Phishing Attacks 7_5_2021

MalBot · May 8, 2021, 1:30am

(1)

Sender ip	103.139.44.91
From	"SAM CHEN <[email protected]>"
Subject	"NEW ORDER #776483 "
Attachment	"NEW ORDER #776483 - Copy.rar"
MD5	4d7fd81ab316988becd9d10e520ced98
SHA256	7e124e2b43350542e69a9a40e9c2f66ec43b54e155e54744b3c1f8ae0a87e6ad
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(2)

Sender ip	31.210.21.71
From	"Filiga Lauama \| Finance Dept" <[email protected]>"
Subject	"RE: Re: PAYMENT ADVICE"
Attachment	"Payment Advice.ace"
MD5	9734315e8f21a21af680fa517d56deb0
SHA256	d8a3f997814712c60b6db89d30b8b9faf71be66a95afdb7c48685ff2124728bc
Family	OskiStealer

(3)

Sender ip	185.121.120.125
From	"Banca March <[email protected]>"
Subject	"ABONO FACTURAS-CONFIRMING BANCA MARCH"
Attachment	"Documento.xlsx"
MD5	f978cac45dfd04ded9c301c492d45c69
SHA256	372a5b41afc06f25c0c2a27b4bb1a362f4fb9772deb9ad996a7dfe4ad7bd96e3
Family	unknown

(4)

Sender ip	199.10.31.238
From	"Olavi Autio <[email protected]>"
Subject	"AW : New Business Opportunity"
Attachment	"New Order Requirement 2204.ace"
MD5	2b3ec0cd498878fd0e5de24a9a7d428a
SHA256	a2442bb8a9aeb8af98ccfb07ad9afd62bdbedeb942971a8644d63687dbb65490
Family	OskiStealer

(5)

Sender ip	103.133.106.100
From	"Sofien Ben JEMAA <[email protected]>"
Subject	"CHM invoice"
Attachment	"Scan 20210507_178854.zip"
MD5	6328e4ce2a827c2026aaaefbba470e9b
SHA256	cdc6f7d17ba04cf4b1f66126c1d8b7bb14cf6e7cf0d600fdfb92904262cd2fb5
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(6)

Sender ip	103.133.106.100
From	"Iris Chen <[email protected]>"
Subject	"Submission of Commission Invoice"
Attachment	"Commission Invoice.zip"
MD5	b7f346e08a59ff0612b9c42713b984bd
SHA256	4a46677d63fcd885bac9a1fd3aefc41a856dc527af989f116faf9c7435218e44
Family	SnakeKeylogger

(7)

Sender ip	45.137.22.149
From	"[email protected]"
Subject	"RE: SHIPPING DOCUMENT & PACKING LIST"
Attachment	"PMSHIPPING DOCUMENT & PL.r00"
MD5	8f1d3b0ef919775f563e4c6fe4cc2f91
SHA256	3f21c1dadbb99df098bc46b886abcd6d8e9d4093e9283f6bf9de185a2446dddf
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(8)

Sender ip	185.222.57.162
From	"Van Ryn Rubber Holdings<[email protected]>"
Subject	"RE: PRICE LIST OF OUR OFFER"
Attachment	"PRICE LIST.zip"
MD5	86d2c7008eb5dad31b77ed619b2c7e7b
SHA256	592f466fc7eed27d377915a732e30c9582cdc6d456bf58d87a1161fbbc494c7c
Family	AgentTesla

(9)

Sender ip	165.227.140.187
From	"<[email protected]>"
Subject	"DDP shipment /// MAWB # 607-20263025/HLSB01463 & HL260337100 \| Consignee:lgpartner.ch "
Attachment	"260337100 HBL.zip"
MD5	688fcf858494815d70acd0ecf3f01a28
SHA256	2e5457602d420ce29d96c2b95b566976c2315b4bd73db3a18264c177d4bab60a
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(10)

Sender ip	185.222.57.229
From	"[email protected]"
Subject	"RE: Confirm revised invoice to proceed with payment ASAP"
Attachment	"proforma invoice.zip"
MD5	f770038b37702193a086d66371832fbd
SHA256	6be43ab36faddafa332267ee763dd5b58fbe5e23d1a3a14e61f07c29c04647b1
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(11)

Sender ip	45.143.147.194
From	"=?UTF-8?B?Q2hyaXMgU2NoaXJtZXLCoA==?=<[email protected]>"
Subject	"RE:RFQ 11054 - REQUEST FOR QUOTATION"
Attachment	"RFQ 11054.pdf.zip"
MD5	67bfe027b60278a7c538e3cc5a7b5ab2
SHA256	48f60cae51e51d9eb76e65c8afacb3248ab8d6227d15028ebc9ab00a58b2d4fa
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(12)

Sender ip	103.133.106.100
From	"Tarek ABIDA <[email protected]>"
Subject	"Official VAT Bulletin"
Attachment	"VAT Bulletin.zip"
MD5	a6475073b162f05363ba4fd3d55dfa7b
SHA256	d2e6de2957b1309319e05496d6d0c4d9735150f86d0336a17dd6e2c07b127c02
Family	SnakeKeylogger

(13)

Sender ip	45.137.22.149
From	"[email protected]"
Subject	"RE: PAYMENT INSTRUCTIONS"
Attachment	"PAYMENT INSTRUCTIONS COPY.r00"
MD5	e158955e61b2f8d5d5534d55d255a52b
SHA256	fc3048b49f76549b9af326740510bca78205dd37b26f10378f5028f7db692485
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(14)

Sender ip	185.121.120.135
From	"Wang Wei <[email protected]>
Subject	"RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"
Attachment	"FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"
MD5	0b0c8900ce047f05c23052cd7ee3f80c
SHA256	e4f77717914eac20b42ac6886aa29d8ea14eb89829f9e8b6c9d4277a125f603e
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(15)

Sender ip	45.137.22.36
From	"<[email protected]>"
Subject	"Re: FW: Invoice"
Attachment	"[email protected]"
MD5	845e5449b1cbcda129921bc273b38955
SHA256	41e349119b9a1aebc063485f05b1110c7f4f6524560dff0dd7f2b832b544261b
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(16)

Sender ip	193.169.255.128
From	"Krrint Tradings LTD.<[email protected]>"
Subject	"Urgent Inquiry!"
Attachment	"oder mcdq.arj"
MD5	3ab2ef437054eab9c57e9b8bfb02f2d4
SHA256	85676ce2ff8483e0e6167360c33caf0e023e5d51d236eec49f35a5159787ed4d
Family	AveMariaRAT

(17)

Sender ip	103.139.44.91
From	"[email protected]"
Subject	"RFQ NEW PART FOR ED53224 (ETB _ PRO 2110 XP CNG )"
Attachment	"drawing of ED53224-pdf.gz"
MD5	2762a569b3d682b1933d7468a0aab14d
SHA256	dd45ca037db58414d7242293cbf0f3a6ff6cf31a03a364e6e322d85691092f63
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(18)

Sender ip	103.139.44.91
From	"[email protected]"
Subject	"RFQ NEW PART FOR ED53224 (ETB _ PRO 2110 XP CNG )"
Attachment	"drawing of Part No R5-892-pdf.gz"
MD5	6fc21917bcfe0f7fd9a6174f6cbd858e
SHA256	1b1d4d5e5d506d26803bfdfb9789b04d6b071bd8b8576e8351d2705b7c585619
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(19)

Sender ip	185.121.120.135
From	"Gerente de carga de DHL <[email protected]>"
Subject	"Nueva =?UTF-8?Q?notificaci=C3=B3n=20de=20env=C3=ADo=20de=20DHL=23?="
Attachment	"numero de referencia de los documentos de envio..gz....pdf"
MD5	ce47b6121ac5b0bdfee736a9981540df
SHA256	133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(20)

Sender ip	185.121.120.159
From	""Omar Baddar" <[email protected]>"
Subject	"RFQ-50236710-ETECSA"
Attachment	"IMG_6050_710_33.R03"
MD5	341f36724c7fd6d7fcf4b00bba88a56b
SHA256	ad4c6d70e83b368d4f060ade367c82584e002b80e6ec80e272d7da1300e3f91a
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(21)

Sender ip	31.210.20.242
From	"Veli <[email protected]>"
Subject	"RE: Proforma ve packing list "
Attachment	"Proforma+Packing list.r00"
MD5	8d0a647e7bcccf36b16840403183b95d
SHA256	6460588f6af7ee7a18cd7acd5c4cb451d9512aa4a14f8d09ee90da44bc82b5a9
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

(22)

Sender ip	45.143.147.194
From	"=?UTF-8?B?Q2hyaXMgU2NoaXJtZXLCoA==?=<[email protected]>"
Subject	"RE:RFQ 11054 - REQUEST FOR QUOTATION"
Attachment	"RFQ11054.pdf.rar"
MD5	e919b8869c063b9efd15de5d9e50c200
SHA256	eee3a79bdced476a47f4feda2dd96b587cdcaf3aa2394f3af5269ca1b01d40bf
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: Phishing Attacks 7_5_2021