Phishing Attacks 25_9_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

103.156.91.251

From

"Kit Leung" <Nick@pml-ltd.com>"

Subject

"RE: PO88224 || NEW ORDER"

Attachment

"NEW ORDER_PO88224.PDF.iso"

MD5

8d62f8617a036d204233bbb5ecea97c9

SHA256

d31545790be2903d071f2355c74a10a0f250c7dd5f43dd48042cff8579f40a43

Family

Formbook

 

(2)

Sender ip

37.0.8.112

From

"USPS Delivery <delivery7435@usps.com>"

Subject

"IMPORTANT: Check Your Parcel Details"

Attachment

"echouver_137193_pdf.img"

MD5

c85dcdadec4d2c529665fb11e6a9758f

SHA256

dc3b2ac66e1be02a8c008c02f756130e18387ecafd869c4275aff3b9f57fbb3a

Family

NanoCore

  If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube  NanoCore..

(3)

 

Sender ip

103.147.184.40

From

"Ms. Cheng Sy"<chhaylin.cuspermit@sfllogi.com>"

Subject

"=?UTF-8?B?RndkOlJlOiBBdzogU2hpcHBpbmcgRG9jdW1lbnRzIOKAkyBDSSArIFBMICsgQkw=?="

Attachment

"INV, BL, PL.gz"

MD5

fae5f01e6ddc6f1d2a1315c0a02b23a6

SHA256

3dcba4003b2b226a2c7bfe52b7f88ea6e65f903b77e7a34a6936884ec7526b76

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(4)

 

Sender ip

185.222.58.155

From

"Export <export@erentrefo.com>"

Subject

"TAX INVOICES & LPOs"

Attachment

"doc0490192021092110294.lzh"

MD5

08ce80d4380f4145d01cf821d7fce034

SHA256

aa2959d2c85e38ff431701c308fdc8cd71f173bfa9aaa5f02a2fb89c1782d299

Family

Formbook

 

(5)

Sender ip

103.133.108.70

From

"Joshy <stampa@novapri.com>"

Subject

"RE: Statement Of Account (SOA)"

Attachment

"attached SOA & some Invoices.r00"

MD5

f6d10c2eeb2936aa864e337cab27300a

SHA256

e6c444630af01c1a8e70c3ee2146f0fab5a1f71c9ea9093e36efe11cd242cc5c

Family

AZORult

 

(6)

Sender ip

45.137.22.147

From

"mantenimientouio@puntonet.ec"

Subject

"=?UTF-8?B?TnVldmEgY290aXphY2nDs24=?="

Attachment

"cotizacin.XL.img"

MD5

436083b2d3252397e92d70983bb0564c

SHA256

ea169dec26d15dd27078e94d3cba37f67109cbbf095913335317499091ea50dc

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

103.156.91.251

From

"Kit Leung" <muzammil@polestarshipping.com>"

Subject

"RE: PO88224 || NEW ORDER"

Attachment

"NEW ORDER RE PO88224.PDF.iso"

MD5

01b2a64fff1fe10a32ec06541181f48f

SHA256

8eac1ee2c601de814b716a91238a115f7294ed39fa0c0bf69eeb318ac9792284

Family

Formbook


(8)

Sender ip

103.156.91.251

From

"Arshad" <btoma@link-us-online.com>"

Subject

"RE: REF:-1260 REQUIRED & Requesting for PI - 2021"

Attachment

"Order confirmation 49506.PDF.iso"

MD5

de0448c16540c8ec55e6af25078fbac8

SHA256

51cfb97e6e1e19e8a0c068bd0d3ef9710777718cb9048944cccdebdc4bd3f951

Family

Formbook


(9)

Sender ip

185.222.58.156

From

"Vanessa Dennis"<dispo24@spontex-logistics.com>"

Subject

"Re: Proforma Invoice-Bank Advice (PAID) Attached: "

Attachment

"Proforma Invoice-Bank Advice (PAID) Attached.pdf.rar"

MD5

4a0e5efd23cc47d7c2b53dc9ae6b95c9

SHA256

f7ced259f64ff64f1f2a111286b7206c421e98b2f50e3b324e32991df92e9f59

Family

AveMariaRAT


(10)

Sender ip

45.137.22.147

From

"fslezak@mmm.com"

Subject

"Re: INVOICE"

Attachment

"Swift Copy.gz.rar"

MD5

806576390176182de9fac13350b43974

SHA256

2d239d3dcee1292de9e996b855d3cb5804aa30772517ad4f34128b2ad91d2add

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(11)

Sender ip

92.52.218.17

From

"Zhang Kevin <info@locatorsandsupplies.com>"

Subject

"REQUEST FOR QUOTATION: P.O-20210923120155HT"

Attachment

"P.O-20210923120155HT.r00"

MD5

73ff17672acbfed752fcaa77c5f1af30

SHA256

161e0447660dd2b1b8700c64296ab1e8b93233696d16727130a8adee840ac5c5

Family

AsyncRAT


(12)

Sender ip

137.184.82.88

From

"DHL EXPRESS <support@dhl.com>"

Subject

"Consignment Notification: You Have A Package With Us"

Attachment

"Consignment Documents.rar"

MD5

2e948d075d0cb9ca1edc83e8689ebcdb

SHA256

d19280c63a2fe2b2b50cd19faf6e467f6471589f200d0dab811b612a5183ca97

Family

AsyncRAT

(13)

Sender ip

185.222.57.168

From

"<admin2@micronetinformation.com>"

Subject

"RE: Purchase order REF No.3279/55768"

Attachment

"Purchase order.r00"

MD5

e73137ed52fc5e2d83cf123fa6f41e90

SHA256

d91bf3739ac8b30d679de6454cc8ad8f2027c28095cb575ced9e043454996ee4

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(14)

Sender ip

142.4.219.33

From

"schlosshotel@obermayerhofen.at"

Subject

"=?UTF-8?Q?=C3=9Cberpr=C3=BCfen_Sie_die_Bilder_der_Produktmuster?="

Attachment

"Produktmuster bestellen pdf.exe.xz"

MD5

605ace59653713e15a265663fa353f8d

SHA256

bb563dd32da362223391bcab4ce944176a91743e3d686284b46c7166feffc9c0

Family

Formbook


(15)

Sender ip

45.137.22.156

From

"Fu Xidong<fuxidong1226@163.com>"

Subject

"RE: B/L copy, Commercial Invoice"

Attachment

"SHIPPING DOCUMENTS.zip"

MD5

03b447c0f7fa31ec4017b0abf1a05976

SHA256

db7eabb647cc05f9e3810a954d2596f1383e371d07564c8055228c3e94146049

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(16)

Sender ip

68.183.177.17

From

"No-Reply-DDSM@cma-cgm.com"<No-Reply-DDSM@cma-cgm.com>"

Subject

"D&D Invoice(s)"

Attachment

"DD_INV_180401_2.IMG"

MD5

1826ddaec3fcc9896cf7fa8606899f7e

SHA256

6318c1ba8c8740dc49268c841bdec61ca5747582b94089b9fbfebe499abfea7e

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

AgentTesla Malware