(1)
Sender ip | 45.143.147.194 |
From | "=?UTF-8?B?V2FuZyBHdW9ob25nwqA=?=<[email protected]>" |
Subject | "RE:Order Request " |
Attachment | "Order Request .pdf.rar" |
MD5 | a0368e558bc201b1d6a350d73977c90b |
SHA256 | 26deb225cdafe80b335918792324464ff199bbd5a1ed003359698f0c6179c3b2 |
Family | AgentTesla |
(2)
Sender ip | 34.214.167.131 |
From | |
Subject | "Required for new order" |
Attachment | "221121,pdf.gz" |
MD5 | f428ddb4537097b6879a2e9aba109a96 |
SHA256 | 3e64f5eda4ef09a85c23e63cd22d7aa3c066df59fb509dcafad4e1f8ab359a60 |
Family | AgentTesla |
(3)
Sender ip | 34.214.167.131 |
From | |
Subject | "Required for new order" |
Attachment | "New Order 2211,pdf.rar" |
MD5 | 2a1e1e190417126cf1fe1a8263b27a67 |
SHA256 | 213b80722c8d52212ea30fda42745d0fc58599b2821a1b474a416dec3af15fe6 |
Family | AgentTesla |
(4)
Sender ip | 35.163.189.64 |
From | |
Subject | "TNT Shipping Advise/Documents" |
Attachment | "Shipping Advise,pdf.rar" |
MD5 | 595818c4cc596f8596d6a96527a89739 |
SHA256 | c4f0bd99f04375a271f8888c51436d2a1b1722c90b3048d9b650a4afa31bb3a6 |
Family | AgentTesla |
(5)
Sender ip | 185.222.57.229 |
From | |
Subject | "RE: Confirm revised invoice to proceed with payment ASAP" |
Attachment | "PI.zip" |
MD5 | 284dd1c9fb125996740ecc4b22e60ace |
SHA256 | 7aeab882ca608569e540bbe1bfe252cedab140b11e364c903a74f9de9249a766 |
Family | AgentTesla |
(6)
Sender ip | 31.210.20.71 |
From | "COSCO SHIPPING SPECIALIZED CARRIERS CO., LTD"<[email protected]>" |
Subject | "AGENCY APPOINMENT / PDA REQUEST" |
Attachment | "SHIP�S PARTICULAR ,STOWAGE PLAN, CGO MANIFESTS, BLS.zip" |
MD5 | 86939ba71dc80c0dbe57c849f9b024d3 |
SHA256 | 43a462b16b2f19b11d18cc193f08e2a9f7882d5c2af3fa4960a1a65d77628cf4 |
Family | AgentTesla |
(7)
Sender ip | 198.244.135.246 |
From | "China DHL Express <[email protected]" |
Subject | "=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzQ3MjU3OTQ=?=" |
Attachment | "DHL_document11022020680908911.doc.zip" |
MD5 | dfbfbee3e80b0d958c30903bd7ddfa52 |
SHA256 | 76f00313f604d1158de7a5bdd8631e541e31ba3ba29082413a599db899b78041 |
Family | AgentTesla |
(8)
Sender ip | 199.10.31.238 |
From | "=?UTF-8?B?VE5UIEV4cHJlc3MgSU5Dwq4=?= <[email protected]>" |
Subject | "TNT CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc" |
Attachment | "Consignment Details_pdf.rar" |
MD5 | b4563d3be50c385f1761b0786b607520 |
SHA256 | 4b58992b26f47023772b4651fb523236b890894ac1fbafa7832ce0937b5fcfb0 |
Family | AgentTesla |
(9)
Sender ip | 199.10.31.237 |
From | "sales <[email protected]>" |
Subject | "UCLA PO# 1629NYB41200 - TED PELLA INC --- Quote# 40346" |
Attachment | "Quote# 40346.rar" |
MD5 | 94c23db7f44b472e45e0fc6235bff71a |
SHA256 | 71f1031f8d456492618aaa6edc187d4da9cfc670e336e3a3f10c841e922c71a6 |
Family | AgentTesla |
(10)
Sender ip | 5.226.138.58 |
From | "Suresh <[email protected]>" |
Subject | "SFO-BLR // 29.04.2021 //" |
Attachment | "HL-88352580 DOCAU BC ORIGINAL.zip" |
MD5 | 30d4d9d6684cfba270f93ceb10b4ddfc |
SHA256 | 94f0a89c535061581f27fbfd9707986e8434cb15d16dc3662edddf0569f6ea0e |
Family | AgentTesla |
(11)
Sender ip | 45.133.1.235 |
From | "Lan Kim - Jenny <[email protected]>" |
Subject | "RE: Shipping Docs//INV/PL/THS0094587" |
Attachment | "MSKU4460632.SHIPPING DOCS. AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT INVPLTHS0094587231.pdf.r15" |
MD5 | 574133d59bf0817ecebbaf50b128b3cf |
SHA256 | 1df6bbfc96ccb6690190aa435ddd38ef64249181e4c82d9a575960a7b047b1bf |
Family | AgentTesla |
(12)
Sender ip | 45.137.22.41 |
From | "Kang-woo Shin- International <[email protected]>" |
Subject | "RE: 2ND SHIPMENT FROM INDIA -- CLEARENCE FROM JEBEL ALI" |
Attachment | "2ND SHIPMENT FROM INDIA -- CLEARENCE FROM JEBEL Ali.Pdf.cab" |
MD5 | 3da84e6a1d1792de750a457bb846b376 |
SHA256 | c002c9e5e8b670aae88ed7e49e38317432a7ed3c9f26c8b75d1e91e44855e76f |
Family | Loki |
(13)
Sender ip | 172.93.165.155 |
From | "purchasing <[email protected]>" |
Subject | "Purchase Order sheet" |
Attachment | "purchase order sheet.zip" |
MD5 | 5a9452b7c34b20d751bd7b42c5b1552e |
SHA256 | b3e73527cd4d681bb873bb6511631515d3feb5659cfa57381746d9bc3c42e6af |
Family | AgentTesla |
(14)
Sender ip | 103.139.44.91 |
From | |
Subject | "Inquiry Reff: MSEL/H.Arm/280421" |
Attachment | "drawings-pdf.gz" |
MD5 | 40db126887fefa12fc5c9b0a6f4ad1ef |
SHA256 | bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0 |
Family | AgentTesla |
(15)
Sender ip | 172.93.166.27 |
From | "purchase manager <[email protected]>" |
Subject | "purchase order" |
Attachment | "po.zip" |
MD5 | 340f5b45b1c593b135facdaddbbc6ea9 |
SHA256 | b1466a7e6c0799809b9030b5886df9d1c4f1bfc400723a60b4453d439aafd9ed |
Family | AgentTesla |
(16)
Sender ip | 45.137.22.71 |
From | "Eby | Valtronics DWC <[email protected]>" |
Subject | "RE: Purchase Order-070/POR/044127" |
Attachment | "Purchase Order-070POR044127.r11" |
MD5 | d4e8a046510a7bc5b0773bca157df201 |
SHA256 | 62d55d20a1df423315c5d295e105983a484c691490acb709b9579aa246eadd52 |
Family | Formbook |
(17)
Sender ip | 45.137.22.71 |
From | "Probona Info <[email protected]>" |
Subject | "Acknowledgement Of Quotation Zhejiang Weigang Machinery Co., Ltd." |
Attachment | "Acknowledgement JMAX060708 订舱.7z" |
MD5 | 88125dbe8c15bd254962b8bbfa82df91 |
SHA256 | 756d0b7c72e13c2d4b4ff16010777c710e42a0a61e8667451cbf9b3bb05e7f2b |
Family | unknown |
(18)
Sender ip | 5.226.138.58 |
From | "Mazlan Abdulhamid <[email protected]>" |
Subject | "SHIPMENT WAIVER FOR BL DXB900944100-12X40 " |
Attachment | "HL-88352588 DOCAU BC ORIGINAL.zip" |
MD5 | 7f6315f0f9696e9c05836bc7f49989eb |
SHA256 | f819f70d0ee6f0cf79832d8afa5ec836c939354cfe7c1ee5a465d21bd7a2a558 |
Family | AgentTesla |
(19)
Sender ip | 31.210.21.71 |
From | "Filiga Lauama | Finance Dept" <[email protected]>" |
Subject | "RE: Re: PAYMENT ADVICE" |
Attachment | "Payment Advice.ace" |
MD5 | 8a0e218b840695f1e6e25932b1a4e9b6 |
SHA256 | 6430c8386fd933b29f0c267c42fcf227c4d0defc3061af984d5fda413ec38b55 |
Family | OskiStealer |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 5_5_2021