Phishing Attacks 8_7_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip |
81.21.70.244 |
From |
"DHL Express
<consignments-notification@dhl.com>" |
Subject |
"DHL NOTIFICATION FOR INCOMING
SHIPMENT" |
Attachment |
"RECEIPT_PDF.rar" |
MD5 |
8967303a26ace15f02a40e2f69145af7 |
SHA256 |
103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb |
Family |
AZORult |
(2)
Sender ip |
2.57.238.16 |
From |
"=?UTF-8?B?ICJOYWtpYiBSw7x5YSI=?=
<info@taca.com.tr>" |
Subject |
"urs.lustenberger@lgpartner.ch
RE:Provide a P/I for the order 20210407DTR001" |
Attachment |
"PI for the order
20210407DTR001.pdf.gz" |
MD5 |
c181ba6cb1c91cb6f025992900b7ca40 |
SHA256 |
d0b8f5b7841cfd9709c725f97edd025e8d1d4b4f319e6030b054ff510abe45d5 |
Family |
Formbook |
(3)
Sender ip |
103.139.44.91 |
From |
"Minnie
Guan"<minnie@leesachb.com" |
Subject |
"RE : Statement of Account as at
30th June 2021" |
Attachment |
"SOA.rar" |
MD5 |
5944322d5a322fd8c60a488718cf1505 |
SHA256 |
2f9686b28244779d9a9f3123949970b802dcd73f47565e67ec0807e588da1059 |
Family |
Unknown |
(4)
Sender ip |
38.130.221.187 |
From |
"Alexander
<alex@exportv.ru>" |
Subject |
"NEW Order confirmation" |
Attachment |
"confirmation order.zip" |
MD5 |
decaddfbbf93e2edfff5bd0d937f32a1 |
SHA256 |
05604b4cedb839ff5626885c9ea96754b50693f1553b0dfbf3b7d7b97cd15051 |
Family |
SnakeKeylogger |
(5)
Sender ip |
185.222.57.89 |
From |
"Sajeer
Kanniyath<finance.sedra@rotana.com>" |
Subject |
"RE: BALANCE COMFIRMATION FOR 6TH
JULY 2021" |
Attachment |
"TRANSFER VOUCHER.zip" |
MD5 |
2321e7d29d63c404a2b94b1344f5cdc6 |
SHA256 |
f9930198476d841f38ec234cfbc8ea3796efb4bafd157fe6f51330cf940290b4 |
Family |
SnakeKeylogger |
(6)
Sender ip |
92.52.218.101 |
From |
"Ms. Ankita Shah"
<purchase1@nikkainc.com>" |
Subject |
"PO1100368964" |
Attachment |
"PO1100368964.doc" |
MD5 |
e4bb69b5261390d19f68f33fda55dc6f |
SHA256 |
cf2b6f3184ef87cbe902b2263961405109650121bb047aa903569c353efe9029 |
Family |
Unknown |
(7)
Sender ip |
185.227.111.123 |
From |
"Tracey
<me@hefangbm.com>" |
Subject |
"Tax Invoice IN101848" |
Attachment |
"Tax Invoice IN101848.PDF.z" |
MD5 |
982071d911e9c57361bfdc172e5695ec |
SHA256 |
eec4d64ea8a5fd4dc810a5d0e3c52e42035c2192c868bde45919a3709b884d23 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
Sender ip |
137.74.3.132 |
From |
"arrivals_notice@dhl.com" |
Subject |
"NOTICE OF ARRIVAL" |
Attachment |
"DHL_PACKAGE_HD98232.pdf.001" |
MD5 |
b97ef142d18371524053f1f302b2f195 |
SHA256 |
5777f5810423f9e0bc678ef97b0fef98a843d7e90e4257819850c0ef12ac8055 |
Family |
RevCodeRAT |
(9)
Sender ip |
103.82.20.228 |
From |
"Riza Calahat
<effat.shaker@petrobel.org>" |
Subject |
"FW:RFQ No,E027-2021 -OIL / GAS
-TOOLS" |
Attachment |
"RFQ No,E027-2021.rar" |
MD5 |
0852be1a26f0f61cb23ed77715e2ae70 |
SHA256 |
33d861c6f0c18e263abde806f407b8f6383a57db8a7545509d980a1b3541e1ef |
Family |
SnakeKeylogger |
(10)
Sender ip |
185.222.57.89 |
From |
"Murach
Erik<info@aksainternational.com>" |
Subject |
"RE: Proforma Invoice 01/ VIAZ/
1820" |
Attachment |
"Proforma Invoice 01 VIAZ
1820.zip" |
MD5 |
5ffe18397007f599dda6736b1a713923 |
SHA256 |
c8a2aaa4c5612daa732211e05a737b71c918758cb9c65c7e9c8e8d24480c37ff |
Family |
SnakeKeylogge |
(11)
Sender ip |
212.60.13.5 |
From |
"Cosco shipping specialized
carriers<liuhs@coscol.com>" |
Subject |
"m/v da tong yun agency
appointment for discharging operations" |
Attachment |
"Ship�s particular.rar" |
MD5 |
4f7f9324e75de01aa60820a776fb25e2 |
SHA256 |
0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5 |
Family |
Unknown |
(12)
Sender ip |
103.239.139.219 |
From |
"russel
<marcom@iecsindia.com>" |
Subject |
"Fulhamfc Cement Price Quotation
DT List" |
Attachment |
"DT2252 BOS.gz" |
MD5 |
614592789d56827fe664831674eb9650 |
SHA256 |
d56d36d121295266d17ff7570ca55fa3ed3840cc0667150b8a5412e4fdfb6508 |
Family |
Unknown |
(13)
Sender ip |
162.144.199.237 |
From |
"Lilian Yeung
<Lilianyeung@savit.co.in>" |
Subject |
"Re:Re: Overdue payment
receipt" |
Attachment |
"BANK TT COPY.iso" |
MD5 |
5e991f063bf4e0faddbe9db42c7df98e |
SHA256 |
8a88254008e213933c24ff5f10c2669d8c68847e76a00caf9c593fb536144fb9 |
Family |
Formbook |
(14)
Sender ip |
103.232.55.10 |
From |
"william.norenj@brenntag-asia.com
<william.norenj@brenntag-asia.com>" |
Subject |
"PURCHASE ORDER-057 (K612 HYDRO
HEATER STARCH)." |
Attachment |
"P.O.zip" |
MD5 |
94bce03a40c993a6d5067231dc2c1d96 |
SHA256 |
98f4f35c5f870c316e3f49f45b88a690ac6a8a38554a56eafa6e78d2133c1e8b |
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment