Phishing Attacks 30_7_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

202.55.132.5

From

"Julie Han" <FRANK.LUPU@lupufinancial.com>"

Subject

"RE: Invoice & Packing list For Sea Shipment"

Attachment

"Invoice & Packing list For Sea Shipment.iso"

MD5

cfe950b674ca05aa5724f225095fc8a4

SHA256

246909611827ef01c98ced2c15a219bad01d7011a67a73951471733ea1daa134

Family

Formbook

 

(2)

Sender ip

45.137.22.57

From

"Mark Andrew <sales@csl-group.com>"

Subject

"VM Accord, ORDER: TKHA-A88160011B"

Attachment

"VM Accord, ORDER TKHA-A88160011B.pdf.zip"

MD5

392fa485723aa7918db7b3101d1401e8

SHA256

df6ab43d89e380d7a43c64bfb7ee757a9d37647af7eff468f2dc539f25ee254e

Family

SnakeKeylogger

 

(3)

 

Sender ip

165.22.106.170

From

"Juan Tirado <viki@putues.de>"

Subject

"EFT-INV9873838 (Description Payment)"

Attachment

"Out-going Wire Confirmation!!!! 29072021.ppt"

MD5

84bf8928e67f5073047723334bcd8450

SHA256

50f81267312d2ee6a0d11886c37d1c26fe3ee364621d2872cf1c78dcef963171

Family

Unknwon

 

(4)

 

Sender ip

45.137.22.75

From

"umesh@alrabihtrading.com"

Subject

"RE: PAYMENT INSTRUCTIONS"

Attachment

"PAYMENT INSTRUCTIONS COPY.r00"

MD5

bf32e75153e858642e095012ce595dd2

SHA256

cc864620585ae172787de5e6741efd42ad78de1dfc8d30f878de5e3a6a946e4d

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

192.3.92.176

From

"Panchal, Hardik<info@mx-web.live>"

Subject

"RE: DN/PO/21/01237"

Attachment

"Purchase Order #01678_pdf.cab"

MD5

0085360e9f3c7a2fe97ac711a477fe11

SHA256

828166a252488c31b94ea6f10341be21ffc9f622737e98470c98ceec191ee1e8

Family

Formbook

 

(6)

Sender ip

77.247.110.225

From

"DHL EXPRESS<jerin.benjamin@dhl.com>"

Subject

"Consignment-Notification: You have a parcel"

Attachment

"Orignal Shipping document,pdf.r09"

MD5

9aa40f2922f208ed13b1b6ab468fbca5

SHA256

3e41e5dc3faee3045df1471650f0252eb581c7907614fa9f404000d2fbcc92e1

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

45.14.9.100

From

"Madiha Rasheed<madha@technogroupllc.com>"

Subject

"Request for quotation"

Attachment

"RFQ file_pdf.gz"

MD5

e499c6056afc8e822c936888061c0b4c

SHA256

c5c0c1dc1b82ded99f843bdce1ab3d44bff352bcdd6c934afe80577474738a43

Family

Loki

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more