Phishing Attacks 29_4_2021

 



(1)

Sender ip

185.222.58.152

From

"Account" <inginer@ecolux.md>"

Subject

"Statement of account -invoices No. 10132870"

Attachment

"DUE INVOICES.zip"

MD5

3402fa1649793be014907c9e7538cb90

SHA256

7fa3827e99f28c847cee92b9753e5978069868f9d7fc447c846bfbeafae43666

Family

AgentTesla

 


(2)

Sender ip

199.10.31.237

From

"Escribano@coscosh.com"

Subject

"PRODUCT CONFIRMATION REQUEST"

Attachment

"Sales order 191923.gz"

MD5

a1c19acee1b59ff6530dc5caadbcf356

SHA256

304b4c9957a518e5b1b765f84557372160266bf55a65963a1b7336ccdf34a084

Family

AgentTesla

 

(3)

 

Sender ip

103.133.105.111

From

"Jiangchuan Junguan <sales@sun-yuan.com>"

Subject

"NEW ORDER INQUIRY_B1020289"

Attachment

"NEW ORDER INQUIRY_B1020289.pdf.gz"

MD5

a24201e99541561a5ef93b54dfa8badd

SHA256

f94e98462af69853708dcc3e752dafeb42995ddb322741f3f958460a210c164c

Family

Formbook

 


(4)

 

Sender ip

203.159.80.162

From

"Mohammed Hanif <manager@gcacorperationllc.com>"

Subject

"(NGCP) Pipeline PROJECT - TA-725638 - DK-RH-HRDH - HEADER PLATFORM TYPE 1-16-47M_MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION"

Attachment

"NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM TYPE 1 16 47M MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION (2).zip"

MD5

3cc25b5305da49f00e7bfb3ba19caa1c

SHA256

32f8065d637ce4e96a8c56dd0a5a9f41fb8c443ffe913c69d2e422e304908c2c

Family

Unknown

 


(5)

Sender ip

185.222.58.152

From

"Account" <inginer@ecolux.md>"

Subject

"Statement of account"

Attachment

"SOA.zip"

MD5

b5155ad7c3debabeece655d1852095c4

SHA256

90c1d680a867af042eaf60ba32ab1a651ee270a3fbad7cf806681d6b74138d33

Family

AgentTesla

 

(6)

Sender ip

199.10.31.238

From

"ross.kohlbeck@amerhart.com"

Subject

"Re: RE: Request For PI"

Attachment

"Order Items.gz"

MD5

efd35f97c09fdcc7cc4114fab49a87b9

SHA256

40cec6cc82800698e57005753fa5bc7a379a64b3a3ed15efc6ad357604edd7ea

Family

AgentTesla


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 24_3_2022

Image
If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 185.222.58.240 From "flocon acc" <accounts@flocon-industries.com>" Subject "Re: RE: RE: RE: RE: RE: RE: RE: Re: RE: RE: Purchase of Wire Cutting, Stripping and Twisting Machine" Attachment "Sales Contract Copy.TAR" MD5 40e05d66fa334f0e1595c1a6417fecab SHA256 c57086d514c801eaded5f2b6e02b21784c8154f1423693bc9c40454c6bb79d85 Family Formbook   (2) Sender ip 107.173.104.75 From "Yergazy Nurbekuly<info@highomeleds.com>" Subject "=?UTF-8?B?UmU6IFJFOiBBV1M6IG5ldyBvcmRlciAvUHJvZm9ybWEtSW52b2ljZSAvIE0vNDU2IOKAkyBNaWQgTWFyY2g=?=" Attachment
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z"
Read more

Phishing Attacks 13_11_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 185.222.58.154 From "Eric Fontes <sales@bsb.ie>" Subject "MV. PAN FORTUNE //Vale//30,000MT" Attachment "Purchase Order 30,000MT.rar" MD5 a04074b77c82e0fa2843fca4b8a1e414 SHA256 bda5add79e9e06801f579e8f7a249a3abf1a7d78ec56275c0ab5ffe8e97176ca Family GuLoader   (2) Sender ip 185.222.57.209 From "Ashwin Kumar.S <purchase5@spic.co.in>" Subject "New Request for Quotation 2000051165" Attachment "R F Q 2000051165.zip" MD5 661ed4aaf21f9dccb550f6b3bb1e3c65 SHA256 3c6ec9674570d6bae26b02e9de162d
Read more