroleum <behar.halilaj@oekg-ks.org>"

Subject

"M/S OIL AND GAS/EQUIPMENT- GREATER NILE PETROLEUM OPERATING COMPANY

(GNPOC)FOR EPCCOF EXPORT OIL/EQUIPMENT QUALITY IMPROVEMENT."

Attachment

"EPCC Of Export Oil and gas equipment.tar"

MD5

03454dfa6abb4bf48c7926b028d348af

SHA256

422f8e8038736caf2381d8f88914959d502951fe70d41d9d40eb6b53e1016a87

Family

SnakeKeylogger


(11)

Sender ip

213.246.110.56

From

"British petroleum <behar.halilaj@oekg-ks.org>"

Subject

"M/S OIL AND GAS/EQUIPMENT- GREATER NILE PETROLEUM OPERATING COMPANY

(GNPOC)FOR EPCCOF EXPORT OIL/EQUIPMENT QUALITY IMPROVEMENT."

Attachment

"RFQ No. ECOQI-MEC-001.tar"

MD5

2e6d0e61cde02a90610274275ef681d3

SHA256

d5686602a6cebb0686fdaf3622b496da827f92760b8c5638a27a46ec93208e20

Family

SnakeKeylogger


(12)

Sender ip

185.222.57.89

From

"mahendrakr.sharma@nbcbearings.in"

Subject

"RE: Payment Details - 0000012638 "

Attachment

"Payment Details.zip"

MD5

5b3f3d094c10b6aac465b3f6a7a6899a

SHA256

c8b2192f933e3b3124abbf20d43e8de51cfceea1469ef40413d3fc83d98c8d03

Family

SnakeKeylogger

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware