(1)
| Sender ip | 185.222.58.153 |
| From | |
| Subject | "RePayment copy" |
| Attachment | "Scan-copy.rar" |
| MD5 | 5bd1604602a9aeeee4332ad2d7bd1bb2 |
| SHA256 | 48455ff00d5441fb5eab0db6b46964ec4f14611f15f8d00a7b8b24f960f9ef1e |
| Family | Formbook |
(2)
| Sender ip | 45.137.22.68 |
| From | "Josh Adams <[email protected]>" |
| Subject | "REQUEST FOR QUOTATION (RFQ REF : R2100131410)" |
| Attachment | "REQUEST FOR QUOTATION (RFQ REF R2100131410).zip" |
| MD5 | 54646bf78c439ac5def2f0da07e7515e |
| SHA256 | b61bc8dbff7333ce96cf5a5f59575845872e229facd3dc13da76835d5dddc01c |
| Family | Loki |
(3)
| Sender ip | 5.180.123.53 |
| From | "Kalayci Bulent" <[email protected]>" |
| Subject | "Re: REQUEST FOR QUOTATION" |
| Attachment | "ORDER LIST.pdf.zip" |
| MD5 | 372d269702ca0030ed6f74a4420f3110 |
| SHA256 | bdadd78792a7c09144a0fbc30f212c069c3672b809b4ffb1acb1c4375422313c |
| Family | Formbook |
(4)
| Sender ip | 103.82.26.199 |
| From | "Hoskins Eric"<[email protected]>" |
| Subject | "RFQ" |
| Attachment | "request_list.xlsx" |
| MD5 | f2af2d11edfac75d0d326ceaee8e3c2e |
| SHA256 | 07f73ff04ab80e4556fa01e1e93c345d768988b0d4cd344dafb605273bc651fc |
| Family | Formbook |
(5)
| Sender ip | 164.52.201.242 |
| From | |
| Subject | "PO QT-028564" |
| Attachment | "PO QT-028564.xlsx" |
| MD5 | f050e56ab676181725f01ef44c4c9123 |
| SHA256 | 9da6954c23239e9dca041649d884dea2f7d1bc04414e808a9c32c216c2033e2e |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
| Sender ip | 188.165.225.23 |
| From | "Grace Chang <[email protected]>" |
| Subject | "New Customer Purchase Order Document(s)" |
| Attachment | "Scan docs.rar" |
| MD5 | 4ff8bb7a9f01ac5d510b6a5788913165 |
| SHA256 | 06edf7ddc282ea3b4f44a968ed79184ae9a9af4d52894f6916e2fe43923b5fe0 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
| Sender ip | 203.159.80.83 |
| From | "Basem Shaban"<[email protected]>" |
| Subject | "FW: AW: Egyption Arab Contracting INVOICE REQUEST 3301 - TOP URGENT-" |
| Attachment | "POBKMIN20210000000231PDF.r15" |
| MD5 | 6e83277751736eaa28b2f2184be7525b |
| SHA256 | 8d0f251cbbeb43f2a100d232e74837d3e93ddd4531b5c0b7461845b10cca3ce0 |
| Family | AZORult |
(8)
| Sender ip | 103.232.53.200 |
| From | "Sales Department" <[email protected]>" |
| Subject | "RFQ 210525-037 FEAP (MItsubishi)" |
| Attachment | "210525_332641-pdf.gz" |
| MD5 | 022095d6016cd5d5c85ff74724147e14 |
| SHA256 | a9008e9a58111342b709c67862250741f5363222c0b4bd3111e4f78cd434ee13 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
| Sender ip | 206.81.25.122 |
| From | "DHL EXPRESS <[email protected]>" |
| Subject | "DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc" |
| Attachment | "Consignment Details_pdf.rar" |
| MD5 | 6c2a1178a96b9859f2b2cb539b43920a |
| SHA256 | eb4435e90357e458b14e53e00945a5c5718db7190640cc09591f72d9ce0d77de |
| Family | SnakeKeylogger |
(10)
| Sender ip | 45.137.22.149 |
| From | |
| Subject | "RE: PAYMENT INSTRUCTIONS" |
| Attachment | "PAYMENT BANK INSTRUCTIONS COPY.r00" |
| MD5 | c43ae48b7d660e3efc0d4ca9c4e6e710 |
| SHA256 | 37ba529fbc8776f8f59bc70e4ffdc15fcbd4794453d7e368e8242dd82df6ad11 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
| Sender ip | 103.232.53.200 |
| From | "Sales Department<[email protected]>" |
| Subject | "Aw: Purchase Order 5638044" |
| Attachment | "new po.xlsx" |
| MD5 | c860a74a119a235d0c7b67d3bd12cfd0 |
| SHA256 | 803dbe4358ea84a8013942e1b5a8b897ac8ce4144740d1a6f7bddb47da4edb7f |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
| Sender ip | 138.68.164.40 |
| From | "Japan Marine-Team C" <[email protected]>" |
| Subject | "Request for quotation ( ANWP - APL ANTWERP ) : SPR/ANWP/D/21/020" |
| Attachment | "Request for quotation SPRANWPD21020.pdf.cab" |
| MD5 | 4916a124cc953aa9208ca30525d5bfdb |
| SHA256 | 3a2c294202eb4eebbc24a81041afadebae4d11fc741276cb8de8e812382354a6 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 138.68.164.40 |
| From | "Ilyas YILDIRIM" <[email protected]>" |
| Subject | "CURRENT SOA // BESIKTAS MARINE" |
| Attachment | "ROZ MARINE - OUTSENDING.pdf.cab" |
| MD5 | c571503d8c0af02d0a942feaf1fb8d63 |
| SHA256 | 93ce66cb00a4916fb0949235dd4b009a54d7f1e261652e5f67242f407f5a245c |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 103.153.78.166 |
| From | |
| Subject | "RE: Invoice Request 17INV06003" |
| Attachment | "Pdf Scen Invoice 17INV06003.r00" |
| MD5 | 39ec4073836600acee4d25216f358b42 |
| SHA256 | 788d26d24e830328ddb8538a8125af334df8ac92aedc2801af8df7ed0ba90fe8 |
| Family | Formbook |
(15)
| Sender ip | 103.153.78.166 |
| From | "Adeline<[email protected]>" |
| Subject | "RE: PAYMENT INSTRUCTIONS" |
| Attachment | "PAYMENT INSTRUCTIONS COPY.r01" |
| MD5 | 4e9896e40dba8e4090586eec2b126622 |
| SHA256 | a581540b37de1c11b9ea8b2ef286c73f54147dbd4013c1a3dbb3b6f9ef280424 |
| Family | Formbook |
(16)
| Sender ip | 103.139.44.91 |
| From | "Boris Liu (Account CN)"<[email protected]>" |
| Subject | "Fw: [EXTERNAL]-- Your Ningbo--Company Account Information" |
| Attachment | "Bank_Information.tar.001" |
| MD5 | 70fddb1d09c7870405664cf7abf0a741 |
| SHA256 | dd6d6fec3d550d6a03b813c09df830c9a542e4d4b54401398e4625a5649ed874 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
| Sender ip | 185.222.58.153 |
| From | |
| Subject | "RePayment copy" |
| Attachment | "Swift-Copy.zip" |
| MD5 | 224d0b554919d06c6307a62e8a7ba812 |
| SHA256 | 782f81875dd8679b6b6385164239eea4de4a1c2353ab7941a640813fac2fa0e3 |
| Family | SnakeKeylogger |
(18)
| Sender ip | 45.137.22.68 |
| From | "Haiyan Zhao <[email protected]>" |
| Subject | "RE: [Quote JQ102474]RE: new RFQ" |
| Attachment | "Quote JQ102474.pdf.zip" |
| MD5 | cdfc0ec3ac0a56dbecf5a7765abd96e5 |
| SHA256 | ee4d08cbe3a26c2e8999545350038b61a9eb5f00da7696da7c4a049a650b6bf9 |
| Family | Loki |
(19)
| Sender ip | 31.210.21.191 |
| From | "Sindy Teo <[email protected]>" |
| Subject | "Items" |
| Attachment | "Purchase order.zip" |
| MD5 | 273da8ef023d8bd5bffde174a78a6c26 |
| SHA256 | f89adb62ec915a1b44b2859fb18e8fb8bca65b04c740a9e7045f0b968fd81e34 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 27_5_2021