Phishing Attacks 27_9_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender ip |
45.137.22.156 |
|
From |
"gkcmumbai@gmail.com<gkcmumbai@gmail.com>" |
|
Subject |
"Re: Enquiry" |
|
Attachment |
"PRICE QUOTE.zip" |
|
MD5 |
05c141b39bb4c908a420a13d56260657 |
|
SHA256 |
759dab60f58018203d219a229e69a2af9adc96cfc46cfa28f2877af8648777b6 |
|
Family |
AgentTesla |
(2)
|
Sender ip |
108.166.43.78 |
|
From |
"Bsawyer"<jbennington@fathomrealty.com>" |
|
Subject |
"Your order: #RS00HNAWZ1" |
|
Attachment |
"#RS00HNAWZ1.iso" |
|
MD5 |
84a0b17fb49483b8b0fa79066d87afd1 |
|
SHA256 |
2507f3526d4419945b1091542eeca79de74602e5cea24b14492fe14be66d7ab5 |
|
Family |
Vjw0rm |
(3)
|
Sender ip |
45.137.22.115 |
|
From |
"Cathy Yang <fraser@impstar.org>" |
|
Subject |
"RE: RE: 90% BALANCE PAYMENT INVOICE
1394,1395/21-22" |
|
Attachment |
"swift00098765456NMLO.zip" |
|
MD5 |
a5e55107f754fa83badfbbd34aba0ab7 |
|
SHA256 |
7bcd80864e8f7f0dfd8a0f2694b8f3e9a1bb443cd8e8ec86305422e6b5b2c0db |
|
Family |
Unknown |
(4)
|
Sender ip |
185.176.221.189 |
|
From |
"Dhl Customer Support
<mail@deliveryssl.com>" |
|
Subject |
"Delivery Failed" |
|
Attachment |
"Attachment.iso" |
|
MD5 |
c61bbf21647bcf6d7482d0e765baec65 |
|
SHA256 |
a6dcbfef14af69bd9635305dac92f09a3bffc67453d777b41d2c09345c354fdb |
|
Family |
RemcosRAT |
(5)
|
Sender ip |
104.168.204.20 |
|
From |
"Faruk Ahmed
<admin@zicomgroup.live>" |
|
Subject |
"NEW PURCHASE ORDER FOR URGENT RESPONSE
$180,000" |
|
Attachment |
"NEW PURCHASE ORDER FOR URGENT RESPONSE
$180,000.rar" |
|
MD5 |
0266a43bd817ce7a594fe36784443567 |
|
SHA256 |
8aa0c9ab87da8ca53599e758b5061fb9a6ef1502ef60538835f2b9ae1d6356ad |
|
Family |
AgentTesla |
(6)
|
Sender ip |
185.176.221.189 |
|
From |
"Dhl Customer Support
<mail@deliveryssl.com>" |
|
Subject |
"Delivery Failed" |
|
Attachment |
"Attachment.iso" |
|
MD5 |
ed5a7b6c398627a0e30d56ed4a811fb3 |
|
SHA256 |
8887416f03acd7c498c9e891fde30e3503b8a5fc9c31d11bb0c04815f45f27d0 |
|
Family |
NetWire |
(7)
|
Sender ip |
193.56.29.111 |
|
From |
"CARAVAN Sales
<sales@caravanmr.com>" |
|
Subject |
"RFQ-910015 CARAVAN GROUP" |
|
Attachment |
"RFQ-910015.xlsx" |
|
MD5 |
51cfc4755260459f4417f9ed5c85b0e3 |
|
SHA256 |
25ac56fa9637967ae898c22748283b3655c5dcb00f3c9100d6e787b45e9e4714 |
|
Family |
Unknown |
(8)
|
Sender ip |
31.210.20.38 |
|
From |
"BITCOIN <btc@aonbd.net>" |
|
Subject |
"New Btc Policy" |
|
Attachment |
"FULL BTC POLICY2022 INTL.PDF.rar" |
|
MD5 |
a42021d9e55675d7f14d76f9095798b0 |
|
SHA256 |
c70a438d7d83606c0de95316aec263df0e914f21375089e33fc165c094e33d23 |
|
Family |
unknown |
(9)
|
Sender ip |
31.210.20.38 |
|
From |
"JESSE BOLEVAN <jsse@aonbd.net>" |
|
Subject |
"New Order" |
|
Attachment |
"Order_67289283828289.zip" |
|
MD5 |
d6351e3046f31284599623b4a033041c |
|
SHA256 |
ce9ad4f8dd11515d83ae00f791e665f445867cb2a9176f5fb3afc6c7669cb4da |
|
Family |
Unknown |
(10)
|
Sender ip |
103.133.109.71 |
|
From |
"DHL Express <delivery@dhl.sg>" |
|
Subject |
"RE: AWB #6913321715 & SHIPPING
DOCUMENTS" |
|
Attachment |
"AWB & Shipping Documents.tar" |
|
MD5 |
9673abd07490321eadd85557b33b4dee |
|
SHA256 |
6aa6b71dc678822b714af3634efb002dd0d0e7ca0c3cf0e4040989a1c3914029 |
|
Family |
Unknown |
(11)
|
Sender ip |
103.125.190.56 |
|
From |
"lgpartner.chAdministrator@lgpartner.ch" |
|
Subject |
"QOUTATION CONFIRMATION" |
|
Attachment |
"AWS QOUTATION 768854_SCAN_PDF.rar" |
|
MD5 |
a55c09a332d66944bc6ea102b5375495 |
|
SHA256 |
4054e74d768d7fac206b141d7c01cef8a9345f6b9741758b0e56bde21518c0b9 |
|
Family |
RemcosRAT |
(12)
|
Sender ip |
45.137.22.48 |
|
From |
"Mohamed Al Mazrui
<thaotran@longtruong.com.vn>" |
|
Subject |
"Re: *URGENT*- Payment to bank details (CONFIRM
BANK DETAILS)" |
|
Attachment |
"Bank details.lzh" |
|
MD5 |
"Bank details.lzh" |
|
SHA256 |
9e5b19bd45bde27361505fd750b2537f2b83eaf2ece6bbcbc20f595d99e8384d |
|
Family |
AgentTesla |
(
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
13)
|
Sender ip |
199.10.31.238 |
|
From |
"Josey<josey.teran@mountztorque.com>" |
|
Subject |
"Mountz, Inc.: Purchase Order #PO226520" |
|
Attachment |
"Purchase
Order_PO226520_1632165053105.rev" |
|
MD5 |
edf299482cbcfa08f808e2fa4b5e6a8d |
|
SHA256 |
a0e1b5c3ee9b881556c44f34851ab539c892e9e585645e4922446e1f46655946 |
|
Family |
Unknown |
(14)
|
Sender ip |
185.29.9.105 |
|
From |
"Lucia Pancini<docs1@paarglobal.in>" |
|
Subject |
"PO for New Order" |
|
Attachment |
"PO-IMAGE-SCAN-00HD878HE485HDYTE.rar" |
|
MD5 |
ee6701a8830a5c3bd99a2e58c8aeeca1 |
|
SHA256 |
b38fb86423029b7c8cb1f4a426606001647d4b7c6950a46fc552b438c9f6ba96 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
|
Sender ip |
185.222.58.155 |
|
From |
"Anil <anil@jinasena.com.lk>" |
|
Subject |
"RE: PURCHASE ORDER I 5083 - 2340212" |
|
Attachment |
"PURCHASE ORDER I 5083.r00" |
|
MD5 |
aa157b553888eac217edcf018295f240 |
|
SHA256 |
b1b4509bb3b6ac1ead9e61ac865f04ae862fef2f905043d06d5546ea607f4536 |
|
Family |
Formbook |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment