(1)
Sender ip | 103.139.44.91 |
From | " Account Manager"<[email protected]>" |
Subject | "RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment | "INV01542.tar.001" |
MD5 | 70afd9a7d98adeaaf110931ae176a27b |
SHA256 | 8d3ca6193a24924258493da59c6ff0f70a0965c1274d9aac2ce17ed02d061667 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
Sender ip | 78.28.205.254 |
From | "FedEx Online Advisory <[email protected]>" |
Subject | "FEDEX EXPRESS TRACKING - COURIER DELIVERY" |
Attachment | "FedEx Courier Tracking.pdf.ace" |
MD5 | 51cc56c40a3d2b7b6540069b0d096dff |
SHA256 | fb8e126810598e66a8bfd07d710f55b22396d780e0f6fe1a7e0a1725fd65369d |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
Sender ip | 103.139.44.91 |
From | "Jason Wen"<[email protected]>" |
Subject | "RE: RE: [EXTERNAL] Pick Up the PO 960074725 from STRIP // 784-45876876" |
Attachment | "Customs declaration form + release form.7z" |
MD5 | 16324127b6a4da2a2c5879267f6ee682 |
SHA256 | ae65556e391f8e8c52a78831ec0033d0368e27de42b6fdc6e68e8ac61f400e5e |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip | 103.133.108.70 |
From | "ALLAN SNEDDON <[email protected]>" |
Subject | "Fwd:PAYMENT FOR INV" |
Attachment | "swift.45434.r00" |
MD5 | b1a7d7705fc9f8073431a0df61092b54 |
SHA256 | 41acbe3a2677aae75b4024877852155a1fbca6b42005d0efbaca6da9e8682d4c |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
Sender ip | 45.137.22.149 |
From | |
Subject | RE: SWIFT COPY" |
Attachment | "TT copy.r00" |
MD5 | afbf062a6ea1cc5d77da65fb4848a552 |
SHA256 | dff962cd61273ec024c5ecfc37b6986a57ddd913e10fbaf4cc392e76fbff406b |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
Sender ip | 78.28.205.254 |
From | "FedEx Online Advisory <[email protected]>" |
Subject | "FEDEX EXPRESS TRACKING - COURIER DELIVERY" |
Attachment | "FedEx Courier Tracking.pdf.ace" |
MD5 | d17b21dc7292745787900fd1a1f73920 |
SHA256 | dffbd4034771d48648f3ad820ed01ed16c46da3b857dc8f0594d349c98af63a8 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip | 78.28.205.254 |
From | "FedEx Online Advisory <[email protected]>" |
Subject | "FEDEX EXPRESS TRACKING - COURIER DELIVERY" |
Attachment | "AWB.NO-786334453366.z" |
MD5 | 333620534be376416f2c8ec92e5654e4 |
SHA256 | d8773d2a6628549f7afc66d8e3aa386414049861e2f456cb5ae339cbbb103ec1 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip | 194.49.78.221 |
From | "Rama N. Devadiga <[email protected]>" |
Subject | "DRAFT DOCUMENTS" |
Attachment | "ATTACHED LIST _AMC.zip" |
MD5 | c32b7b027f9945b15365b1b363f9c489 |
SHA256 | ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip | 188.165.225.23 |
From | "Robert Chen <[email protected]>" |
Subject | "Re: Purchase Order Confirmation" |
Attachment | "Scan copy.rar" |
MD5 | fdafaa9666f1e14bb471dfd6df98ac26 |
SHA256 | dbe95060d7cd98a4193e74fa28f5c5ce8219106b11d669b501d95fe5bf654032 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip | 167.172.96.72 |
From | "Phillip Novak" <[email protected]>" |
Subject | "Revised PO_2021" |
Attachment | "PO.2021.cab" |
MD5 | 8237406a7e9bc1364b11978fa138037e |
SHA256 | a007cea19b203d9bc907ff3ba8a13988a03ef747a73b3239ebcbbd3442a4093b |
Family | Formbook |
(11)
Sender ip | 109.71.254.78 |
From | "DHL EXPRESS <[email protected]>" |
Subject | "Shipment arrival notice" |
Attachment | "Shipping Receipt.img" |
MD5 | 70e9f4e55debca0ed1e842e64b79daad |
SHA256 | 3c6c0c4e2932fa193f2b88c642b8f9b07b1bbfefbb3da40a3f44310c89954a16 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip | 69.61.59.207 |
From | "Starcia Chang<[email protected]>" |
Subject | "Re: Order Inquiry ABS PTE LTD" |
Attachment | "ABS PTE Order.rar" |
MD5 | df4eed434ef0f3e5d178659e65fbce9a |
SHA256 | 7e79921690acb371222d6edbd8e6efce922fa133afe5ec8d823a6f39cd1b3014 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip | 31.210.20.71 |
From | "MIDEAST | OPS"<[email protected]>" |
Subject | "MV PEDHOULAS TRADER PORT INFO | APPOINTMENT //RESENDING//" |
Attachment | "MV PEDHOULAS TRADER.zip" |
MD5 | 8a90e7c9a30e03ee9ed3031601d40483 |
SHA256 | 071a4606d681d058836106eb6e9eb180919b32b6ab776f73be3a14a729430d8e |
Family | Formbook |
(14)
Sender ip | 103.139.44.91 |
From | " Account Manager"<[email protected]>" |
Subject | "RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) " |
Attachment | "INV01542.tar.001" |
MD5 | 1475f6b0957df200e039e743288c3db8 |
SHA256 | 5ba66a4ff6b37c47656fead5bd2bdc902db6de858aa77548795f0fe4b8a7f1f3 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip | 185.222.57.79 |
From | |
Subject | "Re: Invoice Query & PAYMENT COPY" |
Attachment | "Re Invoice Query & PAYMENT COPY.r15" |
MD5 | 62046aa50ccaead65f979c5c459e3b76 |
SHA256 | a4e07f0854fd631a182ebc562988b619e7a7a52d65e8b75e413781143066478c |
Family | Unknown |
(16)
Sender ip | 103.139.44.91 |
From | "Tang, Xiaonan, Account Dept"<[email protected]>" |
Subject | "***Urgent!*** Ningbo--Outstanding payment for month end May,28" |
Attachment | "Ningbo--Outstanding_Payments.exe.bz2.001" |
MD5 | e3374628150ddd998f5f064067f57332 |
SHA256 | 31c7a172c119c906515700c843fef30c007d148c2ee67d89f4e3f88579696987 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip | 185.222.58.153 |
From | |
Subject | "Invoice number 2100799" |
Attachment | "invoice number 2100799.rar" |
MD5 | 0c81822ce6bb0ec525116b35e300aff7 |
SHA256 | ce5586dac5454b6dd0f49a4218be2adda86a663a2a2c925f90f4d4215674db51 |
Family | Formbook |
(18)
Sender ip | 45.87.60.140 |
From | "Ali Aslam Head Office <[email protected]>" (likely spoofed) |
Subject | "Signed Contract INVOICE." |
Attachment | "SIGNED CONTRACT.xlsx" |
MD5 | 0df04247a510caf5ef08cb8997a2443f |
SHA256 | 9fccbe7844fa0d92de8e745ca672019db23a09777b56128bc4116ed0c7dfeb1a |
Family | SnakeKeylogger |
(19)
Sender ip | 45.137.22.50 |
From | "Nguyen Xuan Binh" <[email protected]>" |
Subject | "THUAN HIEP THANH CO., LTD - Ref. #20880 (PURCHASE ORDER AND CONTRACT)" |
Attachment | "Purchase Order & Contract.rar" |
MD5 | 6a07a539a2ee474e0b5e11b49b9cc8a5 |
SHA256 | d1bbd92fdf96bb1feea37d7047f5e65a2200e0177e4012befee993d3521fd7a7 |
Family | NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(20)
Sender ip | 194.49.78.201 |
From | "vicky wong <[email protected]>" |
Subject | "ORDER #PO#35Tg1s" |
Attachment | "35Tg1s.zip" |
MD5 | ce788a689b976f6226a18a2f1c40fce6 |
SHA256 | 9f9d13830571e2d929eb95922586b9b80dbd7aac35771cc4b0fc6a2bb5c1ccc0 |
Family | SnakeKeylogger |
(21)
Sender ip | 185.222.58.153 |
From | |
Subject | "Invoice number 2100799" |
Attachment | "48499400994094pdf.rar" |
MD5 | 3c6eae5658d7ba0ad3f2f35ab824b53f |
SHA256 | f01d9ace959acfa77d3be870ae5444776087e9d50333b362f845d1b5d1ce5ec9 |
Family | SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 30_5_2021