(1)
| Sender ip | 103.232.53.200 |
| From | |
| Subject | "RE: Quotation for M/S Unique Forgings ( Primary Shafts )" |
| Attachment | "Quotation 03143-pdf.gz" |
| MD5 | 9a3e328d7d6e72c321bd38f3c54ed037 |
| SHA256 | 74754f6af0fa4e1eb419e3e6d6ce478c0fdb6bbc81848456c3ac493b61e02ce2 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
| Sender ip | 66.7.148.92 |
| From | "ASHWIN SHAH" <[email protected]>" |
| Subject | "New Request For Quote" |
| Attachment | "LIST AND SAMPLE OF ITEMS.xz" |
| MD5 | 3783ca35b4ab5b32204b3d58f51e1aab |
| SHA256 | a316e4e6cc44bf9b539e8867622d4109fd2c8f9e86f43c064f022253e50dec48 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
| Sender ip | 45.137.22.149 |
| From | |
| Subject | "RE: PAYMENT COPY MT103" |
| Attachment | "payment copy.r00" |
| MD5 | c49d734b1558a910cb818dfedcde59a6 |
| SHA256 | d8a8dfa118c2df00beb4b1d1c2225fdcad8a9cd616e018c359f29f11c3fe0c6a |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
| Sender ip | 103.153.78.166 |
| From | |
| Subject | "Crossborder transfer" |
| Attachment | "Pdf MT103 - Remittance.pdf.r00" |
| MD5 | 0a806f14c6bdeefd9244e22533e5c50a |
| SHA256 | e0de4490d27525f239ee513375c97daf4f3d818b6214814727aff8578d190fea |
| Family | Formbook |
(5)
| Sender ip | 103.232.53.200 |
| From | |
| Subject | "PURCHASE ORDER FOR MG005107RM" |
| Attachment | "Drawing 34726-pdf.gz" |
| MD5 | 07d867640032d6708fd17b32a793256e |
| SHA256 | abad1aafcf4cd310369ed51591f5bc1d7503fa0eb93a9c58dfad608e9b3f4d45 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
| Sender ip | 194.49.78.247 |
| From | "Fayyaz TFM<[email protected]>" |
| Subject | "Shipping & Packing Instructions for S0002B-T-1 // PO-17C3266B-S0002" |
| Attachment | "HL-883525800 DOCAU BC ORIGINAL.zip" |
| MD5 | c1d4b3c5dcaa5334ae1944f80f87378c |
| SHA256 | b4b1781dda8a8e68ca7a4937d0c22c5ce7c651e0ddb3cd58420704fab2b433b2 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
| Sender ip | 45.137.22.68 |
| From | "Michael <[email protected]>" |
| Subject | "*URGENT SUPPLY* QUOTE B1020363" |
| Attachment | "QUOTE B1020363.zip" |
| MD5 | 2b4a29ccd466868351bcc15717151ccd |
| SHA256 | d9ff98c9543843e57ea54fc1d46bc3859b140d98795cd6a9c843269804504a11 |
| Family | Loki |
(8)
| Sender ip | 185.222.57.72 |
| From | "Account2 <[email protected]>" |
| Subject | "Re: Invoice" |
| Attachment | "Payment Recipt_MT103.r00" |
| MD5 | f548077aae981098b74b97a9742390e5 |
| SHA256 | e79a8a554653e23ee5b00792e0a605ce5e3b3103c33270666b1c73aab99c7b71 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
| Sender ip | 209.85.219.179 |
| From | "Rajiv Mehrishi <[email protected]>" |
| Subject | "Re:Good News" |
| Attachment | "United Nations Poverty Mitigation Program Lottery.doc" |
| MD5 | 6d3817e8ea41da6d8a420a03808c5bde |
| SHA256 | fb7967ee95b77b5359e16dc3f28ee5f3242a8fc0c4846fea4bc2a7cce1fa9639 |
| Family | Unknown |
(10)
| Sender ip | 46.37.232.45 |
| From | "Giovanni Arrigoni" <[email protected]>" |
| Subject | "R: Payment" |
| Attachment | "SWIFT-EUR 51720.IMG" |
| MD5 | d53fb7a4ceeac253dff70df83c2b607d |
| SHA256 | 786a4ac3cd2c3518ceb31ffff1defc8ca1c77820ae2985fbfeda4e2af8a46425 |
| Family | Formbook |
(11)
| Sender ip | 84.38.130.220 |
| From | "Adel Al-Ofi"<[email protected]>" |
| Subject | "PO-RF5X500300518" |
| Attachment | "PO-RFX5500300518.rar" |
| MD5 | 94b3c55598198c8ff1b5ede1d5ee0c9c |
| SHA256 | 6f16bcd7e63b12a83ac2c7729d75053dc63f73dc99e4b95a07ab4c9b895168c9 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "TNT Shipping Document" |
| Attachment | "TNT SHIPPING DOCUMENT.docx" |
| MD5 | 200dafe1819ed68933ba25435158368e |
| SHA256 | 1855630cf9d2fc68b702b6c2009741ba9855bbccfbd867ffeacb808625339a70 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 178.62.62.36 |
| From | "Imtiaz Mahmod <[email protected]>" |
| Subject | "RE: RE: RE: RE: RE: New Order of 2021" |
| Attachment | "38 X 38 X 2.5 MM.xlsx" |
| MD5 | 487ad1263c69b646deea3281714af9d7 |
| SHA256 | 96dfbd66f0f66fcde3a600b7fba76137e246e946e5dc90f4bfc849125e16cb62 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 103.139.44.91 |
| From | "James Ni (DHL CN)"<[email protected]>" |
| Subject | "[URGENT!] China DHL Express - Invoices Follow Up May,26" |
| Attachment | "DHL-Overdue_Invoices.exe.xz.001" |
| MD5 | b105e0d65f4a7d9c66ddf339386fcc1b |
| SHA256 | 6324e8ec61dfd5c38592581c010a0db0c61298ddb1b07a4212e5ce55395970d1 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
| Sender ip | 185.222.57.135 |
| From | "Terence So <[email protected]>" |
| Subject | "Re: PO 2020208" |
| Attachment | "NEW ORDER.gz" |
| MD5 | 69af76698c77771e6923da240a9bd79a |
| SHA256 | da84f9f0c9934f8518ec4e2b6f1586e6670029e1235c377d596843059e14f101 |
| Family | Formbook |
(16)
| Sender ip | 185.104.112.102 |
| From | "JAIME PRADANA LOPEZ<[email protected]>" |
| Subject | "=?UTF8?B?Y29uZmlybWFjacOzbiBkZSBwYWdvIDA4LTAgNC0yMDIx?=" |
| Attachment | "pago_080402020184767.gz" |
| MD5 | a889c0c38a9d15dfe92d67ec3751efba |
| SHA256 | 2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
| Sender ip | 180.214.239.97 |
| From | "Aaron <[email protected]>" |
| Subject | "Swift " |
| Attachment | "SWIFT.rar" |
| MD5 | 42aaaf1fc8f15ea0fd6361ad312b8de4 |
| SHA256 | b9cfef20666887c643c8cc4e536640b778f75a8d4fb619cb43ac143c10a43bb1 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
| Sender ip | 194.49.78.247 |
| From | "QKLBOOK<[email protected]>" |
| Subject | "HL-88661535 DOCAU " |
| Attachment | "HL-88661535 DOCAU BC ORIGINAL.zip" |
| MD5 | d68c2edd277acd1cb238eede626280a1 |
| SHA256 | bc635ecabff0a4afa527d345d862e2c35a0adaf0262e391552c001cc705dc7ba |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
| Sender ip | 134.209.120.202 |
| From | "Japan Marine-Team C" <[email protected]>" |
| Subject | "Request for quotation ( ANWP - APL ANTWERP ) : SPR/ANWP/D/21/020" |
| Attachment | "Request for quotation SPRANWPD21020.pdf.cab" |
| MD5 | cb56306bfff4f4a08798d95689d64b76 |
| SHA256 | f46eab47d29c284d649403e6f7709bdc34123d1576c44cb8fa6b9dad720d6acd |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
| Sender ip | 134.209.120.202 |
| From | "Ilyas YILDIRIM" <[email protected]>" |
| Subject | "CURRENT SOA // BESIKTAS MARINE" |
| Attachment | "ROZ MARINE - OUTSENDING.pdf.gz" |
| MD5 | 2b8bd67d831fa6ef103181d6aeb67117 |
| SHA256 | cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
| Sender ip | 103.153.78.166 |
| From | |
| Subject | "RE: Invoice Request 17INV06003" |
| Attachment | "Pdf Scen Invoice 17INV06003.r00" |
| MD5 | 576f8e40054ea7dd88aa93307233b2e5 |
| SHA256 | 0dcd24b31b9b4c02af0d470b6212b2a3cee318c5745dd002e9c900f5dc6375a1 |
| Family | Formbook |
(22)
| Sender ip | 185.222.57.229 |
| From | |
| Subject | "RE: Revise PI" |
| Attachment | "PI1942100023.zip" |
| MD5 | 7305a54b5ad583a0ca1539d51ce91dd4 |
| SHA256 | d55be05b5dd111d22304305b4303c9496b2fcc0db25e12c8fc74ed84dbeace5a |
| Family | Formbook |
(23)
| Sender ip | 74.208.85.196 |
| From | "purchase <[email protected]>" |
| Subject | "=?UTF-8?Q?RE=3A_Nueva_consulta_/_orden_de_cotizaci=C3=B3n=2E=2E?= =?UTF-8?Q?=2E?=" |
| Attachment | "requested product lists.PDF_________________________________________________.lzh" |
| MD5 | 2b485dc45272da1dd7d13d03b14f9adb |
| SHA256 | 9ff0617ab1bb17359e3de9edf4dd5b88ff6dbbeea8d8df7ab49a3a027570ce1b |
| Family | SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 26_5_2021