(1)
| Sender ip | 103.139.44.91 |
| From | "Julia"<[email protected]>" |
| Subject | "Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
| Attachment | "Billing Information.jar" |
| MD5 | 5b13b97de3e069c8231335824d0d87ac |
| SHA256 | 8fb45fbea1b2a16c2626c8909c46a499b17c376e96e3c82869cf4bcca4c40c9b |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
| Sender ip | 103.139.44.91 |
| From | "Julia"<[email protected]>" |
| Subject | "Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
| Attachment | "Business License.jar" |
| MD5 | f11053fbbe407ef5d9011f4dfdf982e2 |
| SHA256 | 40903fc5f42d516a5ef24e8cc1185268df19616b06d2ac7ed05069a6d5c3d6ec |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
| Sender ip | 103.139.44.91 |
| From | " Account Manager"<[email protected]>" |
| Subject | "RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) " |
| Attachment | "INV01562.tar.001" |
| MD5 | 0e6d45a00324043f6f24e8f8fe1b2926 |
| SHA256 | a7907cdbe6a094994b2b3b58c161a02fc6921ac7ba8c19b48be647ec2b30c331 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
| Sender ip | 103.139.44.91 |
| From | " Account Manager"<[email protected]>" |
| Subject | "RE: RE: PAYMENT FOR SMC 15 INV01542,INV01562-7500003124 (JTR-0084) " |
| Attachment | "INV01542.tar.001" |
| MD5 | 17e60b9f7acb3038925bedb241114ce9 |
| SHA256 | 72a3ca5c0cb9e7376a6e25067160668635e755837209e67ab5297e2b53375cd4 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
| Sender ip | 195.201.227.104 |
| From | "Ankit <[email protected]>" |
| Subject | "POST SHIPMENT DOCUMENT" |
| Attachment | "POST SHIPMENT DOCUMENT.zip" |
| MD5 | 3c026cfba101319a48c790fe8372f944 |
| SHA256 | b16a260c536b47dcf3e8d89c85851654833361c7d0fc583dd66d1891ea0f9bf4 |
| Family | SnakeKeylogger |
(6)
| Sender ip | 78.28.205.254 |
| From | "Artimpex Trading group <[email protected]>" |
| Subject | "Re: New Purchase Order" |
| Attachment | "PO#310521.PDF.rar" |
| MD5 | 69ed72f9c348538dbcb97e5cbc215b9a |
| SHA256 | b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f |
| Family | Formbook |
(7)
| Sender ip | 45.87.60.27 |
| From | "Artimpex Trading group <[email protected]>" |
| Subject | "Re: New Purchase Order" |
| Attachment | "PO#310521.PDF.rar" |
| MD5 | 69ed72f9c348538dbcb97e5cbc215b9a |
| SHA256 | b2dd3726fee8e26a1a14fca69b44f60af95c760b98ee350dda0b988c0bdd767f |
| Family | Formbook |
(8)
| Sender ip | 185.121.120.179 |
| From | "ELITE SDN BHD <[email protected]>" |
| Subject | "PURCHASE ORDER" |
| Attachment | "Po.xlsx" |
| MD5 | eb1fcbc470f904f1a944e5144bbf3962 |
| SHA256 | 7e2fc2c85360f8aac0306846e4c0680f89c790bc3e562e928f55c55915eaeec8 |
| Family | Unknown |
(9)
| Sender ip | 103.153.182.81 |
| From | "Elie Abdel Ahad <[email protected]>" |
| Subject | "Re: Re: PI" |
| Attachment | "PO (2).pdf.z" |
| MD5 | 252dac1a46cbe56375f28aedb6451406 |
| SHA256 | 6819c13eb00405acabe777c8e56d3e7303c7f036f9481c3cb4c83de86ff3df5c |
| Family | Loki |
(10)
| Sender ip | 103.153.182.81 |
| From | "Elie Abdel Ahad <[email protected]>" |
| Subject | "Re: Re: PI" |
| Attachment | "PO.pdf.z" |
| MD5 | c13ed3b0b70a64891fce812e3b266882 |
| SHA256 | fce1d2ef1b91a2f2bb6601fd37e1dff8998af1479febc41ec115139f717ac7d0 |
| Family | Loki |
(11)
| Sender ip | 194.49.78.221 |
| From | "Shiv <[email protected]>" |
| Subject | "ARRIVAL NOTICE" |
| Attachment | "SCAN 20210531_010.zip" |
| MD5 | cda896e3c742150675773f3e5531a71d |
| SHA256 | ee8890d81ee1f4b0efa0b637254087b9335a88e2cece751a115cc9f2d3f442a5 |
| Family | SnakeKeylogger |
(12)
| Sender ip | 203.159.80.83 |
| From | "Basem Shaban"<[email protected]>" |
| Subject | "FW: AW: Egyption Arab Contracting INVOICE REQUEST 3301 - TOP URGENT-" |
| Attachment | "proforma invoice TRKINV2021000000000003005 TT Slip copy.r17" |
| MD5 | 9f2019ff734e0b7c257a3727abe61a7b |
| SHA256 | fd0c218d24dea59dbd62eb5041aaa24dc0c34a6ae0ccea288f496eda3732bbe3 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 103.232.53.200 |
| From | "Accounts Payables" <[email protected]>" |
| Subject | "Aw: Purchase Order 5638044" |
| Attachment | "PO210530_332641-pdf.gz.rar" |
| MD5 | df0431af6938179c59015403faec7c98 |
| SHA256 | f67644c57b305c7fc377d3a082a51c2e41ab42f623c421b45366c8057b81dabd |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 78.28.205.254 |
| From | "DHL | Global Forwarding <[email protected]>" |
| Subject | "DHL SHIPMENT COMFIRMATION" |
| Attachment | "awb.no4646646464.ace" |
| MD5 | e3b4b0a1a05795089b75336bd9fa92df |
| SHA256 | 9765d9471c3a12372d9415e7fdba24ad70d8d61b584776043be61d517312c0ec |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
| Sender ip | 78.28.205.254 |
| From | "DHL | Global Forwarding <[email protected]>" |
| Subject | "DHL SHIPMENT COMFIRMATION" |
| Attachment | "dhl-delivery_support.z" |
| MD5 | 08af4b63ba599874f07d208b9858b638 |
| SHA256 | 1bcf07bff2f07c86e64b158c9e9c729e44a78e1b02510d34118ed6ca98f46787 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
| Sender ip | 103.139.44.91 |
| From | "Julia"<[email protected]>" |
| Subject | "Re: Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
| Attachment | "Billing Information.jar" |
| MD5 | d072fddef702c6312839b412418fb191 |
| SHA256 | 25a0cf6601880b7c969febb873da299184312d3da1461fae78a46163510c2925 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
| Sender ip | 103.139.44.91 |
| From | "Julia"<[email protected]>" |
| Subject | "Re: Re: Reply: New LCL Order SHA/HAM-s/Jiangsu Huancheng Cnee: E+F, Germany" |
| Attachment | "Business License.jar" |
| MD5 | 22acf7d6e973ad3a207cd5bb09147a14 |
| SHA256 | ed0d0f012eda84b274d46373e8ff3ebf8e5d6aaf3fba272f6e0a514ea7466ae1 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
| Sender ip | 103.125.189.175 |
| From | |
| Subject | "Re: Import / Pre-Arrival Notification / DHL Track No 781226753652 " |
| Attachment | "(DHL) Shipment Import DutyTax Payment Alert.ace" |
| MD5 | 667325a247e436115f53b94fd3373608 |
| SHA256 | 1297a6593f2b224a66e882bcc5af02af802012cef77bd244cf14c73f5c76534c |
| Family | Formbook |
(19)
| Sender ip | 142.93.196.110 |
| From | "Nguyen Thi Nhu Quynh (Ms.) <[email protected]>" |
| Subject | "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-21" |
| Attachment | "PO#31052021104221.lzh" |
| MD5 | 57deef2c72935a621dfd2bbca743879f |
| SHA256 | dc2a52a1f8ecfdb31bae650c9aacda445ab30fac797e7f201fbac85babcd927a |
| Family | SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 31_5_2021