(1)
| Sender ip | 128.199.152.121 |
| From | |
| Subject | "RE: invoice 8b00649" |
| Attachment | "invoice 8b00649.r00" |
| MD5 | f9804b80174f8b4a6f60a7df780f6874 |
| SHA256 | 66278b8fcd836ebffdda546f17e3698e661a5e3e1550ea502b6a95e357036e48 |
| Family | AgentTesla |
(2)
| Sender ip | 45.137.22.56 |
| From | "Tariq Bashir<[email protected]>" |
| Subject | "Down payment #swift 28.04.2021" |
| Attachment | "SWIFT COPY pdf.z" |
| MD5 | 59a91e78c8fb0e0fb804b1e7f2e9a98f |
| SHA256 | e07898b695f170c24a809cdc30bda776ae87abbe14f944ebb87e291582cad847 |
| Family | Unknown |
(3)
| Sender ip | 51.195.135.77 |
| From | "Jenifer" <[email protected]>" |
| Subject | "Invoice" |
| Attachment | "Invoice.zip" |
| MD5 | d3e5f802575eee446522f2341403d307 |
| SHA256 | 1397eab0270289529612e24e011c24bfdcff9b8a3ea2d58ea995f94a3a9cb730 |
| Family | AgentTesla |
(4)
| Sender ip | 185.222.58.152 |
| From | "Account" <[email protected]>" |
| Subject | "Statement of account" |
| Attachment | "SOA.zip" |
| MD5 | b5155ad7c3debabeece655d1852095c4 |
| SHA256 | 90c1d680a867af042eaf60ba32ab1a651ee270a3fbad7cf806681d6b74138d33 |
| Family | AgentTesla |
(5)
| Sender ip | 185.222.58.152 |
| From | "Account" <[email protected]>" |
| Subject | "Statement of account" |
| Attachment | "SOA.zip" |
| MD5 | b5155ad7c3debabeece655d1852095c4 |
| SHA256 | 90c1d680a867af042eaf60ba32ab1a651ee270a3fbad7cf806681d6b74138d33 |
| Family | AgentTesla |
(6)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "Re: RE: Request For PI" |
| Attachment | "Order Items.gz" |
| MD5 | efd35f97c09fdcc7cc4114fab49a87b9 |
| SHA256 | 40cec6cc82800698e57005753fa5bc7a379a64b3a3ed15efc6ad357604edd7ea |
| Family | AgentTesla |
(7)
| Sender ip | 185.222.57.216 |
| From | |
| Subject | "Re-Confirm Attached Invoice For Payment Process" |
| Attachment | "Invoice 01859.rar" |
| MD5 | 18b44f77e1e7745e9fd83d75ad01df91 |
| SHA256 | 0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321 |
| Family | AgentTesla |
(8)
| Sender ip | 103.138.109.241 |
| From | "COSCO SHIPPING TANKER(Singapore) PteLtd <[email protected]>" |
| Subject | "M/T. YUAN JU WAN EPDA AND PORT INFO REQUEST " |
| Attachment | "VESSEL PARTICULARS.zip" |
| MD5 | 17da9c9f6617334b1934dc9527a3b071 |
| SHA256 | 1730da6bbda8300eca3cc4ebd072fbeba77dc964e86af7c672dd02f4034dcc74 |
| Family | Unknown |
(9)
| Sender ip | 185.222.57.157 |
| From | |
| Subject | "RE: Attached copy of proof of payment" |
| Attachment | "payment copy.r00" |
| MD5 | 8103c13763cf6ade83af5f3de3dfe681 |
| SHA256 | 1fe457032d45f8a27c6aaf4470e9eeeff496faa45045600c2007b6e3197bf51c |
| Family | AgentTesla |
(10)
| Sender ip | 199.10.31.237 |
| From | |
| Subject | "Re: RE: April Inquire Order" |
| Attachment | "Order specs No12.gz" |
| MD5 | c510d141ee0d9e9cdc5a7a3c9c514ed4 |
| SHA256 | 17fe063619c08c97dd6ebaa9e4e47df51852a2873e2a13f0260620add41b34d4 |
| Family | AgentTesla |
(11)
| Sender ip | 185.222.57.216 |
| From | |
| Subject | "PAYMENT ADVICE FOR OUTSTANDING SOA," |
| Attachment | "payment advice 0264.rar" |
| MD5 | c2edb5f467db0ac0bf4b40307e36e066 |
| SHA256 | 8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a |
| Family | AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 28_4_2021