Phishing Attacks 25_9_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip |
103.156.91.251 |
From |
"Kit Leung"
<Nick@pml-ltd.com>" |
Subject |
"RE: PO88224 || NEW ORDER" |
Attachment |
"NEW ORDER_PO88224.PDF.iso" |
MD5 |
8d62f8617a036d204233bbb5ecea97c9 |
SHA256 |
d31545790be2903d071f2355c74a10a0f250c7dd5f43dd48042cff8579f40a43 |
Family |
Formbook |
(2)
Sender ip |
37.0.8.112 |
From |
"USPS Delivery
<delivery7435@usps.com>" |
Subject |
"IMPORTANT: Check Your Parcel
Details" |
Attachment |
"echouver_137193_pdf.img" |
MD5 |
c85dcdadec4d2c529665fb11e6a9758f |
SHA256 |
dc3b2ac66e1be02a8c008c02f756130e18387ecafd869c4275aff3b9f57fbb3a |
Family |
NanoCore |
(3)
Sender ip |
103.147.184.40 |
From |
"Ms. Cheng
Sy"<chhaylin.cuspermit@sfllogi.com>" |
Subject |
"=?UTF-8?B?RndkOlJlOiBBdzogU2hpcHBpbmcgRG9jdW1lbnRzIOKAkyBDSSArIFBMICsgQkw=?=" |
Attachment |
"INV, BL, PL.gz" |
MD5 |
fae5f01e6ddc6f1d2a1315c0a02b23a6 |
SHA256 |
3dcba4003b2b226a2c7bfe52b7f88ea6e65f903b77e7a34a6936884ec7526b76 |
Family |
AgentTesla |
(4)
Sender ip |
185.222.58.155 |
From |
"Export <export@erentrefo.com>" |
Subject |
"TAX INVOICES & LPOs" |
Attachment |
"doc0490192021092110294.lzh" |
MD5 |
08ce80d4380f4145d01cf821d7fce034 |
SHA256 |
aa2959d2c85e38ff431701c308fdc8cd71f173bfa9aaa5f02a2fb89c1782d299 |
Family |
Formbook |
(5)
Sender ip |
103.133.108.70 |
From |
"Joshy
<stampa@novapri.com>" |
Subject |
"RE: Statement Of Account
(SOA)" |
Attachment |
"attached SOA & some
Invoices.r00" |
MD5 |
f6d10c2eeb2936aa864e337cab27300a |
SHA256 |
e6c444630af01c1a8e70c3ee2146f0fab5a1f71c9ea9093e36efe11cd242cc5c |
Family |
AZORult |
(6)
Sender ip |
45.137.22.147 |
From |
"mantenimientouio@puntonet.ec" |
Subject |
"=?UTF-8?B?TnVldmEgY290aXphY2nDs24=?=" |
Attachment |
"cotizaci�n.XL.img" |
MD5 |
436083b2d3252397e92d70983bb0564c |
SHA256 |
ea169dec26d15dd27078e94d3cba37f67109cbbf095913335317499091ea50dc |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
Sender ip |
103.156.91.251 |
From |
"Kit Leung"
<muzammil@polestarshipping.com>" |
Subject |
"RE: PO88224 || NEW ORDER" |
Attachment |
"NEW ORDER RE
PO88224.PDF.iso" |
MD5 |
01b2a64fff1fe10a32ec06541181f48f |
SHA256 |
8eac1ee2c601de814b716a91238a115f7294ed39fa0c0bf69eeb318ac9792284 |
Family |
Formbook |
(8)
Sender ip |
103.156.91.251 |
From |
"Arshad"
<btoma@link-us-online.com>" |
Subject |
"RE: REF:-1260 REQUIRED &
Requesting for PI - 2021" |
Attachment |
"Order confirmation
49506.PDF.iso" |
MD5 |
de0448c16540c8ec55e6af25078fbac8 |
SHA256 |
51cfb97e6e1e19e8a0c068bd0d3ef9710777718cb9048944cccdebdc4bd3f951 |
Family |
Formbook |
(9)
Sender ip |
185.222.58.156 |
From |
"Vanessa
Dennis"<dispo24@spontex-logistics.com>" |
Subject |
"Re: Proforma Invoice-Bank Advice
(PAID) Attached: " |
Attachment |
"Proforma Invoice-Bank Advice
(PAID) Attached.pdf.rar" |
MD5 |
4a0e5efd23cc47d7c2b53dc9ae6b95c9 |
SHA256 |
f7ced259f64ff64f1f2a111286b7206c421e98b2f50e3b324e32991df92e9f59 |
Family |
AveMariaRAT |
(10)
Sender ip |
45.137.22.147 |
From |
"fslezak@mmm.com" |
Subject |
"Re: INVOICE" |
Attachment |
"Swift Copy.gz.rar" |
MD5 |
806576390176182de9fac13350b43974 |
SHA256 |
2d239d3dcee1292de9e996b855d3cb5804aa30772517ad4f34128b2ad91d2add |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
Sender ip |
92.52.218.17 |
From |
"Zhang Kevin
<info@locatorsandsupplies.com>" |
Subject |
"REQUEST FOR QUOTATION:
P.O-20210923120155HT" |
Attachment |
"P.O-20210923120155HT.r00" |
MD5 |
73ff17672acbfed752fcaa77c5f1af30 |
SHA256 |
161e0447660dd2b1b8700c64296ab1e8b93233696d16727130a8adee840ac5c5 |
Family |
AsyncRAT |
(12)
Sender ip |
137.184.82.88 |
From |
"DHL EXPRESS
<support@dhl.com>" |
Subject |
"Consignment Notification: You
Have A Package With Us" |
Attachment |
"Consignment Documents.rar" |
MD5 |
2e948d075d0cb9ca1edc83e8689ebcdb |
SHA256 |
d19280c63a2fe2b2b50cd19faf6e467f6471589f200d0dab811b612a5183ca97 |
Family |
AsyncRAT |
(13)
Sender ip |
185.222.57.168 |
From |
"<admin2@micronetinformation.com>" |
Subject |
"RE: Purchase order REF
No.3279/55768" |
Attachment |
"Purchase order.r00" |
MD5 |
e73137ed52fc5e2d83cf123fa6f41e90 |
SHA256 |
d91bf3739ac8b30d679de6454cc8ad8f2027c28095cb575ced9e043454996ee4 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
Sender ip |
142.4.219.33 |
From |
"schlosshotel@obermayerhofen.at" |
Subject |
"=?UTF-8?Q?=C3=9Cberpr=C3=BCfen_Sie_die_Bilder_der_Produktmuster?=" |
Attachment |
"Produktmuster bestellen
pdf.exe.xz" |
MD5 |
605ace59653713e15a265663fa353f8d |
SHA256 |
bb563dd32da362223391bcab4ce944176a91743e3d686284b46c7166feffc9c0 |
Family |
Formbook |
(15)
Sender ip |
45.137.22.156 |
From |
"Fu Xidong<fuxidong1226@163.com>" |
Subject |
"RE: B/L copy, Commercial
Invoice" |
Attachment |
"SHIPPING DOCUMENTS.zip" |
MD5 |
03b447c0f7fa31ec4017b0abf1a05976 |
SHA256 |
db7eabb647cc05f9e3810a954d2596f1383e371d07564c8055228c3e94146049 |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
Sender ip |
68.183.177.17 |
From |
"No-Reply-DDSM@cma-cgm.com"<No-Reply-DDSM@cma-cgm.com>" |
Subject |
"D&D Invoice(s)" |
Attachment |
"DD_INV_180401_2.IMG" |
MD5 |
1826ddaec3fcc9896cf7fa8606899f7e |
SHA256 |
6318c1ba8c8740dc49268c841bdec61ca5747582b94089b9fbfebe499abfea7e |
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment