Phishing Attacks 5_6_2021

 





(1)

Sender ip

185.222.58.149

From

"Ms. Joyce Ji"<info@jcwsteel.com>"

Subject

"=?UTF-8?B?UmU6IHVwZGF0ZWQgU09BIGFzIG9mIHRvZGF5wqA=?="

Attachment

"SOA.zip"

MD5

48f052905ecb341dd62327b8a1e5bdfb

SHA256

c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(2)

Sender ip

45.137.22.37

From

"Mahsa Ghanbari<mahsa@dbritc.com>"

Subject

"=?UTF-8?B?5Zue5aSNOnBheW1lbnQ=?="

Attachment

"Payment.lzh"

MD5

ff9a0d5f14e8e7e2047598bd9a5c31e8

SHA256

14ac5b878eb9921c7b5c7254942d6ab0710cefb854903ccd9fc2eeabfabe3ced

Family

Formbook

 

(3)

 

Sender ip

199.10.31.237

From

"sales@mkepl.com"

Subject

"Please Treat As Urgent. RFQ: Request For Price List and FOB To Lebanon."

Attachment

"RFQ PRICE LIST FOR LEABANON 8938920993.gz"

MD5

77cb24d370aa5ba444145475e54c18e1

SHA256

c707123e3beed92fe4a4634c4226ec1311655e9b17130d5c68c1b2957408eb32

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

45.137.22.37

From

"Abdelmajid IJRHA<spreadsheets@forbes.com>"

Subject

"Purchase Order 0060/2021"

Attachment

"Purchase Order.lzh"

MD5

2dd3723b9fabd34ceb136238aef1ae61

SHA256

049674fef8d2f0a5c42b8372d3ebf8a1dc5986a0a4376890882b32e3dbf58ead

Family

Formbook

 

(5)

Sender ip

185.222.58.149

From

"baylee.zhan<LVERMERSCH@dekeirel.com>"

Subject

"=?UTF-8?B?UkU6IEFTUMSwTMSwQyAtIExJTkNPIFNQQVJFIFBBUlRTIE9GRkVSIC0gQVdBIFRvcmJlbiBBLiAtIDIwMDc3MTYy?="

Attachment

"QUOTATION 062021.zip"

MD5

0ee9dcafb7793c4b51e10c99daca3a3e

SHA256

3457fde676690634562161d4ef48c07156196d72090b2f6f0a1ca7420991cf51

Family

Unknown

 

(6)

Sender ip

194.163.137.85

From

"Dhl Customer Support <mail@deliverylh.com>"

Subject

"Delivery Failed"

Attachment

"Attachment.iso"

MD5

1c5b945e98ccce2afda3a151177b32fd

SHA256

c6c2b5aa2eccb88adec7b239804cab89a7c81b432b6e9a2d74cbfc8626869247

Family

RemcosRAT


(7)

Sender ip

185.222.58.153

From

"Interplex<info@cz.interplex.com>"

Subject

"RE: INVOICE SC1289"

Attachment

"INVOICE SC1289.zip"

MD5

081c7f0993e65adeb2b72ce5fe878db0

SHA256

3c3e4ab4c7f951f407783c91146c7233446440d28f6c6834a533b667178c4b3c

Family

SnakeKeylogger


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH...
Read more

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z" ...
Read more

Phishing Attacks 15_12_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 37.0.10.173 From "Mona Bharti <m.bhart@frigel.com>" Subject "Purchase Order 1212200205_PR21220055" Attachment "Purchase Order 1212200205_PR21220055.zip" MD5 5e1c9b4e130a7a9bb68ed6e6f414ff20 SHA256 0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .          (2) Sender ip 45.137.22.181 From "ajay.katoch@unilever.com" Subject "RE: invoice & packing list for shipping order no. 411301" Attachment ...
Read more