Phishing Attacks 11_7_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

212.60.13.5

From

"Cosco shipping specialized carriers<liuhs@coscol.com>"

Subject

"m/v da tong yun agency appointment for discharging operations"

Attachment

"Ships particular.rar"

MD5

4f7f9324e75de01aa60820a776fb25e2

SHA256

0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

103.239.139.219

From

"russel <marcom@iecsindia.com>"

Subject

"Fulhamfc Cement Price Quotation DT List"

Attachment

"DT2252 BOS.gz"

MD5

614592789d56827fe664831674eb9650

SHA256

d56d36d121295266d17ff7570ca55fa3ed3840cc0667150b8a5412e4fdfb6508

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(3)

 

Sender ip

162.144.199.237

From

"Lilian Yeung <Lilianyeung@savit.co.in>"

Subject

"Re:Re: Overdue payment receipt"

Attachment

"BANK TT COPY.iso"

MD5

5e991f063bf4e0faddbe9db42c7df98e

SHA256

8a88254008e213933c24ff5f10c2669d8c68847e76a00caf9c593fb536144fb9

Family

Formbook

 


(4)

 

Sender ip

103.232.55.10

From

"william.norenj@brenntag-asia.com <william.norenj@brenntag-asia.com>"

Subject

"PURCHASE ORDER-057 (K612 HYDRO HEATER STARCH)."

Attachment

"P.O.zip"

MD5

94bce03a40c993a6d5067231dc2c1d96

SHA256

98f4f35c5f870c316e3f49f45b88a690ac6a8a38554a56eafa6e78d2133c1e8b

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(5)

Sender ip

104.168.170.242

From

"CMS Payment Team"<dennis@longdat.pw>"

Subject

"Fri, 09 Jul 2021 06:13:00 -0700"

Subject: "Credit Notification"

Attachment

"Beneficiary_Details.zip"

MD5

3df8ccee70602c1e07a132133b28b5be

SHA256

925bae006f387d71926aae4caa329f74d8f7d63b2bdc979b4823c8481b4597cc

Family

Formbook

 

(6)

Sender ip

185.50.197.96

From

"John Chen <smtp-1nbxo@intokutravel.com>"

Subject

"9 Jul 2021 14:23:25 +0100"

Subject: "rfq Invoice"

Attachment

"Purchase OrderPDF.zip"

MD5

af98fb002c142d1dd59cc2c396c87ce9

SHA256

c74be4460e00af962d51e8bc1c9f0f57df1669b558993769afd621af94fc9ef6

Family

Formbook


(7)

Sender ip

103.155.80.90

From

"Purchasing Manager"<cheryl@acmelaser.cn>"

Subject

"Re:Re:Re: Additional New Order & Request for catalog and price list"

Attachment

"RFQ#20210709.ISO"

MD5

3f94090e74aa6b2866be9dac6414523f

SHA256

6605187766e50cfa608d95f9379a38d4b2e7933a74b50b6b56cac288846007bb

Family

Loki


(8)

Sender ip

103.155.80.90

From

"Purchasing Manager"<cheryl@acmelaser.cn>"

Subject

"Re:Re:Re: Additional New Order & Request for catalog and price list"

Attachment

"NEW ORDER.zip"

MD5

35b34ec6dfed891e23a4a63aec049e1c

SHA256

0375f45e25b7fca1f49141cd56cf164e09c43c210778b126e91b385d84961efc

Family

Loki

 

(9)

Sender ip

185.222.57.200

From

"Eng Mustansir Maimoonn <mgil0x01@gmail.com>"

Subject

"QUOTATION REQUIRED POTOMAC RFQ 201901959"

Attachment

"RFQ 201901959.gz"

MD5

ddd30de309a495fea943ef89dc765d2f

SHA256

e1ef065cd157c841b27258689c292a341b058e09cff7707ea3c8267bf17bcc6c

Family

SnakeKeylogger

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more