Phishing Attacks 8_7_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

81.21.70.244

From

"DHL Express <consignments-notification@dhl.com>"

Subject

"DHL NOTIFICATION FOR INCOMING SHIPMENT"

Attachment

"RECEIPT_PDF.rar"

MD5

8967303a26ace15f02a40e2f69145af7

SHA256

103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb

Family

AZORult

 

(2)

Sender ip

2.57.238.16

From

"=?UTF-8?B?ICJOYWtpYiBSw7x5YSI=?= <info@taca.com.tr>"

Subject

"urs.lustenberger@lgpartner.ch RE:Provide a P/I for the order 20210407DTR001"

Attachment

"PI for the order 20210407DTR001.pdf.gz"

MD5

c181ba6cb1c91cb6f025992900b7ca40

SHA256

d0b8f5b7841cfd9709c725f97edd025e8d1d4b4f319e6030b054ff510abe45d5

Family

Formbook

 

(3)

 

Sender ip

103.139.44.91

From

"Minnie Guan"<minnie@leesachb.com"

Subject

"RE : Statement of Account as at 30th June 2021"

Attachment

"SOA.rar"

MD5

5944322d5a322fd8c60a488718cf1505

SHA256

2f9686b28244779d9a9f3123949970b802dcd73f47565e67ec0807e588da1059

Family

Unknown

 


(4)

 

Sender ip

38.130.221.187

From

"Alexander <alex@exportv.ru>"

Subject

"NEW Order confirmation"

Attachment

"confirmation order.zip"

MD5

decaddfbbf93e2edfff5bd0d937f32a1

SHA256

05604b4cedb839ff5626885c9ea96754b50693f1553b0dfbf3b7d7b97cd15051

Family

SnakeKeylogger

 

(5)

Sender ip

185.222.57.89

From

"Sajeer Kanniyath<finance.sedra@rotana.com>"

Subject

"RE: BALANCE COMFIRMATION FOR 6TH JULY 2021"

Attachment

"TRANSFER VOUCHER.zip"

MD5

2321e7d29d63c404a2b94b1344f5cdc6

SHA256

f9930198476d841f38ec234cfbc8ea3796efb4bafd157fe6f51330cf940290b4

Family

SnakeKeylogger

 

(6)

Sender ip

92.52.218.101

From

"Ms. Ankita Shah" <purchase1@nikkainc.com>"

Subject

"PO1100368964"

Attachment

"PO1100368964.doc"

MD5

e4bb69b5261390d19f68f33fda55dc6f

SHA256

cf2b6f3184ef87cbe902b2263961405109650121bb047aa903569c353efe9029

Family

Unknown


(7)

Sender ip

185.227.111.123

From

"Tracey <me@hefangbm.com>"

Subject

"Tax Invoice IN101848"

Attachment

"Tax Invoice IN101848.PDF.z"

MD5

982071d911e9c57361bfdc172e5695ec

SHA256

eec4d64ea8a5fd4dc810a5d0e3c52e42035c2192c868bde45919a3709b884d23

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(8)

Sender ip

137.74.3.132

From

"arrivals_notice@dhl.com"

Subject

"NOTICE OF ARRIVAL"

Attachment

"DHL_PACKAGE_HD98232.pdf.001"

MD5

b97ef142d18371524053f1f302b2f195

SHA256

5777f5810423f9e0bc678ef97b0fef98a843d7e90e4257819850c0ef12ac8055

Family

RevCodeRAT


(9)

Sender ip

103.82.20.228

From

"Riza Calahat <effat.shaker@petrobel.org>"

Subject

"FW:RFQ No,E027-2021 -OIL / GAS -TOOLS"

Attachment

"RFQ No,E027-2021.rar"

MD5

0852be1a26f0f61cb23ed77715e2ae70

SHA256

33d861c6f0c18e263abde806f407b8f6383a57db8a7545509d980a1b3541e1ef

Family

SnakeKeylogger


(10)

Sender ip

185.222.57.89

From

"Murach Erik<info@aksainternational.com>"

Subject

"RE: Proforma Invoice 01/ VIAZ/ 1820"

Attachment

"Proforma Invoice 01 VIAZ 1820.zip"

MD5

5ffe18397007f599dda6736b1a713923

SHA256

c8a2aaa4c5612daa732211e05a737b71c918758cb9c65c7e9c8e8d24480c37ff

Family

SnakeKeylogge


(11)

Sender ip

212.60.13.5

From

"Cosco shipping specialized carriers<liuhs@coscol.com>"

Subject

"m/v da tong yun agency appointment for discharging operations"

Attachment

"Ships particular.rar"

MD5

4f7f9324e75de01aa60820a776fb25e2

SHA256

0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5

Family

Unknown


(12)

Sender ip

103.239.139.219

From

"russel <marcom@iecsindia.com>"

Subject

"Fulhamfc Cement Price Quotation DT List"

Attachment

"DT2252 BOS.gz"

MD5

614592789d56827fe664831674eb9650

SHA256

d56d36d121295266d17ff7570ca55fa3ed3840cc0667150b8a5412e4fdfb6508

Family

Unknown


(13)

Sender ip

162.144.199.237

From

"Lilian Yeung <Lilianyeung@savit.co.in>"

Subject

"Re:Re: Overdue payment receipt"

Attachment

"BANK TT COPY.iso"

MD5

5e991f063bf4e0faddbe9db42c7df98e

SHA256

8a88254008e213933c24ff5f10c2669d8c68847e76a00caf9c593fb536144fb9

Family

Formbook


(14)

Sender ip

103.232.55.10

From

"william.norenj@brenntag-asia.com <william.norenj@brenntag-asia.com>"

Subject

"PURCHASE ORDER-057 (K612 HYDRO HEATER STARCH)."

Attachment

"P.O.zip"

MD5

94bce03a40c993a6d5067231dc2c1d96

SHA256

98f4f35c5f870c316e3f49f45b88a690ac6a8a38554a56eafa6e78d2133c1e8b

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA



Comments

Popular posts from this blog

IOCs 7_8_2021

Phishing Attacks 3_3_2021

Phishing Attacks 23_4_2022