Phishing Attacks 19_6_2021

MalBot · June 19, 2021, 7:15pm

(1)

Sender ip	45.137.22.38
From	"[email protected]"
Subject	"Payment Advice For Outstanding SOA, $67,000.00,"
Attachment	"MT-103.rar"
MD5	cea8f9c8ab91d0cf6d51aa715615dc75
SHA256	77ee9bb85ad3e7b325c619eb99229546bd980ffed3accbc24821248992211fcb
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(2)

Sender ip	159.65.55.247
From	"Tengku Muhammad" <[email protected]"
Subject	"RE:RE:PETRONAS INVOICE"
Attachment	"PETRONAS INVOICE.PDF.cab"
MD5	a9e1b3e3c6ddac6d39b98366c8013a06
SHA256	7a7983e48b7476ce96bfde0978015c4e89dd58357d421be00ab225e85d53f21e
Family	Loki

(3)

Sender ip	84.38.130.222
From	"Nanda Kishore<[email protected]>"
Subject	"Re: In The File Vessel Schedule "
Attachment	"Price.r00"
MD5	255608e0061c48fbaeecf84f8038282f
SHA256	8acf97d2e4ea86a2a3d7e3ea84fe5fb96e1229c45e1dc7f2df870759bf4345c1
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(4)

Sender ip	45.137.22.38
From	"[email protected]"
Subject	"RE: Flight Details With Shipping Invoice"
Attachment	"shipping�invoice.zip"
MD5	ab316dcda907f92d689924053881b05c
SHA256	98ec0a49ce8bb1fa047da66fc023332321bae4c11a2b472b99d9bb78becb6df2
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(5)

Sender ip	185.222.57.244
From	"LC Dept, Almuftah LC Dept" <[email protected]>"
Subject	"TT SWIFT COPY AGAIN PI NO 071968"
Attachment	"MX-2310U_20210616_225343.r00"
MD5	e0b830e26acf33f4bb40a09330f7302a
SHA256	e4bb885674f142f06943ebac7bc26c17d21634a4f407b5adca78651f9cbc5fe9
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(6)

Sender ip	103.140.250.188
From	"[email protected]"
Subject	"Summary of the Meeting"
Attachment	"Minutes Of Meeting.r00"
MD5	28891ba7490527715a00e3d65d931645
SHA256	e15286e4dbca6cd8c52c3966e69c9bd0aae4490112dcedfea10d8f4067f3d52e
Family	SnakeKeylogger

(7)

Sender ip	93.125.31.217
From	"[email protected]"
Subject	"Re: Purchase Order"
Attachment	"Order.pdf.r04"
MD5	7d89cc96825b503c52114b22a3e3f8a3
SHA256	e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(8)

Sender ip	103.155.80.187
From	"Heine" <[email protected]>"
Subject	"=?UTF-8?B?UkU6IOuMgOufiSDso7zrrLggU09B?="
Attachment	"statement of account.rar"
MD5	22ec3bbc99bae9d21d80e411e812a8c2
SHA256	02b3e2180394b3057040cdb77fc9efc7a0b26b61a9ff4a530564a277b12e179d
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(9)

Sender ip	185.222.58.149
From	"Fatemeh Mahini"<[email protected]>"
Subject	"Re: Request for Quotation - Urgent 6/15/2021"
Attachment	"scan11062020.doc.zip"
MD5	347477d85a0dfdf382bc8a7895cdb1f3
SHA256	71c2043b9fea6c7af5cb3ebb0a6399f02c592144fc9242760ce8ced5b20d6b71
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(10)

Sender ip	162.144.38.36
From	"PAYU INTERNATIONAL <[email protected]>"
Subject	"Inward remittance"
Attachment	"Remittance Form-Payu.img"
MD5	588efab1ef2fe1a2d2d832002f9f2d01
SHA256	46f0bdf29f5e98be379bc1fea1b44306c14f58305fd237f45039e625e3741cc4
Family	NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..

(11)

Sender ip	104.168.246.155
From	"Meena Zolyn" <[email protected]>"
Subject	"Remittance form PO No.: SBIN321"
Attachment	"Remittance_Form.cab"
MD5	e51bf99f44cca1f9bdc56877b8614afd
SHA256	e111e9e9334a405bf7596e196d0199bd70595122b0922824f9e0f32f07189fa8
Family	Formbook

(12)

Sender ip	104.168.246.155
From	"Meena Zolyn" <[email protected]>"
Subject	"Remittance form PO No.: SBIN321"
Attachment	"Remittance_Form.cab"
MD5	e51bf99f44cca1f9bdc56877b8614afd
SHA256	e111e9e9334a405bf7596e196d0199bd70595122b0922824f9e0f32f07189fa8
Family	Formbook

(13)

Sender ip	161.35.17.44
From	"DHL EXPRESS <[email protected]>"
Subject	"DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc"
Attachment	"consignment details.rar"
MD5	8cb33040c9f75754659ac2b3055b84ca
SHA256	8dd5df1ce192b6101814de114129b653f7179714ff4ccd3654769f45ba237bc6
Family	SnakeKeylogger

(14)

Sender ip	45.137.22.36
From	"<[email protected]>"
Subject	"Fwd: New Order!!!!"
Attachment	"70654 SSEBACT.zip"
MD5	bbf3392b78d7733b58d028d91e323d72
SHA256	0ddcbed6d8dd0e3ff4e2df474a8557b5935c69e5daf405903af90977bff03d83
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(15)

Sender ip	185.222.58.149
From	"=?UTF-8?B?TGluZGEgTWFydGVuYcKg?=<[email protected]>"
Subject	"=?UTF-8?B?UkU6IFBVUkNIQVNFIE9SREVSwqAxMjExMjA=?="
Attachment	"NEW ORDER �121120.zip"
MD5	1ed2f336f8999aee6a9a4608d4ce12f9
SHA256	e760efcf956cf894cad3ef31de4120a29c486343fdafaad816dfae9863b2e4f4
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(16)

Sender ip	84.38.130.222
From	"Scotsman Guide <[email protected]>"
Subject	"Re: Arrange Charges In The File"
Attachment	"Arrange Charge.r00"
MD5	e31312c6e1e07113ec617791060f2f20
SHA256	97f0dc5d6cccc16d4e147799580d302b3c2236433f3973451b31f8d8139a0bba
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: Phishing Attacks 19_6_2021