(1)
Sender ip | 185.222.58.149 |
From | "Wu Xueming"<[email protected]>" |
Subject | "FW: SOA Review Done : Inter Bank Transfer(IBG) URGENT" |
Attachment | "Bank swift.zip" |
MD5 | eaf4bec0c1103fa6f87aaddbaa631454 |
SHA256 | 7bc8e9198c499b6c48d39e99734d3c9081d0eae625f5ac9a2ca4f571946a1501 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
Sender ip | 45.137.22.149 |
From | |
Subject | "RE:Reconfirm Bank Details" |
Attachment | "Bank Details.r00" |
MD5 | 21ab3f0250d6a797fae7f179e428c539 |
SHA256 | b0fb5eb8dad64e67ded64e20c20075ad3198295ded5646c9cff81cdcb527f6b5 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
Sender ip | 103.155.80.187 |
From | "karen marshall" <[email protected]>" |
Subject | "Fwd: Quotations New Order" |
Attachment | "new order.rar" |
MD5 | c2551fe8efe908d1ebcea82607408aef |
SHA256 | fd80bdd9cb1cb0f140ce78a39a8c73087f27c85322ca17ed66a39026ac09c151 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip | 103.155.80.187 |
From | "Sales Manager" <[email protected]>" |
Subject | "RE: STATEMENT OF ACCOUNT" |
Attachment | "outstanding invoices.rar" |
MD5 | c745accf0132345f01aac2323bb345fe |
SHA256 | 5b9d8a84ee305113d9915edb5c6adf6182894fefa40e046b536971083064b5fd |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
Sender ip | 155.94.136.153 |
From | "Mattia Comelli<[email protected]>" |
Subject | "New RFQ Check-up item CS1528240.2" |
Attachment | "EQ�PC-0029-02.xlsx" |
MD5 | 173a76273a1d9617f5b2cde725aa47bf |
SHA256 | 60afc72d245d76fae7ff9087aa81f677e03f6517bd69a5e8040e5fee7e1449bf |
Family | Unknown |
(6)
Sender ip | 155.94.136.153 |
From | "Mattia Comelli<[email protected]>" |
Subject | "New RFQ Check-up item CS1528240.2" |
Attachment | "3034501.zip" |
MD5 | 2bae8f71a486883503d04c462a6240d2 |
SHA256 | 6973dab1da8d0bcb8185df7aa63b8474bc9491f16f7642a347b529789f19d6da |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip | 195.133.40.234 |
From | "Khamis Salim <[email protected]>" |
Subject | "RFQ-14000135846 NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM " |
Attachment | "RFQ-14000135846_Scanned from a Xerox multifunction device (2).zip" |
MD5 | 92ac9dbc5783ddeab66cff673b4bbae4 |
SHA256 | a70495ddde64524d6c16dca86296d44ea78c15c3ac97609dac318559ee2644de |
Family | Unknown |
(8)
Sender ip | 185.121.120.197 |
From | "=?UTF-8?Q?KOLAGOM_K=C4=B0MYASALLAR_SAN=2E_VE_T=C4=B0C=2E_LTD=2E_?= =?UTF-8?Q?=C5=9ET=C4=B0=2E?= <[email protected]>" |
Subject | "New Inquiry" |
Attachment | "Product list.xlsx" |
MD5 | 8f310f476d94685424314ab47316f4fe |
SHA256 | d4800340fbd1803a42df8ac5b06b47b8d2cafa64738f02282fe4b32e97fa872b |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip | 45.137.22.149 |
From | |
Subject | "RE:Reconfirm Bank Details" |
Attachment | "Bank Details.ARJ" |
MD5 | 998aa8498fe9c96865842d82fc1b680f |
SHA256 | e9b4cb23f9e8a68d296ba0f51cbfd513f7e621e0461e560f1cb910b38d172244 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip | 185.222.57.200 |
From | "purchase"<[email protected]>" |
Subject | "Order Enquiry No: 3308" |
Attachment | "Inquiry.r15" |
MD5 | 365cef6b9f1d3672cf86d043e48845a9 |
SHA256 | 9e6994570cedbc6d1bc2b077bda2bdf38c26ab2f2d09ea3797c45d786fd1b2d9 |
Family | SnakeKeylogger |
(11)
Sender ip | 185.222.58.153 |
From | "Tina Donini<[email protected]>" |
Subject | "PAYMENT COPY" |
Attachment | "Swift-copy.zip" |
MD5 | 0dec0263243d7a3b2f69e139f41c455f |
SHA256 | a9c17a18861e01200624ea6c949d9ac252478a80496add163211973f171f807d |
Family | SnakeKeylogger |
(12)
Sender ip | 45.95.168.220 |
From | "Shruti" <[email protected]>" |
Subject | "Wire confirmation" |
Attachment | "Wire-Payment.pdf.cab" |
MD5 | f0ab5f07a02cbe6511ae426f9d746563 |
SHA256 | 74336b753bee56d595e5420bccaa26e0f124200cb5071e853983118f49009654 |
Family | Formbook |
(13)
Sender ip | 103.207.38.69 |
From | "=?UTF-8?B?ICLljb/kupHluoYi?= <[email protected]>" |
Subject | "NEW ORDER" |
Attachment | "NEW ORDER.zip" |
MD5 | 61357bd29f719f4b7f2a237b42eff70d |
SHA256 | 33129214b46df54bc7a37e566e20bcbffc70de1d672a8379c114fb88b6c13c67 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip | 185.222.58.153 |
From | "Sajeer Kanniyath<[email protected] >" |
Subject | "BALANCE COMFIRMATION FOR MAY 2021" |
Attachment | "Invoice-Copy.zip" |
MD5 | 49290d6def5f028d43f5b3dfc943a11c |
SHA256 | 60c12eb1e87d0fac641179d79c750a8cd46e325a57d7a454d708f95e6d83db54 |
Family | SnakeKeylogger |
(15)
Sender ip | 185.222.58.153 |
From | "Sajeer Kanniyath<[email protected] >" |
Subject | "BALANCE COMFIRMATION FOR MAY 2021" |
Attachment | "Balance___5132.zip" |
MD5 | 7b1af7564887531abe7565e16c909dbb |
SHA256 | c281a7861483a39ff4da8236c5b2a202f88562caa737f4d7060049fd1b5fb980 |
Family | SnakeKeylogger |
(16)
Sender ip | 185.222.57.232 |
From | "HSBC Advicing Service" <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[GB1860369674] / Priority payment / Customer Ref:[0000568988]" |
Attachment | "MT103-06022021987636472-PDF.ARJ" |
MD5 | 8246a4b29d8dc66ee42fd1992e93f02e |
SHA256 | 6e362240f8c0314c8c10319312b7abe77fd4821f5ace2b8e2837e07c86f3ab75 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 3_6_2021