(1)
| Sender ip | 143.198.229.54 |
| From | |
| Subject | "PO - RFQ # 097663899 NEW ORDER" |
| Attachment | "PO-8372929.rar" |
| MD5 | 5a1fccf7150a84fb38627fffea46743c |
| SHA256 | b772003aa618473001ecb1689c3ccdef48d320ea11ea06249114452f02720e31 |
| Family | SnakeKeylogger |
(2)
| Sender ip | 93.189.43.36 |
| From | "DHL <[email protected]>" |
| Subject | "Updated information" |
| Attachment | "Invoice.xlsm" |
| MD5 | 37dddaca38ad99f97ee0855e6de00c17 |
| SHA256 | c177f507a8625a50fd3cbbe0cdd5f76947f9fb6a2872c0da80fcdf6a7a2ff31b |
| Family | Unknown |
(3)
| Sender ip | 104.168.144.215 |
| From | "orp-andamiosnorte.pw" <[email protected]>" |
| Subject | "Statement Of Account" |
| Attachment | "SOA #220953.rar" |
| MD5 | 31150b7160c3054cf207ae1258d06e6e |
| SHA256 | 762cbe6d920583c755fd36c6c4622802d70b71b642d032da308585f7847c3380 |
| Family | Formbook |
(4)
| Sender ip | 185.222.57.171 |
| From | "Mohannad Anis Azem (Admin Dept)" <[email protected]>" |
| Subject | "Re; Payment Confirmation " |
| Attachment | "Payment Slip.r00" |
| MD5 | 0cbb36e99c586414ee7ccca726a5cca1 |
| SHA256 | 1c425aba59d9eace9493b8b7efb6cf7f3c82263162f954f77479d663be9255ef |
| Family | SnakeKeylogger |
(5)
| Sender ip | 45.137.22.37 |
| From | "Saleem<[email protected]>" |
| Subject | "Bank Payment Details" |
| Attachment | "Bank Payment Details.lzh" |
| MD5 | 4a216619538529cc3b54e8e55fcdcbad |
| SHA256 | 71e3486d117a94cd96f40208c6f38981d1403d1374aca9c0449e2f0a9f20f534 |
| Family | Formbook |
(6)
| Sender ip | 45.137.22.37 |
| From | "Abdelmajid IJRHA<[email protected]>" |
| Subject | "Purchase Order 0060/2021" |
| Attachment | "Purchase Order.lzh" |
| MD5 | 60e727a946237b7ec51e4f38b8033013 |
| SHA256 | 75b2bb256f609bb8529f2b53f2abc183630950efdb105b327d4c958ab6a8b20b |
| Family | Formbook |
(7)
| Sender ip | 185.222.58.153 |
| From | "Interplex<[email protected]>" |
| Subject | "RE: INVOICE SC1289" |
| Attachment | "INVOICE SC1289.zip" |
| MD5 | 081c7f0993e65adeb2b72ce5fe878db0 |
| SHA256 | 3c3e4ab4c7f951f407783c91146c7233446440d28f6c6834a533b667178c4b3c |
| Family | SnakeKeylogger |
(8)
| Sender ip | 185.222.58.149 |
| From | "Chusui<[email protected]>" |
| Subject | "=?UTF-8?B?UkU6TkVXIFBPIEZST00gQUxBTlRFQ0ggQ08uLExURCBRVFRZIChQTyM3QTY4RDIwKcKg?=" |
| Attachment | "PURCHASE LIST.zip" |
| MD5 | 5cf71283955d596551a1780b2f67c287 |
| SHA256 | 478b5d9549a07c23815c5559f7cb39cab965b91977eaa46c0d56483b411669ce |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
| Sender ip | 193.56.29.192 |
| From | "Miguel Cordoba <[email protected]>" |
| Subject | "Enquiry (BVHEI2021/2505-02)CLOSING28/5/2021" |
| Attachment | "RFQ-BVHEI2021.xlsx" |
| MD5 | 750056c758ce9628cbe2a39d018264dd |
| SHA256 | a924bd7239e5c95f3116a195b5b34b733dcdbbcdd65d91465fc0d822dae1c8ac |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
| Sender ip | 195.201.227.104 |
| From | "Morello <[email protected]>" |
| Subject | "New order PO#1088063401" |
| Attachment | "New order PO#1088063401.zip" |
| MD5 | 749fd3506c5c5b5c278210063fa3ba78 |
| SHA256 | 65a752436f875975229ce6ff0e7c224090f86138c04c0b119f0cc8180befdbb1 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
| Sender ip | 103.232.53.200 |
| From | "Catherine Liu" <[email protected]>" |
| Subject | "FW: Proof Of Payment" |
| Attachment | "TT Swif_66E3563653553_PDF_.uu" |
| MD5 | 2b70f4aebb96864780b33a6d78b199be |
| SHA256 | fd0173c1edaf0c1b01c63e63f75c1ec1efdbe9f939d485864f90e4bd1503888b |
| Family | Matiex |
(12)
| Sender ip | 195.133.40.234 |
| From | "HSBC Advising Service <[email protected]>" |
| Subject | "Payment Advice - Advice Ref:[GLVB15894514] / ACH credits / Customer Ref:[JB11068847] /Second Party Ref:[286625-P] " |
| Attachment | "COMPANY LETTER.zip" |
| MD5 | c158b3b3431a93620c1977853c7d1b90 |
| SHA256 | 52876c02626b9fd25fdf3fc86b3178b68e3d1c04067bd39d9f88b94c1f7144ce |
| Family | Unknown |
(13)
| Sender ip | 185.222.57.135 |
| From | "Terence So <[email protected]>" |
| Subject | "Re: PO 2020208" |
| Attachment | "INVOICE.gz" |
| MD5 | 5429336e843b50dc3b968f0e29e41774 |
| SHA256 | baab27475406e896cf4ee9bb81edef9026a3080366d75b5035b0341607cd84d2 |
| Family | Formbook |
(14)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "RFQ: Request For Price List and FOB To Lebanon." |
| Attachment | "RFQ PRICE LIST FOR LEABANON 8938920993.gz" |
| MD5 | 6648f77b01198f4fc07899039ebdb6fe |
| SHA256 | dad4919aa346d287d13960834c9267519427045ff3358eb43dae4d9669954570 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
| Sender ip | 185.222.58.149 |
| From | "Chusui<[email protected]>" |
| Subject | "=?UTF-8?B?UkU6TkVXIFBPIEZST00gQUxBTlRFQ0ggQ08uLExURCBRVFRZIChQTyM3QTY4RDIwKcKg?=" |
| Attachment | "PURCHASE LIST.zip" |
| MD5 | 54f35da53283811fdaa7dd3136afef10 |
| SHA256 | 6bd86882d42b0a615a2d9a2ff8591a10efd31db0182097c17b1731658df296ce |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
| Sender ip | 103.125.190.80 |
| From | "HSBC Advising Service <[email protected]>" |
| Subject | "Payment Advice - Advice Ref:[GLV410796721] / Priority payment / Customer Ref:[2000000559]" |
| Attachment | "Payment_Advice.zip" |
| MD5 | 9be2d1fe68c3e4489190a700fe4efbaf |
| SHA256 | 22f91fd6ef47d8e00f3846dc92310f13b8a0d036792685170bdab124efc1f280 |
| Family | Formbook |
(17)
| Sender ip | 159.65.154.225 |
| From | "Yvonne Milli <[email protected]>" |
| Subject | "RE: doc of Ningbo, china to CAMBODIA SIHANOUKVILLE-(NBEJ1910038A&B)" |
| Attachment | "print PO#6321023.docx" |
| MD5 | 3eb620f82132d7715cde30887fa24ed5 |
| SHA256 | 07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc |
| Family | Loki |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 4_6_2021