Phishing Attacks 1_7_2021

 



If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course




(1)

Sender ip

185.222.57.72

From

"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>"

Subject

"RE: Statement Of Account"

Attachment

"UPDATED S O A.zip"

MD5

cce761a6801c7b93374efc6fac094941

SHA256

ea1cdd93670b588f9719c7ecf883586b1f393cf3f84e61ec8502ca9ee327716e

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

185.222.57.72

From

"Feng Cun <pur2@longmax.com.hk>"

Subject

"RE:MCL002----PO21AC060366"

Attachment

"NEW P O.zip"

MD5

aa98d531ce212240609e4c8f7d67618e

SHA256

454632ee1aa7b7ceb476c32bdfe1b27b054ffa0d8888c848cfd68db6c2bc4127

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

103.155.80.90

From

"sales3@chinasauna.com"

Subject

"Re: RFQ ** REVISED ORDER ** PR.NO. 19143383 FP3 IDEA ADDITIONAL PRICE"

Attachment

"Revised Order.iso"

MD5

24a7897ab472bd1228a67a4a0bb6a1bd

SHA256

b232686d3a03aba48288942b91ad3b20107000e4e615816313f0a30dd9ba565a

Family

Loki

 


(4)

 

Sender ip

185.222.57.72

From

"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>"

Subject

"RE: Statement Of Account"

Attachment

"UPDATED S O A.zip"

MD5

412ac4cc715154005ba87bd65f9c90e1

SHA256

62a92f05c0c46b08df2a5a225912f93c502a359c7f4d468f3293da049c827ade

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(5)

Sender ip

193.56.29.119

From

"rubberex@rubberex.com.my"

Subject

"Rubberex Request For Quotation"

Attachment

"RFQ 55140 ER.doc"

MD5

76a265a20e8788bb3798312d8ebb3638

SHA256

497a977375495ac590ee1ca2d037bb06e25ace568747f8b9b5e1593a8d447865

Family

Formbook

 

(6)

Sender ip

172.96.137.110

From

"China Express <5dhl_noreply@dhl.com>"

Subject

"=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzcyNTc5NCk=?="

Attachment

"7723421.zip"

MD5

7cc2c3ea3bce329eb9f31f36e24ffcf9

SHA256

764fa32bea940317cac43cb18365056eeec420673281f3585d3068e5e249c82d

Family

Formbook


(7)

Sender ip

185.222.57.72

From

"Feng Cun <pur2@longmax.com.hk>"

Subject

"RE:MCL002----PO21AC060366"

Attachment

"NEW P O.zip"

MD5

130e6f99e95553fea7197f08ce1c9621

SHA256

c5398c5cfee92e6d601874b13643b6fc7c734ddac76c8b698af42686c26ce9d3

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

172.96.137.110

From

"Sar"<s.zennar@omn.it>"

Subject

"Confirm Payment Account"

Attachment

"Incorrect Pi.zip"

MD5

251562b9a01a39aabaa6e90b388db3de

SHA256

5bac5e555b8504bcd9e0cfc48e89c6ab0f9c3f1faa30996a4341893a911ee613

Family

Formbook


(9)

Sender ip

185.222.57.226

From

"DHL Express<Financial@lgepartner.com>"

Subject

"DHL BILL OF LADING SHIPPING INVOICE DOCUMENTS"

Attachment

"DHL INVOICE SHIPPING DOCUMENTS.z"

MD5

91e19793d621a7151e14bb8001bd400f

SHA256

4a8f832dad98a98642890cfddb2efa7b599705fc170fbcca69c92dfc4240fc3c

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(10)

Sender ip

92.52.218.101

From

"Ivyn <RuiXin_Hau@takasago.com>"

Subject

"New Order"

Attachment

"new Order.doc"

MD5

e878302e18fbbf24520dbad1f2105a60

SHA256

e78c379150f1d1dbb3f655d2df110a160462ee3f6a8c9fa73a1ba9f0e65f0907

Family

NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore.. 

(11)

Sender ip

185.222.58.104

From

"Barbara Liu < liuli7748@sina.com>"

Subject

"New Order "

Attachment

"New Order 84731.lzh"

MD5

934cc31f3d71af4979e61eac8f4ce05d

SHA256

0d74ba8f9637e7c33a66d7cb6a3dbea81267c8aeedeaa08efe8785300b0e81b7

Family

Unknown


(12)

Sender ip

185.222.57.233

From

"Ibrahim BA Hashwan <sarstedt@teosat.pl>"

Subject

"Urgent Tender RFQ 18757 FOR CPUW-1022601"

Attachment

"RFQ 18757_Pdf_________.iso"

MD5

86492f609c56774ba638f7d69783a3c2

SHA256

9ff203c1fe2e11952de2655d7e830a1d59b87ceedc39cfe6fe2420be49f99bae

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(13)

Sender ip

193.142.59.37

From

"Info <voliveira@adecoagro.com>"

Subject

"Business Enquiry #2570"

Attachment

"Scanned Document.doc"

MD5

55792544ad840eaa0fdbe5cc04683529

SHA256

f0fbd7ed1921ad8c47a0b91b32487d4cdeb7bd72ea54f49434ff91da0273e31c

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

103.82.21.233

From

"Led Farm Pty Ltd <admin@ledfarm.online>"

Subject

"RFQ No49958 Led Farm Pty. Ltd New Order"

Attachment

"RFQ No49958 Led Farm Pty. Ltd New Order.PDF.zip"

MD5

5370fe8061601f28ddce092bfb2a33dd

SHA256

a00680f547b2155b2e24d09bdd49e74b38a7883a13e47553662fb657e42cf007

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

185.222.58.104

From

"Barbara Liu <service@ehang.com>"

Subject

"New Order 010"

Attachment

"NEW ORDER 010.lzh"

MD5

0f65290ae96097510511d905c02bf675

SHA256

17b5d075ed67fda41b5b7ca7f53bab58d82872e678293f0697ed68e342be831c

Family

Unknown


(16)

Sender ip

45.137.22.110

From

"purchase@dryfleet.com"

Subject

"RE: Reconfirm Bank Details"

Attachment

"payment.r00"

MD5

5362533a4f03ac9da822c2d5e27b6614

SHA256

c03770bf3487e4fcb8e642b98a14fca264cab11fb8da17502928e1f59eba6d68

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(17)

Sender ip

185.222.58.104

From

"Luthra associates <info@luthraassociates.in>"

Subject

"Please send us your quotation for BK Vision"

Attachment

"infjgd7371.lzh"

MD5

d54260950af9e1ee49beaa697ad81858

SHA256

5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b

Family

Unknown


(18)

Sender ip

185.222.58.104

From

"Luthra associates <info@luthraassociates.in>"

Subject

"Please send us your quotation for BK Vision"

Attachment

"infjgd7371.lzh"

MD5

d54260950af9e1ee49beaa697ad81858

SHA256

5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b

Family

Unknown


(19)

Sender ip

103.155.80.90

From

"Regional Manager<rst12@dimco.eu>"

Subject

"RE_RFQ-2021-QPE-Q63440093-0001_//PICTURES_A-5555-1239_&IMG."

Attachment

"RFQ01072021.iso"

MD5

ad98537a1796949ef413cba82662ae33

SHA256

f33c5ab923663af6614c346e1691e7cc30f0c2c1afed05efd6f7beacd096a166

Family

Loki



If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware