Phishing Attacks 23_7_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip |
185.222.57.75 |
From |
"Executive Operations
<pradeep@linexsolutions.com>" |
Subject |
"RE: Re AW: 45949 - Confirmation
Order 3886636 Open file." |
Attachment |
"PURCHASE ORDER-890003.r00" |
MD5 |
7d3a9e753d73e64f6593babb4a50f749 |
SHA256 |
72ae99647b3d5a4ea568cf9091544ca96bbab701e5e275e88b37eef3b98f51ce |
Family |
AgentTesla |
(2)
Sender ip |
103.139.44.91 |
From |
"info@siatigroup.com" |
Subject |
"Payment Proof for
PO-MPU702734" |
Attachment |
"MPU702734-pdf.gz" |
MD5 |
8cc223e6cc55de1d025e392e7010cc67 |
SHA256 |
4f35c50ec3a7099c8058d999c4c8756f0230dc9c68760b61156586031fe52db3 |
Family |
Unknown |
(3)
Sender ip |
103.139.44.91 |
From |
"import@fridja.com" |
Subject |
"RFQ PO-391SXF- URGENT " |
Attachment |
"391SXF-pdf.gz" |
MD5 |
4b9bca84a76b99a378984a901448e5aa |
SHA256 |
f3d652a1de146b29816ecbd82b3e3f012244c350f245f52bb0954ece786ad4dc |
Family |
Unknown |
(4)
Sender ip |
91.222.7.1 |
From |
"Dennis TradeGlobal
<Dennis_Tradeglobal@protonmail.com>" |
Subject |
"Fwd: Order Inquiry" |
Attachment |
"Order_Sample.png.img" |
MD5 |
04a77f3faec48eef1fab1f90d0c13ce9 |
SHA256 |
6bdd8c9323dfe3f3ce5d5c438f5062b22038e4642b6990125e06f9189d382e00 |
Family |
Unknown |
(5)
Sender ip |
103.114.106.156 |
From |
"overseas@haewon.net" |
Subject |
"Euro Payment Only//Revise Invoice
to Euro Currency//Provide Euro Bank Details" |
Attachment |
"Inv_7623980.r15" |
MD5 |
fc6affa7cd16c60dc547d3417142dbe4 |
SHA256 |
74895afae683396981f97ac9816f39ea4f0c0588355ea6e7696034aa1650d6f8 |
Family |
Unknown |
(6)
Sender ip |
185.222.57.72 |
From |
"ANZ Kiribati
<TransactiveAPEA.CGI@anz.com>" |
Subject |
"RE:TT Payment advice
P44898408970-1 from Australia and " |
Attachment |
"P44898408970-1.zip" |
MD5 |
0aa67c12db0e3ea16a183f2625b0b31d |
SHA256 |
4a919c78e17213d98f10f49a921bf41164e6206e63bc3cbe487092b078189a0a |
Family |
Unknown |
(7)
Sender ip |
185.222.57.72 |
From |
"David Ng
<customercare@omfreight.com.cn>" |
Subject |
"RECONFIRM BANK DETAILS FOR
PAYMENT" |
Attachment |
"BANK DETAILS.zip" |
MD5 |
d96806deb211163cce64cb6d8bfe76e1 |
SHA256 |
fe9a3933128b2954090c969682e654f1349ed093f45d4bd2e8546beff5497654 |
Family |
Unknown |
(8)
Sender ip |
185.222.57.72 |
From |
"Mohammad Rashedul
Alam<rashed@sumaco.ae>" |
Subject |
"Request to URGENT REQUIREMENT! (
Ref : 10M-86776)" |
Attachment |
"Ref 10M-86776.zip" |
MD5 |
569c5034055681e0b6fe61e6aed888d0 |
SHA256 |
8ed5b07f6059f515eb428156e40bf1e192ec7cfde40fa64d0938b7edea8fd3e9 |
Family |
Unknown |
(9)
Sender ip |
103.139.45.212 |
From |
"Irene
Chan<irene.chan@transcargo.com.my>" |
Subject |
"Payment Invoice" |
Attachment |
"Payment_invoice.zip" |
MD5 |
d3564945f7bca84c662520b8417d3b39 |
SHA256 |
a6bd7955c36addf2593f1fd2ec04ea6557db2e1e2af523ca750f5923116994c0 |
Family |
Unknown |
(10)
Sender ip |
45.137.22.75 |
From |
"Ravi
jaitly"<ravijaitly@dcmshriram.com>" |
Subject |
"Purchase Order 4110043899" |
Attachment |
"Released Order.r15" |
MD5 |
6c8eba98915a064fcad85ae98528877e |
SHA256 |
6dab315ebf0f7fee41c9a2377512f4d2a98b0e1c27cc6980324c0820fcf163df |
Family |
Unknown |
(11)
Sender ip |
172.93.164.220 |
From |
"Tana Medic
<sales@gki.com>" |
Subject |
"Items Description for
Quote" |
Attachment |
"DOC98374933_JULY2021.iso" |
MD5 |
c6c39101ee5c94dff00cd940617d0294 |
SHA256 |
9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a |
Family |
OskiStealer |
(12)
Sender ip |
172.93.164.220 |
From |
"Tana Medic
<sales@gki.com>" |
Subject |
"Items Description for
Quote" |
Attachment |
"DOC98374933_JULY2021.iso" |
MD5 |
c6c39101ee5c94dff00cd940617d0294 |
SHA256 |
9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a |
Family |
OskiStealer |
(13)
Sender ip |
185.222.57.75 |
From |
"Export Manager
<joshua.yu@titanos.com.cn>" |
Subject |
"RE: Re Forwarded Payment slip
Confirmation attached bill No. 2652-21-22O open attach file." |
Attachment |
"Payment slip.r00" |
MD5 |
b5b2779d4fbbac3dcfbd03397782e528 |
SHA256 |
ddade50a00b5a1e9b4c41b2d8f79be151b55e52a240378e2e2a10f4fca67d03f |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
40.107.67.64 |
From |
"Gagnon-Rolland, Marianne"
<gagnon-rolland.marianne@courrier.uqam.ca>" |
Subject |
"=?iso-8859-1?Q?TR_:_R=E9clamation_de_Gain?=" |
Attachment |
"Remise.docx" |
MD5 |
bf6840f282a788c22d47afa80c9f850a |
SHA256 |
e03772203fb29e8893bf4e0664c4bdd16b36177ee694cf9047e5d8251edeec40 |
Family |
Unknown |
(15)
Sender ip |
103.139.44.91 |
From |
"info@siatigroup.com" |
Subject |
"payment advice 10-06-21" |
Attachment |
"Swift-pdf.gz" |
MD5 |
af9bb5934be920668eb417cdb72f7148 |
SHA256 |
5c12f69c9907c35269bc9893b25c5440583167d7384d838c285bd97b8726337b |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
Sender ip |
185.222.58.104 |
From |
"Azarudeen<swapnil.m@rhsfreightkenya.com>" |
Subject |
"CARGO ARRIVAL NOTICE-MEDICOM
AWB:098-88679080" |
Attachment |
"CARGO ARRIVAL.lzh" |
MD5 |
ded00ce5f2d97d2c052322e83c814d20 |
SHA256 |
a0c5b8f728ee17e96b5e49b9ba5de873331dda3f5751efc0665d22b3491c6139 |
Family |
Unknown |
(17)
Sender ip |
45.137.22.75 |
From |
"aziz@technomechengg.com" |
Subject |
"RE: Payment Advice for SN
951606" |
Attachment |
"HSBc20210216B1.r15" |
MD5 |
e4a4399e36ec35372d36c2c3fc3b9da3 |
SHA256 |
00738e5877d85de04dce218a652c689db6ce03926ed4d27efaa2b9f2670e8739 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
Sender ip |
185.222.57.75 |
From |
"Export Manager
<joshua.yu@titanos.com.cn>" |
Subject |
"RE: Re: Re: AW: Ref No.46116-
Qoutation Inquiry download file." |
Attachment |
"Purchase Order-46116.r00" |
MD5 |
6dee8a69c588a2cb06e4e844ee92f3b3 |
SHA256 |
29eefeb71cbe62702ee8a28df21a8cff6a030a14f92583d9e1f3cd57600e316c |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
Sender ip |
203.124.11.93 |
From |
"Julius G. Ramas
<amywang@tatming.com>" |
Subject |
"QUOTATION REQUIRED" |
Attachment |
"QUOTATION.tar.gz" |
MD5 |
0343a4901e5c4cf535dedc473010a80f |
SHA256 |
9fff4cf47a6bc7a063864d90715f6edcb12ef9582106ab0e0dbf7e84cbae3b59 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
Sender ip |
185.222.57.72 |
From |
"Mohammad Rashedul
Alam<rashed@sumaco.ae>" |
Subject |
"Request to URGENT REQUIREMENT! (
Ref : 10M-86776)" |
Attachment |
: "Ref 10M-86776.zip" |
MD5 |
c223ea5319157c107c0f59f8120af147 |
SHA256 |
d5aaa5af1ffb58a3e7ac83653521b6d3d0f5dfb9f3be3b1b324482906c6e1346 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
Sender ip |
185.222.57.72 |
From |
"Caterina Rebora
<Caterina.Rebora@melia.com>" |
Subject |
"RE:Commission Payment Form
" |
Attachment |
"Payment Form.zip" |
MD5 |
b95574f0b21fb85e7d2dd96a0a026594 |
SHA256 |
c01f41a2f928c4e3b9bc4130e059095d87994146625fc71708c7bc85f5dae09a |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(22)
Sender ip |
45.137.22.38 |
From |
"Rayeez Raja"
<rayeez@atc.com.kw>" |
Subject |
"Second Invoice Overdue
Notice" |
Attachment |
"Second Invoice Overdue
Notice.wim.tar" |
MD5 |
14169794d8615087d914881bb421566d |
SHA256 |
d2ef9477fd0faf7f5cbf4cba2c39301cf3b3081b4f392083d21eac2555377f1c |
Family |
SnakeKeylogger |
(23)
Sender ip |
37.0.11.194 |
From |
"jessica<Armstron@nomatek.fo>" |
Subject |
"Deposit slip." |
Attachment |
"Deposit slip.arj" |
MD5 |
6d58e3e81fb649bc2590291075f4527b |
SHA256 |
35b7180a93ebdc908cd25c04511e9761497d046422dbb3b5f1cd0627c0fc9b47 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
Sender ip |
195.58.39.197 |
From |
"Svetlana
Hristenko"<fayeconquest@gmail.com>" |
Subject |
"Re: ORDER." |
Attachment |
"ORDER407-395.ace" |
MD5 |
c002fb890ed879bfc9919b22f50bf764 |
SHA256 |
aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b |
Family |
NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(25)
Sender ip |
45.35.196.153 |
From |
"BEIJING GUANGHUA TIMES CO.LTD
<roger@bjghtimes.com>" |
Subject |
"Sales Contract & PO
NO-00234517BE/2021" |
Attachment |
"doc-00234517BE.iso" |
MD5 |
4b4b1585fe76a888eda17c40fb163e53 |
SHA256 |
11b09cc2d87dc87734ea25e219603fd0fc0b789b4605e4aeb56787f2a76d4e68 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment