Phishing Attacks 1_7_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip |
185.222.57.72 |
From |
"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>" |
Subject |
"RE: Statement Of Account" |
Attachment |
"UPDATED S O A.zip" |
MD5 |
cce761a6801c7b93374efc6fac094941 |
SHA256 |
ea1cdd93670b588f9719c7ecf883586b1f393cf3f84e61ec8502ca9ee327716e |
Family |
AgentTesla |
(2)
Sender ip |
185.222.57.72 |
From |
"Feng Cun
<pur2@longmax.com.hk>" |
Subject |
"RE:MCL002----PO21AC060366" |
Attachment |
"NEW P O.zip" |
MD5 |
aa98d531ce212240609e4c8f7d67618e |
SHA256 |
454632ee1aa7b7ceb476c32bdfe1b27b054ffa0d8888c848cfd68db6c2bc4127 |
Family |
AgentTesla |
(3)
Sender ip |
103.155.80.90 |
From |
"sales3@chinasauna.com" |
Subject |
"Re: RFQ ** REVISED ORDER **
PR.NO. 19143383 FP3 IDEA ADDITIONAL PRICE" |
Attachment |
"Revised Order.iso" |
MD5 |
24a7897ab472bd1228a67a4a0bb6a1bd |
SHA256 |
b232686d3a03aba48288942b91ad3b20107000e4e615816313f0a30dd9ba565a |
Family |
Loki |
(4)
Sender ip |
185.222.57.72 |
From |
"=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>" |
Subject |
"RE: Statement Of Account" |
Attachment |
"UPDATED S O A.zip" |
MD5 |
412ac4cc715154005ba87bd65f9c90e1 |
SHA256 |
62a92f05c0c46b08df2a5a225912f93c502a359c7f4d468f3293da049c827ade |
Family |
AgentTesla |
(5)
Sender ip |
193.56.29.119 |
From |
"rubberex@rubberex.com.my" |
Subject |
"Rubberex Request For
Quotation" |
Attachment |
"RFQ 55140 ER.doc" |
MD5 |
76a265a20e8788bb3798312d8ebb3638 |
SHA256 |
497a977375495ac590ee1ca2d037bb06e25ace568747f8b9b5e1593a8d447865 |
Family |
Formbook |
(6)
Sender ip |
172.96.137.110 |
From |
"China Express
<5dhl_noreply@dhl.com>" |
Subject |
"=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzcyNTc5NCk=?=" |
Attachment |
"7723421.zip" |
MD5 |
7cc2c3ea3bce329eb9f31f36e24ffcf9 |
SHA256 |
764fa32bea940317cac43cb18365056eeec420673281f3585d3068e5e249c82d |
Family |
Formbook |
(7)
Sender ip |
185.222.57.72 |
From |
"Feng Cun
<pur2@longmax.com.hk>" |
Subject |
"RE:MCL002----PO21AC060366" |
Attachment |
"NEW P O.zip" |
MD5 |
130e6f99e95553fea7197f08ce1c9621 |
SHA256 |
c5398c5cfee92e6d601874b13643b6fc7c734ddac76c8b698af42686c26ce9d3 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip |
172.96.137.110 |
From |
"Sar"<s.zennar@omn.it>" |
Subject |
"Confirm Payment Account" |
Attachment |
"Incorrect Pi.zip" |
MD5 |
251562b9a01a39aabaa6e90b388db3de |
SHA256 |
5bac5e555b8504bcd9e0cfc48e89c6ab0f9c3f1faa30996a4341893a911ee613 |
Family |
Formbook |
(9)
Sender ip |
185.222.57.226 |
From |
"DHL
Express<Financial@lgepartner.com>" |
Subject |
"DHL BILL OF LADING SHIPPING
INVOICE DOCUMENTS" |
Attachment |
"DHL INVOICE SHIPPING
DOCUMENTS.z" |
MD5 |
91e19793d621a7151e14bb8001bd400f |
SHA256 |
4a8f832dad98a98642890cfddb2efa7b599705fc170fbcca69c92dfc4240fc3c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip |
92.52.218.101 |
From |
"Ivyn
<RuiXin_Hau@takasago.com>" |
Subject |
"New Order" |
Attachment |
"new Order.doc" |
MD5 |
e878302e18fbbf24520dbad1f2105a60 |
SHA256 |
e78c379150f1d1dbb3f655d2df110a160462ee3f6a8c9fa73a1ba9f0e65f0907 |
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(11)
Sender ip |
185.222.58.104 |
From |
"Barbara Liu <
liuli7748@sina.com>" |
Subject |
"New Order " |
Attachment |
"New Order 84731.lzh" |
MD5 |
934cc31f3d71af4979e61eac8f4ce05d |
SHA256 |
0d74ba8f9637e7c33a66d7cb6a3dbea81267c8aeedeaa08efe8785300b0e81b7 |
Family |
Unknown |
(12)
Sender ip |
185.222.57.233 |
From |
"Ibrahim BA Hashwan
<sarstedt@teosat.pl>" |
Subject |
"Urgent Tender RFQ 18757 FOR
CPUW-1022601" |
Attachment |
"RFQ 18757_Pdf_________.iso" |
MD5 |
86492f609c56774ba638f7d69783a3c2 |
SHA256 |
9ff203c1fe2e11952de2655d7e830a1d59b87ceedc39cfe6fe2420be49f99bae |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip |
193.142.59.37 |
From |
"Info
<voliveira@adecoagro.com>" |
Subject |
"Business Enquiry #2570" |
Attachment |
"Scanned Document.doc" |
MD5 |
55792544ad840eaa0fdbe5cc04683529 |
SHA256 |
f0fbd7ed1921ad8c47a0b91b32487d4cdeb7bd72ea54f49434ff91da0273e31c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
103.82.21.233 |
From |
"Led Farm Pty Ltd
<admin@ledfarm.online>" |
Subject |
"RFQ No49958 Led Farm Pty. Ltd
New Order" |
Attachment |
"RFQ No49958 Led Farm Pty. Ltd
New Order.PDF.zip" |
MD5 |
5370fe8061601f28ddce092bfb2a33dd |
SHA256 |
a00680f547b2155b2e24d09bdd49e74b38a7883a13e47553662fb657e42cf007 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip |
185.222.58.104 |
From |
"Barbara Liu
<service@ehang.com>" |
Subject |
"New Order 010" |
Attachment |
"NEW ORDER 010.lzh" |
MD5 |
0f65290ae96097510511d905c02bf675 |
SHA256 |
17b5d075ed67fda41b5b7ca7f53bab58d82872e678293f0697ed68e342be831c |
Family |
Unknown |
(16)
Sender ip |
45.137.22.110 |
From |
"purchase@dryfleet.com" |
Subject |
"RE: Reconfirm Bank Details" |
Attachment |
"payment.r00" |
MD5 |
5362533a4f03ac9da822c2d5e27b6614 |
SHA256 |
c03770bf3487e4fcb8e642b98a14fca264cab11fb8da17502928e1f59eba6d68 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip |
185.222.58.104 |
From |
"Luthra associates
<info@luthraassociates.in>" |
Subject |
"Please send us your quotation
for BK Vision" |
Attachment |
"infjgd7371.lzh" |
MD5 |
d54260950af9e1ee49beaa697ad81858 |
SHA256 |
5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b |
Family |
Unknown |
(18)
Sender ip |
185.222.58.104 |
From |
"Luthra associates
<info@luthraassociates.in>" |
Subject |
"Please send us your quotation
for BK Vision" |
Attachment |
"infjgd7371.lzh" |
MD5 |
d54260950af9e1ee49beaa697ad81858 |
SHA256 |
5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b |
Family |
Unknown |
(19)
Sender ip |
103.155.80.90 |
From |
"Regional
Manager<rst12@dimco.eu>" |
Subject |
"RE_RFQ-2021-QPE-Q63440093-0001_//PICTURES_A-5555-1239_&IMG." |
Attachment |
"RFQ01072021.iso" |
MD5 |
ad98537a1796949ef413cba82662ae33 |
SHA256 |
f33c5ab923663af6614c346e1691e7cc30f0c2c1afed05efd6f7beacd096a166 |
Family |
Loki |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment