Phishing Attacks 27_9_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course

(1)

Sender ip

45.137.22.156

From

"gkcmumbai@gmail.com<gkcmumbai@gmail.com>"

Subject

"Re: Enquiry"

Attachment

"PRICE QUOTE.zip"

MD5

05c141b39bb4c908a420a13d56260657

SHA256

759dab60f58018203d219a229e69a2af9adc96cfc46cfa28f2877af8648777b6

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(2)

Sender ip

108.166.43.78

From

"Bsawyer"<jbennington@fathomrealty.com>"

Subject

"Your order: #RS00HNAWZ1"

Attachment

"#RS00HNAWZ1.iso"

MD5

84a0b17fb49483b8b0fa79066d87afd1

SHA256

2507f3526d4419945b1091542eeca79de74602e5cea24b14492fe14be66d7ab5

Family

Vjw0rm

 

(3)

 

Sender ip

45.137.22.115

From

"Cathy Yang <fraser@impstar.org>"

Subject

"RE: RE: 90% BALANCE PAYMENT INVOICE 1394,1395/21-22"

Attachment

"swift00098765456NMLO.zip"

MD5

a5e55107f754fa83badfbbd34aba0ab7

SHA256

7bcd80864e8f7f0dfd8a0f2694b8f3e9a1bb443cd8e8ec86305422e6b5b2c0db

Family

Unknown

 


(4)

 

Sender ip

185.176.221.189

From

"Dhl Customer Support <mail@deliveryssl.com>"

Subject

"Delivery Failed"

Attachment

"Attachment.iso"

MD5

c61bbf21647bcf6d7482d0e765baec65

SHA256

a6dcbfef14af69bd9635305dac92f09a3bffc67453d777b41d2c09345c354fdb

Family

RemcosRAT

 

(5)

Sender ip

104.168.204.20

From

"Faruk Ahmed <admin@zicomgroup.live>"

Subject

"NEW PURCHASE ORDER FOR URGENT RESPONSE $180,000"

Attachment

"NEW PURCHASE ORDER FOR URGENT RESPONSE $180,000.rar"

MD5

0266a43bd817ce7a594fe36784443567

SHA256

8aa0c9ab87da8ca53599e758b5061fb9a6ef1502ef60538835f2b9ae1d6356ad

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(6)

Sender ip

185.176.221.189

From

"Dhl Customer Support <mail@deliveryssl.com>"

Subject

"Delivery Failed"

Attachment

"Attachment.iso"

MD5

ed5a7b6c398627a0e30d56ed4a811fb3

SHA256

8887416f03acd7c498c9e891fde30e3503b8a5fc9c31d11bb0c04815f45f27d0

Family

NetWire


(7)

Sender ip

193.56.29.111

From

"CARAVAN Sales <sales@caravanmr.com>"

Subject

"RFQ-910015 CARAVAN GROUP"

Attachment

"RFQ-910015.xlsx"

MD5

51cfc4755260459f4417f9ed5c85b0e3

SHA256

25ac56fa9637967ae898c22748283b3655c5dcb00f3c9100d6e787b45e9e4714

Family

Unknown


(8)

Sender ip

31.210.20.38

From

"BITCOIN <btc@aonbd.net>"

Subject

"New Btc Policy"

Attachment

"FULL BTC POLICY2022 INTL.PDF.rar"

MD5

a42021d9e55675d7f14d76f9095798b0

SHA256

c70a438d7d83606c0de95316aec263df0e914f21375089e33fc165c094e33d23

Family

unknown


(9)

Sender ip

31.210.20.38

From

"JESSE BOLEVAN <jsse@aonbd.net>"

Subject

"New Order"

Attachment

"Order_67289283828289.zip"

MD5

d6351e3046f31284599623b4a033041c

SHA256

ce9ad4f8dd11515d83ae00f791e665f445867cb2a9176f5fb3afc6c7669cb4da

Family

Unknown


(10)

Sender ip

103.133.109.71

From

"DHL Express <delivery@dhl.sg>"

Subject

"RE: AWB #6913321715 & SHIPPING DOCUMENTS"

Attachment

"AWB & Shipping Documents.tar"

MD5

9673abd07490321eadd85557b33b4dee

SHA256

6aa6b71dc678822b714af3634efb002dd0d0e7ca0c3cf0e4040989a1c3914029

Family

Unknown


(11)

Sender ip

103.125.190.56

From

"lgpartner.chAdministrator@lgpartner.ch"

Subject

"QOUTATION CONFIRMATION"

Attachment

"AWS QOUTATION 768854_SCAN_PDF.rar"

MD5

a55c09a332d66944bc6ea102b5375495

SHA256

4054e74d768d7fac206b141d7c01cef8a9345f6b9741758b0e56bde21518c0b9

Family

RemcosRAT


(12)

Sender ip

45.137.22.48

From

"Mohamed Al Mazrui <thaotran@longtruong.com.vn>"

Subject

"Re: *URGENT*- Payment to bank details (CONFIRM BANK DETAILS)"

Attachment

"Bank details.lzh"

MD5

"Bank details.lzh"

SHA256

9e5b19bd45bde27361505fd750b2537f2b83eaf2ece6bbcbc20f595d99e8384d

Family

AgentTesla

(

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

13)

Sender ip

199.10.31.238

From

"Josey<josey.teran@mountztorque.com>"

Subject

"Mountz, Inc.: Purchase Order #PO226520"

Attachment

"Purchase Order_PO226520_1632165053105.rev"

MD5

edf299482cbcfa08f808e2fa4b5e6a8d

SHA256

a0e1b5c3ee9b881556c44f34851ab539c892e9e585645e4922446e1f46655946

Family

Unknown


(14)

Sender ip

185.29.9.105

From

"Lucia Pancini<docs1@paarglobal.in>"

Subject

"PO for New Order"

Attachment

"PO-IMAGE-SCAN-00HD878HE485HDYTE.rar"

MD5

ee6701a8830a5c3bd99a2e58c8aeeca1

SHA256

b38fb86423029b7c8cb1f4a426606001647d4b7c6950a46fc552b438c9f6ba96

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

185.222.58.155

From

"Anil <anil@jinasena.com.lk>"

Subject

"RE: PURCHASE ORDER I 5083 - 2340212"

Attachment

"PURCHASE ORDER I 5083.r00"

MD5

aa157b553888eac217edcf018295f240

SHA256

b1b4509bb3b6ac1ead9e61ac865f04ae862fef2f905043d06d5546ea607f4536

Family

Formbook
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more