Phishing Attacks 25_4_2021

 




(1)

Sender ip

45.137.22.94

From

"Fadi Tahboub <fadi.tahboub@rehau.com>"

Subject

Re: Shipmen

Attachment

"INV+PACKING LIST.gz"

MD5

39e343d80ab4d1e666174259ddace5cd

SHA256

e48f98656c4a21311cb99be0dc4066da0ff01bcce271339b60233945b7c8bb09

Family

Formbook

 


(2)

Sender ip

45.137.22.56

From

"Export department<Saludos@alkuhaimi.com>"

Subject

"Shipping documents"

Attachment

"shipping document PDF.7z"

MD5

c797fc48467257693a93b67c64ed2dcf

SHA256

85ce611551377829b136b41ca0e67aaf83a27cd616f39e524dbeb715bada4667

Family

Formbook

 

(3)

 

Sender ip

37.49.225.172

From

"abuse@enom.com"

Subject

"Purchase Order nr 49834"

Attachment

"Purchase Orde.pdf.r09"

MD5

c85fe498d24b0a589ecd3fea9fc2a163

SHA256

5eb4b586d432be9a5f9e26f10480ccfcb204ab1225b4d5852aae1c66c6ee2211

Family

AgentTesla

 

(4)

 

Sender ip

62.36.20.210

From

"Protect.DocuSign" <eperezmora@eresmas.com>"

Subject

"Please DocuSign. "

Attachment

"Documents_1344549788_1549269731.xls"

MD5

b410380eee2661e27e61ee04f278df0a

SHA256

8cd05deb5574997e63ba125d13fb3fbddbc1cbb41125102a2f6828f0f0e0bdb4

Family

SilentBuilder

 


(5)

Sender ip

45.143.147.194

From

"Annie Ayala (DHL)<Annie.Ayala@dhl.com>"

Subject

"Pre-Alert SEA,S2101467572, HBL# MNLA08005,MNL-PKG, lgpartner.c”

Attachment

"HBL# MNLA08005.zip"

MD5

13e4ebd118104aecc20af5ac544a4593

SHA256

d32d6337382ae655e091952291c03f13be611b859fe3cfacb18c803e964131e2

Family

Unknown

 

(6)

Sender ip

unknown

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


(7)

Sender ip

45.137.22.71

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


(8)

Sender ip

45.137.22.71

From

"Ahmed Akram <ahmed.akram@mediaminds.biz>"

Subject

"Re: Updated SOA"

Attachment

"SOA.gz"

MD5

6f376ceb23bf3cd21666a9682367c665

SHA256

c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842

Family

Formbook


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more