Phishing Attacks 5_6_2021

 





(1)

Sender ip

185.222.58.149

From

"Ms. Joyce Ji"<info@jcwsteel.com>"

Subject

"=?UTF-8?B?UmU6IHVwZGF0ZWQgU09BIGFzIG9mIHRvZGF5wqA=?="

Attachment

"SOA.zip"

MD5

48f052905ecb341dd62327b8a1e5bdfb

SHA256

c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(2)

Sender ip

45.137.22.37

From

"Mahsa Ghanbari<mahsa@dbritc.com>"

Subject

"=?UTF-8?B?5Zue5aSNOnBheW1lbnQ=?="

Attachment

"Payment.lzh"

MD5

ff9a0d5f14e8e7e2047598bd9a5c31e8

SHA256

14ac5b878eb9921c7b5c7254942d6ab0710cefb854903ccd9fc2eeabfabe3ced

Family

Formbook

 

(3)

 

Sender ip

199.10.31.237

From

"sales@mkepl.com"

Subject

"Please Treat As Urgent. RFQ: Request For Price List and FOB To Lebanon."

Attachment

"RFQ PRICE LIST FOR LEABANON 8938920993.gz"

MD5

77cb24d370aa5ba444145475e54c18e1

SHA256

c707123e3beed92fe4a4634c4226ec1311655e9b17130d5c68c1b2957408eb32

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

45.137.22.37

From

"Abdelmajid IJRHA<spreadsheets@forbes.com>"

Subject

"Purchase Order 0060/2021"

Attachment

"Purchase Order.lzh"

MD5

2dd3723b9fabd34ceb136238aef1ae61

SHA256

049674fef8d2f0a5c42b8372d3ebf8a1dc5986a0a4376890882b32e3dbf58ead

Family

Formbook

 

(5)

Sender ip

185.222.58.149

From

"baylee.zhan<LVERMERSCH@dekeirel.com>"

Subject

"=?UTF-8?B?UkU6IEFTUMSwTMSwQyAtIExJTkNPIFNQQVJFIFBBUlRTIE9GRkVSIC0gQVdBIFRvcmJlbiBBLiAtIDIwMDc3MTYy?="

Attachment

"QUOTATION 062021.zip"

MD5

0ee9dcafb7793c4b51e10c99daca3a3e

SHA256

3457fde676690634562161d4ef48c07156196d72090b2f6f0a1ca7420991cf51

Family

Unknown

 

(6)

Sender ip

194.163.137.85

From

"Dhl Customer Support <mail@deliverylh.com>"

Subject

"Delivery Failed"

Attachment

"Attachment.iso"

MD5

1c5b945e98ccce2afda3a151177b32fd

SHA256

c6c2b5aa2eccb88adec7b239804cab89a7c81b432b6e9a2d74cbfc8626869247

Family

RemcosRAT


(7)

Sender ip

185.222.58.153

From

"Interplex<info@cz.interplex.com>"

Subject

"RE: INVOICE SC1289"

Attachment

"INVOICE SC1289.zip"

MD5

081c7f0993e65adeb2b72ce5fe878db0

SHA256

3c3e4ab4c7f951f407783c91146c7233446440d28f6c6834a533b667178c4b3c

Family

SnakeKeylogger


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more