Phishing Attacks 28_4_2021

 





(1)

Sender ip

128.199.152.121

From

"[email protected]"

Subject

"RE: invoice 8b00649"

Attachment

"invoice 8b00649.r00"

MD5

f9804b80174f8b4a6f60a7df780f6874

SHA256

66278b8fcd836ebffdda546f17e3698e661a5e3e1550ea502b6a95e357036e48

Family

AgentTesla

 

(2)

Sender ip

45.137.22.56

From

"Tariq Bashir<[email protected]>"

Subject

"Down payment #swift 28.04.2021"

Attachment

"SWIFT COPY pdf.z"

MD5

59a91e78c8fb0e0fb804b1e7f2e9a98f

SHA256

e07898b695f170c24a809cdc30bda776ae87abbe14f944ebb87e291582cad847

Family

Unknown

 

(3)

 

Sender ip

51.195.135.77

From

"Jenifer" <[email protected]>"

Subject

"Invoice"

Attachment

"Invoice.zip"

MD5

d3e5f802575eee446522f2341403d307

SHA256

1397eab0270289529612e24e011c24bfdcff9b8a3ea2d58ea995f94a3a9cb730

Family

AgentTesla

 

(4)

 

Sender ip

185.222.58.152

From

"Account" <[email protected]>"

Subject

"Statement of account"

Attachment

"SOA.zip"

MD5

b5155ad7c3debabeece655d1852095c4

SHA256

90c1d680a867af042eaf60ba32ab1a651ee270a3fbad7cf806681d6b74138d33

Family

AgentTesla

 

(5)

Sender ip

185.222.58.152

From

"Account" <[email protected]>"

Subject

"Statement of account"

Attachment

"SOA.zip"

MD5

b5155ad7c3debabeece655d1852095c4

SHA256

90c1d680a867af042eaf60ba32ab1a651ee270a3fbad7cf806681d6b74138d33

Family

AgentTesla

 

(6)

Sender ip

199.10.31.238

From

"[email protected]"

Subject

"Re: RE: Request For PI"

Attachment

"Order Items.gz"

MD5

efd35f97c09fdcc7cc4114fab49a87b9

SHA256

40cec6cc82800698e57005753fa5bc7a379a64b3a3ed15efc6ad357604edd7ea

Family

AgentTesla


(7)

Sender ip

185.222.57.216

From

"[email protected]"

Subject

"Re-Confirm Attached Invoice For Payment Process"

Attachment

"Invoice 01859.rar"

MD5

18b44f77e1e7745e9fd83d75ad01df91

SHA256

0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321

Family

AgentTesla


(8)

Sender ip

103.138.109.241

From

"COSCO SHIPPING TANKER(Singapore) PteLtd <[email protected]>"

Subject

"M/T. YUAN JU WAN EPDA AND PORT INFO REQUEST "

Attachment

"VESSEL PARTICULARS.zip"

MD5

17da9c9f6617334b1934dc9527a3b071

SHA256

1730da6bbda8300eca3cc4ebd072fbeba77dc964e86af7c672dd02f4034dcc74

Family

Unknown


(9)

Sender ip

185.222.57.157

From

"[email protected]"

Subject

"RE: Attached copy of proof of payment"

Attachment

"payment copy.r00"

MD5

8103c13763cf6ade83af5f3de3dfe681

SHA256

1fe457032d45f8a27c6aaf4470e9eeeff496faa45045600c2007b6e3197bf51c

Family

AgentTesla


(10)

Sender ip

199.10.31.237

From

"[email protected]"

Subject

"Re: RE: April Inquire Order"

Attachment

"Order specs No12.gz"

MD5

c510d141ee0d9e9cdc5a7a3c9c514ed4

SHA256

17fe063619c08c97dd6ebaa9e4e47df51852a2873e2a13f0260620add41b34d4

Family

AgentTesla


(11)

Sender ip

185.222.57.216

From

"[email protected]"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-2842021.html