Phishing Attacks 20_6_2021

MalBot · June 20, 2021, 3:30pm

(1)

Sender ip	199.10.31.238
From	"Cellule de Communication Institutionnelle et des Relations Publiques <[email protected]>"
Subject	"FORM C-06192021 JUN19 2021"
Attachment	"FORM C-06192021.ISO"
MD5	59581ee9a2cb18982b8513df1669b049
SHA256	7049b87105bf668fa5eb1eaaa0000b7957fd939752841504aed80ce9ab1a4324
Family	Formbook

(2)

Sender ip	45.137.22.68
From	"Jason Zhou <[email protected]>"
Subject	"Re: Payment Advice For Overdue Invoice"
Attachment	"Invoice_V088002904.pdf.zip"
MD5	bc8b9b2748023a7d9771166b44682f55
SHA256	66b205af669c52d6e7c299c72a977306cf18b4c78fa4dab131f8ecf1ff63cceb
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(3)

Sender ip	103.133.109.136
From	"SHENZHEN<[email protected]>"
Subject	"RE:statement of account"
Attachment	"SOA.zip"
MD5	ecd8d65b2c179d5758630b98a33c9f5b
SHA256	adb743be8a3f4826f9eed075fee98c8bea68f5d0de9665a359b4b41d0f2be77c
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(4)

Sender ip	89.22.105.49
From	" Cherry Liu "<[email protected]>"
Subject	"*UNCHECKED* RE:SWIFT COPY"
Attachment	"proforma invoice.rar"
MD5	8fffd49119b38b198dc10c61b1898fd6
SHA256	5420ffaef9034b1d9bb820330d85916e8c4dc3b9a897e36bec495ae61a2f313b
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(5)

Sender ip	103.133.109.136
From	"Firemax<[email protected]>"
Subject	"RE: Purchase Order"
Attachment	"P.O.zip"
MD5	92294b3a668421e12be132a0cffecb38
SHA256	fce77814390e177d223581c79bfc80a811c82118c6112276c76749e8b23446f7
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(6)

Sender ip	103.155.80.187
From	"Mohamed Yusuf" <[email protected]>"
Subject	"Re: P.O ENQ/AQT/39023/02/21"
Attachment	"P.O ENQ_AQT.rar"
MD5	34a35e4ea7a06f91b021507de9154324
SHA256	6ba520ec7f950e75ee503a3d1e11f0b96d005324c3a93a8b0fd7d32e54b4b4d4
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(7)

Sender ip	103.155.80.187
From	"Heine" <[email protected]>"
Subject	"RE: Pl 100256"
Attachment	"Pl.rar"
MD5	7a931093ffc627464c9694cdb3523440
SHA256	c6714fbd60738fd5358cdb3b171d401826e3e4a30aec30427844b33324b16ea8
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(8)

Sender ip	165.232.155.62
From	"Daniel Tello <[email protected]>"
Subject	"Factura 1269"
Attachment	"Factura 160621.zip"
MD5	5ec7dcfb4d76a533132dda8fec45e336
SHA256	d230b15bd179e180c76d406f76b5e48e5b6e5e090631ff179e2434de73d013a7
Family	CoinMiner

(9)

Sender ip	103.155.80.187
From	"Heine" <[email protected]>"
Subject	"=?UTF-8?B?UkU6IOuMgOufiSDso7zrrLggU09B?="
Attachment	"statement of account.rar"
MD5	3a7d686964efa53c9c71f20626776e0e
SHA256	6dd7506b228e1821ffa012f2fa39d1cd30b781e42f7caaf2b783a96d4fbdb40f
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(10)

Sender ip	209.127.189.42
From	"[email protected]"
Subject	"=?UTF-8?B?5Y+R56Wo5pSv5LuY?="
Attachment	"TT PROOF.rar"
MD5	ed7057fc80d4e1b4617bf2e05ca94e01
SHA256	e90f0e9b60e058eb358b771eb8acd21b2658cf0dec0df08ebc026076c4575336
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(11)

Sender ip	185.222.58.149
From	"=?UTF-8?B?TXIuIFR1ZG9yIFBvcGVzY3XCoA==?=<[email protected]>"
Subject	"Re: Confirm New List Of Products Q002-O417729"
Attachment	"List Of Products Q002-O417729.zip"
MD5	429d6f90b18ada8c4bbb660653a804a2
SHA256	fe7d362e89870156f5e144d9745370e4c5387107586ff42bad2b2f3598a0b8e3
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(12)

Sender ip	185.222.58.149
From	"Ben"<[email protected]>"
Subject	"RE: URGENT REQUEST FOR QUOTATION AND PROFORMA INVOICE"
Attachment	"LIST OF PRODUCTS NEEDED.zip"
MD5	39e1e3b730f5f31568458237f846feba
SHA256	83ce1019727fc42f20e43f7764579f752cea5b74ddd42c04d4b3f8f5648fff8c
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(13)

Sender ip	164.90.136.114
From	"=?UTF-8?B?REhMIEVYUFJFU1MgSU5Dwq4=?= <[email protected]>"
Subject	"CONSIGNMENT NOTIFICATION: You Have A Package With Us:"
Attachment	"DHL Original Invoice_pdf.rar"
MD5	59cd5ccff664f2ff69cf39397f5c3bc7
SHA256	f05b68abdacfb73f82c36202e7ac88fa9a1d6d20716543692b840222b7a3fef3
Family	SnakeKeylogger

(14)

Sender ip	107.173.62.176
From	"[FedEx] <[email protected]>"
Subject	"FedEx 17062021 - Information is required"
Attachment	"FedEx doc 17062021.rar"
MD5	6ce3a5242c1f4339cc3a1d1d6b060a6f
SHA256	feeeed09f9aa0a1321036701eedb7706f70f11fa9cbd9dcc4de7f669c27767d6
Family	Formbook

(15)

Sender ip	45.137.22.36
From	"<[email protected]>"
Subject	"Fwd: New Order!!!!"
Attachment	"70654 SSEBACT.zip"
MD5	b124c45c175e8015a9bf7519106c4bce
SHA256	d533c81dc1cc2768b40d984c8af2f07d62f3beb3bf59bd456d73f10911facc6a
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(16)

Sender ip	84.38.130.222
From	"Scotsman Guide <[email protected]>"
Subject	"Re: Arrange Charges In The File"
Attachment	"Arrange Charge.r00"
MD5	e31312c6e1e07113ec617791060f2f20
SHA256	97f0dc5d6cccc16d4e147799580d302b3c2236433f3973451b31f8d8139a0bba
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: Phishing Attacks 20_6_2021