(1)
Sender ip | 180.214.238.36 |
From | |
Subject | "Re: Request Quotation" |
Attachment | "Request Quotation.rar" |
MD5 | 7a084890bd549d63e536ab4233de148a |
SHA256 | cdff43b16fb843b25faf7d72675eba5b3b311407e43ad4f3e3131c17edc45975 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
Sender ip | 185.222.57.251 |
From | "lgpartner.ch <[email protected]>" |
Subject | "Payment Advice - Ref: HSBC99002992" |
Attachment | "payment advice..zip" |
MD5 | 7e764f0cc7499cda61945f697c021c87 |
SHA256 | 26214ac0f1af80311fdcb7034f6c206dbeecaae6ff70fb9e040dd44486542841 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
Sender ip | 199.10.31.238 |
From | "Tarek Dakroury <[email protected]>" |
Subject | "DHL Shipment Notification : 9290293600" |
Attachment | "DHL8735679093.zip" |
MD5 | dfa686026c7ba10bf9d540a8668826a0 |
SHA256 | e4816d5eafb882c6c774f695ecbc760d74f21e289581df1472c741ffcfbbb8b3 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip | 199.10.31.238 |
From | "Tarek Dakroury <[email protected]>" |
Subject | "DHL Shipment Notification : 9290293600" |
Attachment | "AWB 673687387678.zip" |
MD5 | 530aaf718e220183c538da5b9be9158b |
SHA256 | 6d675f75b5bd44470026f4e50e311cd61d79f3496a18df69b63d833e34eafa88 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
Sender ip | 2.56.57.154 |
From | "Wang weishun" <[email protected]>" |
Subject | "RE: Shipment Docs" |
Attachment | "Shipment Docs.rar" |
MD5 | 16f49209497cc69dbbb5e8cba25c5dc4 |
SHA256 | 20b377289c99905181f6096acdeb077fec5510f0f323ab818429c7b0afb620da |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
Sender ip | 178.62.41.228 |
From | "Andrzej Budziak <[email protected]>" |
Subject | "SKM_2872106104863364 CONTRACT 2022" |
Attachment | "SKM_2872106104863364 CONTRACT 2022_pdf.gz" |
MD5 | 20f83af490d1151fe2bd8a35f30b5589 |
SHA256 | 21940f1a2a4ef598cee77a38016ad363f2585012b51474081182a6aa03b1b513 |
Family | RemcosRAT |
(7)
Sender ip | 178.62.41.228 |
From | "Andrzej Budziak <[email protected]>" |
Subject | "SKM_2872106104863364 CONTRACT 2022" |
Attachment | "Payment442022.gz" |
MD5 | aa78c846f29708c57e99973c7f1ec142 |
SHA256 | ee7f3f56d2d8f4af4cb4d130578c31e47bf88a2a7a366ac8b9234001ccecf0f7 |
Family | RemcosRAT |
(8)
Sender ip | 45.137.22.40 |
From | "=?UTF-8?B?Q28ub3BNYXJ0IE5oacOqdSBM4buZYy1UUENO?=<[email protected]>" |
Subject | "=?UTF-8?B?5Zue5aSNOiBSZTogUkVRVUVTVCBEIE4gQ09QWQ==?=" |
Attachment | "D N invoice CN2022.lzh" |
MD5 | 0e0abb0ff456680e0895ed28afb801e9 |
SHA256 | 0f3f589d07be141096cfcccc6f87880fcb941929da46617149c8960de43cfd54 |
Family | Formbook |
(9)
Sender ip | 2.58.149.14 |
From | |
Subject | "Quote order#098799" |
Attachment | "Quote order#098799.zip" |
MD5 | 6db311c2d77b745601c87f47259e7d34 |
SHA256 | 65fef0825244239ee368dc96574652ceb31452ba4916aacda68819c50aa7369e |
Family | Formbook |
(10)
Sender ip | 185.222.57.188 |
From | "Joshua Lebeau <[email protected]>" |
Subject | "REQUEST FOR QUOTATION (RFQ REF : R2100131410)" |
Attachment | "RFQ REF R2100131410.pdf.gz" |
MD5 | dcf00adfcfbc65c261a297ecef2c6556 |
SHA256 | f1336ed5605c9ec187b28a30d0d07aba63d2338657c2e73adafa29772a29f28e |
Family | SnakeKeylogger |
(11)
Sender ip | 159.65.71.104 |
From | "Deena Sarala<[email protected]>" |
Subject | "REQUEST FOR QUOTATION Ref. # IRQ/21/07797" |
Attachment | "IRQ2107797_pdf.rar" |
MD5 | b745c521f8696b166f23f5c35c8826fd |
SHA256 | c79d18cbcb3d8173a566953d17d6b9de45677be87bc580e234e6767488f096a5 |
Family | Formbook |
(12)
Sender ip | 185.222.58.92 |
From | "HSBC Advising Service <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[GLV124182676] / ACH credits / Customer Ref:[100000265388] / Second Party Ref:[KW05200000032220]" |
Attachment | "ScannerHSBC202204.gz" |
MD5 | 675902db4b9acd3973cfaca93f02c251 |
SHA256 | 55ac8b49ceea146e352895dce622a25121a8bf142614b3b8418e6b974da4a4d6 |
Family | Formbook |
((13)
Sender ip | 45.137.22.115 |
From | "Abhishek gpibicol<[email protected]>" |
Subject | "PO:- 4100357120 - Best Infrastructure Developers LLC ." |
Attachment | "Purchase Order_PDF________________________...iso" |
MD5 | 5d3d02334f5fb89ef50cfc36e122994b |
SHA256 | b3131c30b6304e5303203adc0a1788c88e7272764de6c8ef6fd3288379d3f911 |
Family | NanoCore |
(14)
Sender ip | 170.249.208.50 |
From | "SEB C.A.P TRADINGS <[email protected]>" |
Subject | "Attn. Request for Quotation " |
Attachment | "New Request For Quotation.img" |
MD5 | 952b234903e79da5603e408aac75e7da |
SHA256 | 5518370f0e69054b6ca919fdfb728ddd3899c83390287bd79e0f4e5677f64bb0 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip | 62.1.46.111 |
From | “Accounts Payable <[email protected]>" |
Subject | "Payment advice" |
Attachment | "Payment advice.xlsx" |
MD5 | a030edca5fbca4e76c74e427bb130df3 |
SHA256 | f5ded3866c2ac6e33a463579ac7c41d5b25bcda1e74ad51128c85aeafddd093c |
Family | Formbook |
(16)
Sender ip | 185.222.57.188 |
From | "Fanny Mendez <[email protected]>" |
Subject | "=?UTF-8?B?UkZRIE5ldyBPcmRlciAtIDU3bcKzIExQRyBTRU1JIFRSQUlMRVIgNyBOT1M=?=" |
Attachment | "New Order - 57m� LPG SEMI TRAILER 7 NOS.pdf.xxe" |
MD5 | e36b6dec73651e6ff8bb612a3074a883 |
SHA256 | 0507ba39db1b49b9dcd7b0b09d39b4f3e58ee0ed3ef3628d16d8b5b76ee8ffa9 |
Family | SnakeKeylogger |
(17)
Sender ip | 45.137.22.40 |
From | "Summary Jobin <[email protected]>" |
Subject | "=?UTF-8?B?5Zue5aSNOiBVcmdlbnQtcmVxdWVzdCBwYWtpbmcgbGlzdA==?=" |
Attachment | "paking list PO no. 4600033008.lzh" |
MD5 | 55092a2675740b05a0a58597546a435c |
SHA256 | c977407ce7f7662fb5914531ca9cce60acdeeeedced357c69f53bd1140fc0aa5 |
Family | Formbook |
(18)
Sender ip | 185.222.58.56 |
From | |
Subject | "FW RE: ORDER SHIPPED#" |
Attachment | "invoice 001.ZST" |
MD5 | c81247b1c508f04a740ab1576d8abebc |
SHA256 | 79dea8d357a2191b48ab647db9edf780578d67fdb674a8d3df3e1cf47788e832 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
Sender ip | 185.222.57.155 |
From | "Mohammad Mehedi Hasan <[email protected]>" |
Subject | "Shipping docs of 758 ctns hanger" |
Attachment | "Docs 758.zip" |
MD5 | 4468ebefd4e1f97f6b111d630023dd51 |
SHA256 | 8ebf14bda2a12fb9a08e7dce21c85f626978e6bc9ff6ceda5434097daeac744e |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
Sender ip | 185.222.57.237 |
From | "HSBC Advising Service" <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer Ref:[SSNSB TO #83849201]" |
Attachment | "HSBC Payment Advice Ref 6258729922_Pdf__.iso" |
MD5 | 84912056e36ace39daef5cacaf3d9644 |
SHA256 | 9671b342c3bb26a40af8c558dc4a85b5338330061db000e54100106f2fef74d1 |
Family | NanoCore |
(21)
Sender ip | 45.137.22.254 |
From | "Abdul Rahim" <[email protected]>" |
Subject | "RE: Payment" |
Attachment | "payment slip.zip" |
MD5 | c9876d2c6dd361347a67df92c531520d |
SHA256 | b4b6d0b62c5f96b10a29bc5d4c251682342b6d122f4572832f7d3ef8e6da45f9 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(22)
Sender ip | 180.214.238.36 |
From | |
Subject | "RE: Re: Statement of Account (SOA)" |
Attachment | "bank TT slip.rar" |
MD5 | 61e18df6e2bbb652b717d5b398c96a68 |
SHA256 | 7169a9ef698761785c152c9df7959b0006682343d17278c92a2982fe7ea81bf0 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(23)
Sender ip | 45.137.22.153 |
From | |
Subject | "RE: Confirm Invoice details for Payment" |
Attachment | "PI.r15" |
MD5 | e60d87c67253413fd6c98be5106c84f1 |
SHA256 | 4379def4cc2df6d9f9ff2cff2258f28c669cf77a86967276d4c409751d92d134 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
Sender ip | 45.137.22.153 |
From | |
Subject | "RE: Confirm Invoice details for Payment" |
Attachment | "PI.r15" |
MD5 | e60d87c67253413fd6c98be5106c84f1 |
SHA256 | 4379def4cc2df6d9f9ff2cff2258f28c669cf77a86967276d4c409751d92d134 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(25)
Sender ip | 45.9.168.117 |
From | "Sabrina Woon <[email protected]>" |
Subject | "PURCHASE ORDER = 62048-2 => 10,000 pcs RZK" |
Attachment | "NEW PO 62048-2.img" |
MD5 | 347d2062d9dfe4c87404183c4820c6aa |
SHA256 | d7d0621c3ff2101f0492523d4c6a6329ad3e573a7c90561405c6e5774447c454 |
Family | Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 4_4_2022