(1)
| Sender ip | 185.222.57.171 |
| From | "Mohannad Anis Azem (Admin Dept) <[email protected]>" |
| Subject | "Fwd: dib Payment Notice " |
| Attachment | "Bank Swift.r00" |
| MD5 | 72323e57bf89e4ff5558c17139ca0e23 |
| SHA256 | 5ada22900521d5d10af5b785121c9fce55027117a681246d9781f0eb087a9f3c |
| Family | SnakeKeylogger |
(2)
| Sender ip | 209.127.189.51 |
| From | |
| Subject | "New Order & Packing List" |
| Attachment | "LS0061321.zip" |
| MD5 | 16dd94a96015805abc129d9a14f265f2 |
| SHA256 | 97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
| Sender ip | 209.127.189.51 |
| From | |
| Subject | "New Order enquiries " |
| Attachment | "PO_061421.zip" |
| MD5 | f11872e4e4042e3c6591ae860f5af545 |
| SHA256 | dd86052fcd2d7211d77f59b18651536936c2894007f2b3733e91650a2b83d798 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
| Sender ip | 134.209.158.228 |
| From | "StefaniaScigulinska<[email protected]>" |
| Subject | “RE: New Order for Pietra Grey shipment" |
| Attachment | "PO#450011-quotation01.docx" |
| MD5 | 4dfd0caa1bba34d41e02ac53f8d609b9 |
| SHA256 | 81fe8f7d3f171aa2065b541d1fca3ac861dcb905a87016f24ff40317f044127e |
| Family | Unknown |
(5)
| Sender ip | 209.127.189.51 |
| From | |
| Subject | "New Order enquiries " |
| Attachment | "Order.zip" |
| MD5 | bba9a981e6fa97c0d2b0a771653efe23 |
| SHA256 | f085a75ddaceab9aec2662368a1545f9d7d185ae39b09a1a342a250437f61f9e |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
| Sender ip | 217.25.95.86 |
| From | "noreply@dhl" <[email protected]>" |
| Subject | "Notification of shipment - 00000000000010001" |
| Attachment | "DHL_RECEIPT.PDF.r00" |
| MD5 | 10b260a8523ac9c3ec698acb1ca5f50a |
| SHA256 | 01911794d3f2b32f3e5311c7367e985160151545d29fb2f9514a7c0a41db6d58 |
| Family | SnakeKeylogger |
(7)
| Sender ip | 185.222.58.153 |
| From | |
| Subject | "Re:Re:Revised PI" |
| Attachment | "Revised PI.rar" |
| MD5 | 8e88d33198d22070fb6563f7db349de2 |
| SHA256 | 15d9a7464d49d541d77a402486ca299fe77031a9dc362bcfd83d60339fd0558d |
| Family | Formbook |
(8)
| Sender ip | 159.89.150.50 |
| From | "Mr. Le Thi Hau" <[email protected]>" |
| Subject | "PI 20210519-MMH-UDOM" |
| Attachment | "IMG_003_166_372.R01" |
| MD5 | fcd3ebaa7306b28ec112a08bac6a32be |
| SHA256 | 3f8ee48e117cfcc67443dbcfb0f1ce85ccdc5f06975298234b40e0115224661b |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
| Sender ip | 104.168.214.251 |
| From | "UPS <[email protected]>" |
| Subject | "UPS SHIPMENT CONFIRMATION" |
| Attachment | "UPS#SHIPMENT_CONFIRMATION_CBJ19051700013_11Z35Q6Q80446518864888.rar" |
| MD5 | 15f7f83b186e80f4bb0b86077f90b2f4 |
| SHA256 | 8d8cf7ec30c5c05ce315c8fe411f83966840adf03047bc032d9f776740fbe742 |
| Family | Formbook |
(10)
| Sender ip | 185.222.57.200 |
| From | "Ms Divya"<[email protected]>" |
| Subject | "Order Enquiry No: 3308" |
| Attachment | "Enquiry.r15" |
| MD5 | 36fab3a442339e69ad9aa74d609d6153 |
| SHA256 | 4ad218e760572a242d82691c7f3a9de510986d16c6345ec57090d19e9c45d6c7 |
| Family | Formbook |
(11)
| Sender ip | 203.159.80.83 |
| From | "Lan Kim - Sales4 <[email protected]>" |
| Subject | "FW: Shipping Docs//INV/PL/THS0094587" |
| Attachment | "Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r17" |
| MD5 | b74c6eac5ef1aeef99933ff9bca06f41 |
| SHA256 | 2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
| Sender ip | 23.254.229.14 |
| From | "Emily-Logistics" <[email protected]>" |
| Subject | "Shipping documents for ZH210300 ZH210385 PO#60059611 60060602 60061258 60061531 60062575 " |
| Attachment | "177RJNJNQ8033VFB BL60059611 HLCUTA12104FKNC0ZH210385 6006153160062575.rar" |
| MD5 | 2251458bc8bebb6e24ad0b38714d32f8 |
| SHA256 | 74d85fffa66636fd8c21cdd04617a4c39b8156ccb9dfc84b94c190c42b1baa83 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 45.137.22.60 |
| From | |
| Subject | "Scanned Copy Of Payment" |
| Attachment | "Scanned Copy for our payment.z" |
| MD5 | 2bd37c2c98f5934ecabcf0fe748e70c2 |
| SHA256 | b860ca3d367ef99f5737c030e9ac79f434d6bd3c0817b5ec09f37ef4dacd9c5b |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 203.159.80.83 |
| From | "=?UTF-8?B?7J207KCQ6rec?= [email protected]" |
| Subject | "order PRT/1542 (SAP 15198539)" |
| Attachment | "4 Pallet Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r27" |
| MD5 | 40e4a6b483fcba9ff6e500cc6c20924a |
| SHA256 | 57415ce89fed352f579259b19da939df9635f8e2272838bebbfb4d48e59c68e1 |
| Family | AZORult |
(15)
| Sender ip | 64.227.111.195 |
| From | "Harjot Kathuria" <[email protected]>" |
| Subject | "RFQ ///MILEXP2021M67" |
| Attachment | "RFQ_Template.iso" |
| MD5 | cbf03e1a562baede9d94c215a74ac817 |
| SHA256 | df61529ef0eb5ae7fb3510ec72f36e820fe4b2eebbaae0379bc103074d2cdfb1 |
| Family | Formbook |
(16)
| Sender ip | 45.137.22.60 |
| From | "THANH GAM"<[email protected]>" |
| Subject | "RE:Products Listing" |
| Attachment | "Product Listing pdf.rar" |
| MD5 | d46a6d9505955c408cb5ed33141ef873 |
| SHA256 | 9f86835cf833e1f0a9d2d84e853241bd3db9a5aae9de834e114694517f922151 |
| Family | NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 14_6_2021