Phishing Attacks 6_11_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.


(1)

Sender ip

180.214.237.130

From

"michelle.li@cq.de-well.com"<michelle.li@cq.de-well.com"

Subject

"Re: Re: statement of account as at 31.10.2021"

Attachment

"SOA pdf.rar"

MD5

57ad831188dfa3a0d56c1106664fe2e2

SHA256

ab38d722d9245dd7ebf9ae77a65249da3a4c00d61ccb98b2cc98c4d846f28814

Family

AgentTesla

 


(2)

Sender ip

103.171.1.178

From

"skye.c@anteksc.com"<skye.c@anteksc.com"

Subject

"RE : Payment reminder"

Attachment

"DN and invoice.rar"

MD5

ab0ec343c58a6e9670633b222545bd54

SHA256

b6d56dd8967f13e075b60eaa7895e49b384f295edc7bb631f45ffe128b76fbb9

Family

AgentTesla

 

(3)

 

Sender ip

45.137.22.152

From

"MAERSK SHIPPING<marietherese.diouf@msc.com>"

Subject

"Re: Shipping Advice - ETD 11NOV. 2021"

Attachment

"shipping adv#yang.zip"

MD5

e393b17c2cdb37013beea918a1b91a66

SHA256

714b902b71b40517a390520306b735763e49c9016af3d89c2c09b46cae193233

Family

AgentTesla

 


(4)

 

Sender ip

104.168.201.158

From

"selena@toseva.club"

Subject

"PO for November"

Attachment

"OrderList.pdf.rar"

MD5

19d20e0eb8505e449167c02263effda7

SHA256

d998aec2578fa42d851c05a31f4d304ea293435999d8870b8d79260fb140f6f7

Family

AgentTesla

 


(5)

Sender ip

103.232.53.21

From

"Huijuan Tan <Huijuan_Tan@jabil.com>"

Subject

"=?UTF-8?B?UkUgUkU65Zue5aSNOiDlm57lpI06IOaNt+aZrjEw5pyI5a+55pWw6KGo?="

Attachment

"TFT00093473 XLS.rar"

MD5

0114cfa2a1e6b0ad918fd425b79178e1

SHA256

b45ac1c33494aeae59530142ac6ec67df8b8b23494978dd72a7f8e15aab73411

Family

AgentTesla

 

(6)

Sender ip

103.232.53.21

From

"<sale05@yinengsz.com>"

Subject

"RE RE : bill 202109 from Yineng in Oct 13th 2021"

Attachment

"bill 202109 from Yineng updated in Nov 2nd 2021.rar"

MD5

ef198ed20c588628699b53b2ddfa3398

SHA256

780573243277799b60dd5b928d8d90d06ac4518b3ea95d0c187326fa8ae180de

Family

AgentTesla


(7)

Sender ip

185.222.57.209

From

"op01@lyshipping.net"

Subject

"RE: payment made to your account today on behalf of our banking customer"

Attachment

"TRANSFER SLIP.zip"

MD5

48ae05ddd817347c628db490959c64b5

SHA256

ef4698e025e48a4e52780b9dd460c40d7564fda266a93ac9a9aa7fe67abe492b

Family

AgentTesla


(8)

Sender ip

45.137.22.114

From

"Purchase" <purchase@reyamijoinery.com>"

Subject

"ENQUIRY"

Attachment

"doc02928320211103133851.BZ2"

MD5

6b9f8f9b59d4147ba993ee3fbe68c961

SHA256

68d897a1ee40eec616467255572ec03243068279a7a19f6142a4d68cfc2376c1

Family

Unknwon


(9)

Sender ip

103.133.110.241

From

"Elza-Dostuzade<smtpfox-xzs95@scemk9.com>"

Subject

"NEW BUSINESS ORDER"

Attachment

"PO 1230011.r01"

MD5

bbbb320ee9551df294b1d9bf5d17584c

SHA256

44e01cd9485e08316f925614e4221afe15d3ad78d13665629e6c81b085784175

Family

Unknown


(10)

Sender ip

45.137.22.61

From

"info@imamoglulojistik.com"

Subject

"RE: PURCHASE ORDER"

Attachment

"ORDER.zip"

MD5

a00e2630aa40a79d5dfe0084415d12e4

SHA256

30a7f860f45db81ddfe67e4e34d7ade34a6a873971cc1b6ffe43aad9bbcc02da

Family

Unknown


(11)

Sender ip

45.137.22.49

From

"contact@lmbindia.com"

Subject

"Confirm Of Bank Details.."

Attachment

"Details OF Payment.zip"

MD5

fabce25b81e85abbe33d7ae862428350

SHA256

bb0e5989fc215005b121faf3978bc2b81a004ad7e2aa4d4bbaf495d740bedf1f

Family

Unknown


(12)

Sender ip

185.222.58.155

From

"Purchase (SalesFever GmbH) <china@salesfever.com>"

Subject

"Re: Fw: Revised TT Transmitted Copy TRV/TT/21/43539"

Attachment

"Revised TRVTT214359 SWIFT MT103.img"

MD5

920e2239fa5cfe63bd0c89014e4686be

SHA256

a5e8492fa98bc3cf28d9e9ad4d39b995ff3e70d8ec7b994f76c6c4a01908c012

Family

AgentTesla

13)

Sender ip

185.222.58.155

From

"Purchase (SalesFever GmbH) <china@salesfever.com>"

Subject

"Re: Fw: Revised TT Transmitted Copy TRV/TT/21/43539"

Attachment

"Revised TRVTT214359 SWIFT MT103.rar"

MD5

084ccb1e21063c1979fee470a9a63160

SHA256

83470490f425ce9d777613a68541eb0a64b1c4a285da180729a280f8f966934e

Family

AgentTesla


(14)

Sender ip

185.222.57.150

From

"info@vena.lublin.pl"

Subject

"Purchase Order"

Attachment

"NGrHvPohjPoDlcM.zip"

MD5

d9cf0202311ae0bd69c808d008003c20

SHA256

884a29e4c1672bd5aa300ecddb3bb095696c3ca5ebf597fa7d2348841be91ca9

Family

Unknown


(15)

Sender ip

45.72.78.40

From

"=?UTF-8?B?QW5hdGhvbHkgRC4gQnJlZ2HDsWE=?= <admin@egreen.com.sg>"

Subject

"Purchase Order"

Attachment

"Purchase order.rar"

MD5

13707fddeb2358cd632f39dae36b1be8

SHA256

02cacd03f4caada2e81f48549c59d692b008c35e49d259388b51cf00f71ce01c

Family

AgentTesla


(16)

Sender ip

45.137.22.152

From

"MAERSK SHIPPING<marietherese.diouf@msc.com>

Subject

"Re: Shipping Advice - ETD 11NOV. 2021"

Attachment

"BL-INVOICE SHIPPING DOCS.zip"

MD5

a619b05ae7ea1e16ac79999ae16f3081

SHA256

0d9c5f380a10bf115c5978171dbfb8ff98e8c3dc796177185fc8f9abc5e89653

Family

Unknown


(17)

Sender ip

37.49.225.158

From

"Deena Sarala < Deena.Sarala@dvdamxk.bar>"

Subject

"REQUEST FOR QUOTATION Ref. # IRQ/21/07798"

Attachment

"New Order 543672890.zip"

MD5

a20bcbcf3677608e76bccd6f94ebbe8a

SHA256

9cb4136876f7810c8ae16b1fff6ba6c35a87b3e3c09889259895e75356bde974

Family

SnakeKeylogger


(18)

Sender ip

103.232.53.21

From

"<sale05@yinengsz.com>"

Subject

"=?UTF-8?B?UkUgUkUgOiAxMS81IOWHuui0p+i1hOaWmQ==?="

Attachment

"2021193746437. XLS.rar"

MD5

7dda6a4541d87d71cb6a9bb87bba146f

SHA256

cb2c507160a370b869a23826666011dcfcdbbde7f0f22d39deb8e9c4f4a8af60

Family

AgentTesla


(19)

Sender ip

185.222.57.150

From

"frankguo@gmvalves.com"

Subject

"payment copy"

Attachment

"DwVoLe6Yw3B60WI.r00"

MD5

36c7366fac380f0c8af442ebc9d9a6bc

SHA256

21f411cd6d2001b4da264cba54fa81eae79aefb6743a4cbbe5dd1e9ad983fb5e

Family

AgentTesla

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 




Comments

Popular posts from this blog

AgentTesla Malware

Phishing Attacks 9_4_2021

Phishing Attacks 4_6_2021