Phishing Attacks 7_7_2021

 

(1)

Sender ip

77.247.110.77

From

"Mohamed , Eldaly <m.eldaly@petrozenima.com.eg>"

Subject

"INVITATION TO TENDER NO MAT. 021/PJTS/2021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material"

Attachment

"INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material exe.img"

MD5

35d1dfede00cba54d90273491df9b05c

SHA256

518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e

Family

SnakeKeylogger

 


(2)

Sender ip

45.137.22.110

From

"svl@mbsugars.com"

Subject

"RE: PAYMENT INSTRUCTIONS"

Attachment

"PAYMENT INSTRUCTIONS COPY.r00"

MD5

1d1dcc5646b028d46968d6fbcd2bd747

SHA256

835072bb77faa9d142e5ab3e77b10a6f22f6a4d15277f28928dc5d09f87adbdb

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

185.222.57.72

From

"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>"

Subject

"RE: Statement Of Account"

Attachment

"S O A -44E45T76468.zip"

MD5

5078f73f3f744867e6c5e07cda5b5120

SHA256

4092cc3841bc5e1377fb65e343cb837f0255e33d2194c3b24c8dde82a28511ba

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

202.6.17.96

From

"AVR <traveloka@avisthailand.com>"

Subject

"AVR Signing JULY 07 2021"

Attachment

"AVR JULY 2021.xz"

MD5

bf5029e55445e550dcd79bbed68f6499

SHA256

d76ef633fc30a0fa009064ec2dc22a7d204be5c7e910622cb741cb01d434f1d7

Family

Formbook

 

(5)

Sender ip

66.154.98.178

From

"Albert Kwok albert.kwok@socomec.com"

Subject

"=?UTF-8?B?5Zue5aSN77ya5Zue5aSNOiBXMjc4LTAwMyBSRlEgT3JkZXIgIyAxNzI4MTY1MSAtLSBBQlMgTWF0ZXJpYWxzIFVSR0VOVCBRVU9URSA=?="

Attachment

"RFQ#17281651.zip"

MD5

ecd9624c1db90c4d37c9c13134e7b530

SHA256

b5a94ffe5202310edc5f0b2282060bdebfc81e0b1c384034e3a0865f21bd253b

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

77.247.110.64

From

"<michelle.ludlow@dssmith.com>"

Subject

"New Order"

Attachment

"New Order.r11"

MD5

6dfd3f441cba3bff01eb967ebab0e8ee

SHA256

7c4503efb86aa0f5f353c73a94b14a3e8bf54f3964327f9ef51e6862ca9a8258

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

185.222.57.72

From

"Jenny Ngai <jenny@usienet.com>"

Subject

"RE:ULP202109013K"

Attachment

"NEW PO.zip"

MD5

12f0821def797484f5ac6f71c7df8603

SHA256

12b8f8db5494b23f78d646a7f0cf283e5785cab44159e93bf248959d242b4172

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

103.139.44.91

From

"Birgitta Ulander-Persson"<birgitta.ulander-persson@infranordic.se>"via infranordicab.onmicrosoft.com"

Subject

"RE Re : confirm attached bank account"

Attachment

"bank account details pdf.rar"

MD5

706be901d98176933656792f16bcee15

SHA256

da64f486e27687603d8c053ff40ecc4f4a2028786fa0aaee4ccffd370d87dee2

Family

Unknown


(9)

Sender ip

199.10.31.237

From

"=?UTF-8?B?U2ltZ2Ugw5ZaU09ZIC0gSW1wb3J0cyBEZXBhcnRtZW50?= <admin@nrsssss.com>"

Subject

"Request for Proforma Invoice"

Attachment

"PI.7.7.2021.r00"

MD5

59fd37d3409280d9a1f14186d336863d

SHA256

9627f98b6a50fed8620dae19198edfce38b9ac6e405431ef3b02f90a3904aaa2

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

213.246.110.56

From

"British petroleum <behar.halilaj@oekg-ks.org>"

Subject

"M/S OIL AND GAS/EQUIPMENT- GREATER NILE PETROLEUM OPERATING COMPANY

(GNPOC)FOR EPCCOF EXPORT OIL/EQUIPMENT QUALITY IMPROVEMENT."

Attachment

"EPCC Of Export Oil and gas equipment.tar"

MD5

03454dfa6abb4bf48c7926b028d348af

SHA256

422f8e8038736caf2381d8f88914959d502951fe70d41d9d40eb6b53e1016a87

Family

SnakeKeylogger


(11)

Sender ip

213.246.110.56

From

"British petroleum <behar.halilaj@oekg-ks.org>"

Subject

"M/S OIL AND GAS/EQUIPMENT- GREATER NILE PETROLEUM OPERATING COMPANY

(GNPOC)FOR EPCCOF EXPORT OIL/EQUIPMENT QUALITY IMPROVEMENT."

Attachment

"RFQ No. ECOQI-MEC-001.tar"

MD5

2e6d0e61cde02a90610274275ef681d3

SHA256

d5686602a6cebb0686fdaf3622b496da827f92760b8c5638a27a46ec93208e20

Family

SnakeKeylogger


(12)

Sender ip

185.222.57.89

From

"mahendrakr.sharma@nbcbearings.in"

Subject

"RE: Payment Details - 0000012638 "

Attachment

"Payment Details.zip"

MD5

5b3f3d094c10b6aac465b3f6a7a6899a

SHA256

c8b2192f933e3b3124abbf20d43e8de51cfceea1469ef40413d3fc83d98c8d03

Family

SnakeKeylogger
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA




Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more