Phishing Attacks 7_8_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

40.107.237.80

From

"Cadence <cadenceh@thefirmadv.com>"

Subject

"Clarification-Tuesday"

Attachment

"a. Summary - MED014.docx"

MD5

d75a3f726d5b780c8f294a079902a32f

SHA256

32de2e309f6b794ef23b504cb8cabdb79a78984c7fc428c6722491c9b32d49cb

Family

Unknown

 


(2)

Sender ip

185.222.57.68

From

"shipingping <shipingping@kmfoil.com>"

Subject

"RE: SOA FOR JULY MONTH : Convergent Interfreight Co.,Ltd.- Thailand to Seashell Logistics - India"

Attachment

"SOA.zip"

MD5

2cd4216016be95674391ee01fb7469aa

SHA256

4b7c7ef8d00b24fb61bb332cdce16768544c0db09830e817942affe32f630e48

Family

Unknown

 

(3)

 

Sender ip

203.159.80.109

From

"Kesavapriya <Kesavapriya@hotmail.com>"

Subject

"New SOA Submission "

Attachment

"SLB SOA format.r01"

MD5

46d25e193b0fa8c66294eae90d6ba0a0

SHA256

8211def9e38f6488cc96851d5c572b9607e3dca6e33bd375ca99435f964ef94c

Family

Formbook

 


(4)

 

Sender ip

45.137.22.42

From

"Ar. Dan Paul O. Uch" <douchi@megaworld-lifestyle.com>"

Subject

"BOQ-DOU-2021-09-02"

Attachment

"BOQ-DOU-2021-09-02.bat.gz"

MD5

4956ceb3fed384172bbffe30997fc515

SHA256

eca5a099031d8e068b7ca0f30c48ba08f72fb018552e6b647ab67652a325fb9d

Family

NanoCore

 If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..

(5)

Sender ip

172.93.189.10

From

"Oficinatrujillo<oficinatrujillo@gebaudesac.com>"

Subject

"RE: RE: Returned payment-Shenzhen ISH Logistics usd21,283.26 value 8 AUG 021"

Attachment

"Scan copy 02186 pdf.zip"

MD5

5abc47059f05e8050a119814bf32a869

SHA256

b11276bad56047581b872ec6d0444a1ca1a6f69d30148388962237dbab0a4ec2

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

193.56.29.187

From

"adiv@adiv.cz"

Subject

"Request For Quotation RFQ-2201847"

Attachment

"RFQ-2201847.xlsx"

MD5

e0862470e5965e76ab37702c30096853

SHA256

7808a0341cfc13c07706366afcda3f3433d068ff1e8a9971a57a4700c691ac95

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

185.222.57.90

From

"sabari <admin2005@smcinfraoman.com>"

Subject

"RE: Enquiry OF Flange(0998 R1) ST PO:1805140"

Attachment

"(0998 R1) ST PO1805140.lzh"

MD5

cd614ee86b5661f86d0a7f2f089f3e8f

SHA256

b41d1ffbb8d7c2a870f77e24ae83e6b0b06eb01e0f93f30341d1731d052add08

Family

Formbook


(8)

Sender ip

41.76.171.77

From

"Mr Yan" <lmwangi@uwezo.go.ke>"

Subject

"RE : STATEMENT OF ACCOUNT"

Attachment

"Pending SOA.r00"

MD5

13cf23e91100291ebc26b409500ebd63

SHA256

c6448bb51093538570c2b7aac0eff02b4c0227991ed554b7db66256c2f151438

Family

Loki


(9)

Sender ip

185.222.58.146

From

"June.Wang(Ms. June Wang) <hkwxy@hmm21.com>"

Subject

"=?UTF-8?B?5a+56LSm5Y2VLeS8l+a6kC0=?="

Attachment

"ZYJY-2021010005.RXHT0021 .lzh"

MD5

08521f25f60c84cf0a69ee633b84ae52

SHA256

5a1642e79f3f7bf0d687a25b53588048a9ebaed6a7237a6f7dce35947e3063e0

Family

Formbook


(10)

Sender ip

185.222.58.146

From

"June.Wang(Ms. June Wang) <hkwxy@hmm21.com>"

Subject

"=?UTF-8?B?5a+56LSm5Y2VLeS8l+a6kC0=?="

Attachment

"ZYJY-2021010007.DBLF0445+446+441 美阳+纳翔辉+众源 2.lzh"

MD5

3a151754c2dabd64d43dadec97a51dc1

SHA256

bca3eddcd3c7c1f1354298508dc3643b4cb2f62e8bcdbb6cf87b6814c5db7e98

Family

SnakeKeylogger


(11)

Sender ip

209.85.216.48

From

"FCB UK." <barclaycustomercare644@gmail.com>"

Subject

"Payment From First Commercial Bank London."

Attachment

"Authorization Letter..doc"

MD5

e5a0a215ecfa2adce667dc6460829581

SHA256

40741d22b740ce06d607e5ee8e8ae8f55bef454bafb32cb51de5f13c47bb2846

Family

Unknown


(12)

Sender ip

23.237.123.66

From

"Helen He <mikeli@kingsunmachinery.com>"

Subject

"Quote needed asap"

Attachment

"LIST.KRT.zip"

MD5

b1bdc26944639f40a50b61a173b5fad1

SHA256

4406e3dc44f1ad394f993770c0307ee3cb97718ba09790643f6d0878ca931001

Family

Formbook

(13)

Sender ip

185.222.58.113

From

"Financial Manager<Financial@lgepartner.com>"

Subject

"Fwd: WG: Payment issue"

Attachment

"invoice.pdf.z"

MD5

29a8f786bc0ecf80d7bafa4217e1a224

SHA256

5410997bdd858dbc071239783ae1dbe6966fcde498dbdfaccd08999637d5ed6c

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

185.222.57.85

From

"sales1" <sales1@profdraft.com>"

Subject

"New Inquiry Urgent Order_01792PDF Line#17 DT.06.08.2021"

Attachment

"Order_01792PDF.7z"

MD5

cb12df7df3a989ec20e09dac707514aa

SHA256

373a53b647ab5622a66a237038ee06ed43018b970458c0af3589a7c0ce7e8247

Family

AgentTesla


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  
YouTube channel 


Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

AgentTesla Malware