Phishing Attacks 26_4_2021

 



(1)

Sender ip

45.137.22.56

From

"Mike Yang<Yang@acgbahamas.com>"

Subject

"fwd: Re: outstanding invoices"

Attachment

"outstanding invoices pdf.7z"

MD5

07b4a4b24f0cfad258497c689a8a93fe

SHA256

0505d6f20405f635068b46f0adc82e65ea574da428e4b8fd256c64a9ecf237fe

Family

Formbook

 


(2)

Sender ip

185.222.57.157

From

"crew@morningbrew.com"

Subject

"RE: Invoice & Packing list for Approval (20-21/197)"

Attachment

"Invoice & Packing.r00"

MD5

21a70f72f2295a0485d7e0a5c8ada771

SHA256

cf65bb00d5f1fc805c74ccaa290027265bc293b07cfd58717948739fe7200dba

Family

AgentTesla

 

(3)

 

Sender ip

185.222.57.162

From

"Supriya M Rao<sandeep.more@wipro.com>"

Subject

"PO#5300008762. NEEDED URGENTLY"

Attachment

"PO#5300008762.zip"

MD5

232fa3693aad6d87354244a9898b1059

SHA256

229abf4d35db6de67ef6dbf60b79dc0f07f1e25a0b957ed5b7f26b17f16f82f4

Family

AgentTesla

 


(4)

 

Sender ip

103.89.91.93

From

"DHL Express Inc<contact@dhl.com>"

Subject

"DHL NOTICE OF ARRIVAL Reff:O/59548/178980"

Attachment

"DHL Receipt_pdf.gz"

MD5

7b094e768f6fa1a49b5c5004636d6759

SHA256

f99d20b93c7da8516997054bd7888d2584e69a9d6ca569a721d740a3e1a0a678

Family

Loki

 


(5)

Sender ip

45.137.22.71

From

"Probona Info <info@probona.com.tr>"

Subject

"New Order"

Attachment

"confirm this order and sign PI.gz"

MD5

299e8942daf3479234843c5327676e5e

SHA256

bc429aca6dcf6a9b2315f7cdf4465ceb8a4f5ded220c7c6ef2c6781d5d5dafc4

Family

Formbook

 

(6)

Sender ip

45.137.22.71

From

"Sanjoy Das Chowdhury <kconsourcing@gmail.com>"

Subject

"HSBC 6265( Box) - Payment proof"

Attachment

"HKHSBC1D23297029-T01 Payment proof.7z"

MD5

79eefcf4ce0ca0922e31005393d9b15d

SHA256

641c83fb32cfb7415be602df2b934059f88b340a956efcc95cbd74f9e76dfb33

Family

SnakeKeylogger


(6)

Sender ip

45.137.22.57

From

"yeevon.lim@asmlogistics.com.sg"

Subject

"Amended Purchhase Order Follow Up"

Attachment

"Amended Purchhase Order Follow Up.zip"

MD5

5e7b7e99854ec413703f910f53b82432

SHA256

6a699c86232d7e3a6173aed0357555ecd214ec1cea38884bc81289ce0610d6b9

Family

AgentTesla


(7)

Sender ip

185.222.58.156

From

"Sales <sales@nietco.ae>"

Subject

"RE: ENQUIRY NOVA/1181/04/26/JJ RFQ"

Attachment

"ENQUIRY-NOVA11810426JJ-RFQ.r00"

MD5

407a815448b1b8e42753d74c02aa09eb

SHA256

f5ec1341d631452ee16446197912ed2845475a2b6b902466a74ed544dd5a9be7

Family

SnakeKeylogger


(8)

Sender ip

165.227.239.191

From

"MAERSK LINE" <info@803.xorox.ga>"

Subject

"Maersk Booking Confirmation and Telex release"

Attachment

"Booking Confirmation.gz"

MD5

a3b9bdb7305ef28e933533bd6b87d8bf

SHA256

682dda0201be9106ffab1fc5c99adce763099cf29af848ccba7ac86971cbf1e3

Family

Loki


(9)

Sender ip

185.222.57.216

From

"trend@latrendexports.com"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(10)

Sender ip

185.222.57.216

From

"trend@latrendexports.com"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(11)

Sender ip

138.128.160.2

From

Charlotte Elijah <info@erapres.com.tr>

Subject

PROFORMA INVOICE#4902

Attachment

PROFORMA INVOICE#4902.pdf.zip

MD5

36a821d735296e196510d4372f4bad72

SHA256

f3bed53b374e76a80c611fed1383fda4a6c5eea0ede45cf6391bf2aa6cde9c37

Family

Unknown


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH...
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z" ...
Read more

Phishing Attacks 15_12_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 37.0.10.173 From "Mona Bharti <m.bhart@frigel.com>" Subject "Purchase Order 1212200205_PR21220055" Attachment "Purchase Order 1212200205_PR21220055.zip" MD5 5e1c9b4e130a7a9bb68ed6e6f414ff20 SHA256 0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .          (2) Sender ip 45.137.22.181 From "ajay.katoch@unilever.com" Subject "RE: invoice & packing list for shipping order no. 411301" Attachment ...
Read more