Phishing Attacks 26_10_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender
ip |
91.247.145.78 |
From |
"Kevin
Fang <tutul.tdal@tdsml.net>" |
Subject |
"RE:
MISTAKEN PAYMENT" |
Attachment |
"credit
notification pdf.z" |
MD5 |
5e43ecd7972ed7e8810c6249411d9b22 |
SHA256 |
6c7c8b5aa8a3f0e067ae9e55f33b3e7d3b772e441cd8585fdadaa72561e5c6ed |
Family |
Unknown |
(2)
Sender
ip |
159.65.71.105 |
From |
"Purchasing
Admin <admin@mailbox.com>" |
Subject |
"Order
PO#800A3E4" |
Attachment |
"PO
800A3E4.zip" |
MD5 |
7e05385a7f581bd4aa51c70e216a2ef0 |
SHA256 |
797d9b18dcc820b02e9a22a8ed6e65bc944e5f097509335853237ac733f339d6 |
Family |
Formbook |
(3)
Sender
ip |
5.206.227.95 |
From |
"Carmen
Torres<info@inquirymails.com>"s |
Subject |
"Fw:
4th Hire Payment" |
Attachment |
"invoice.z" |
MD5 |
6087be7f37cba2960a9777150c6e9d15 |
SHA256 |
000fe45623053414c6c7ef7d53693f485d4e3e27e2e0fe4e003d118e7016501f |
Family |
Unknwon |
(4)
Sender
ip |
45.137.22.53 |
From |
"HSBC
Advising Service <customerservice@hsbc.com>" |
Subject |
"Payment
Advice - Advice Ref:[GB1690364901] " |
Attachment |
"Payment
Advice.rar" |
MD5 |
5e4bd71725fff39ac8a6bcc472d64c0e |
SHA256 |
e22c8e63a85b05a5902a9eb7e8934c48ffa09fd4dac5365da68189771d4296b3 |
Family |
Unknown |
(5)
Sender
ip |
45.137.22.61 |
From |
"afin4.marketing@hdasco.com" |
Subject |
"FW:
URGENT ORDER_NO.238275-ENQUIRY" |
Attachment |
"Swift
copy.r15" |
MD5 |
e814f48455988959d5345f7ce3fbe78c |
SHA256 |
b4bd228ebad545f0f152f8c37baa338aa76eac7749f55d5c496954834a782d07 |
Family |
Unknown |
(6)
Sender
ip |
110.4.42.27 |
From |
"Ksenia
Ryapolova" <info@swings-cms.com>" |
Subject |
"=?utf-8?B?4Y6hZTog4Y6hZTogRtGhZDogQXR0YWNoZWQtUGF5bWVudCBE?= =?utf-8?B?b25lIFRvZGF5?=" |
Attachment |
"Attached-Payment
Done Today" |
MD5 |
d2e2cdd6fa6b98ec2ce195bfc0079835 |
SHA256 |
d45bd3cd9838ab93a42cfbacf31527272ea2862f18577a4fa5465d5c47f2b726 |
Family |
Formbook |
(7)
Sender
ip |
91.247.145.78 |
From |
"NRB
Commercial Bank <asadeco@nrbcommercialbank.com>" |
Subject |
"Wrong
Payment details" |
Attachment |
"Bank
Details pdf.z" |
MD5 |
fc57f298e10adcf52da5459bef2f6009 |
SHA256 |
f5047237825cb59540fbd413acf1ddb83fd6122b5675506141461033c2ea0965 |
Family |
Unknown |
(8)
Sender
ip |
45.137.22.156 |
From |
"Valcris
Group<ahasanain@ali-alghanim.net>" |
Subject |
"Re:
Enquiry" |
Attachment |
"SHIPPING
ADVICE.zip" |
MD5 |
f20714420113afb1b16f1dfe4a701c42 |
SHA256 |
95898595f6352aeb430b9b0ea8ecc363a057f8224ed81f69611db0dcab0fb969 |
Family |
Unknwon |
(9)
Sender
ip |
45.137.22.53 |
From |
"Eric
Fontes" <f.eric@vale.com>" |
Subject |
"PO
- RFQ # 0976028391 NEW ORDER" |
Attachment |
"RFQ
# 097602839 NEW ORDER.rar" |
MD5 |
520b9fe031b979ac19f5e624754bd5a0 |
SHA256 |
a5073840fbd28637bc8537e99e533728d1274c402c2aa22b4550e5a647e97b07 |
Family |
Unknwon |
(10)
Sender
ip |
45.9.168.102 |
From |
"Maria
Humberts - Accounts Payables Dept <maria.trf00384hbc@gmail.com>" |
Subject |
"fwd:
Payment Advice Note from 26.10.2021" |
Attachment |
"USD54,884.56_202110260056MT103_0034D.ace" |
MD5 |
0cf0b292ece4583c5ce710c2ca81243b |
SHA256 |
4d6d12e951585311015e623e5ec2f97f9b8ab1249d729961a8acd4b5ebc751d6 |
Family |
Unknown |
(11)
Sender
ip |
37.0.10.6 |
From |
"phoungle@vikomed.vn" |
Subject |
"Urgent:
PO//Inquiry Order//RFQ" |
Attachment |
"New_Order_PO#960780_MT_Quote.gz" |
MD5 |
eda9597e4908dbdc5a2c7a4ca4cb3925 |
SHA256 |
026a4841afc0a27a36f74e4de837e02e64853be2a67f70506ad9933116a9f669 |
Family |
AgentTesla |
(12)
Sender
ip |
103.167.85.70 |
From |
"info1@cnsanmu.com" |
Subject |
"Purchase
order 2900517+2906627" |
Attachment |
"purchase
order 2900517+2906627 pdf.7z" |
MD5 |
9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 |
3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family |
AgentTesla |
(13)
Sender
ip |
199.10.31.238 |
From |
"Shruti
Bhoyar <makana@rpglobals.co.in>" |
Subject |
"Quote
For October 2021" |
Attachment |
"OS-QTN-0320-21-Rev1.rar" |
MD5 |
e98b3b25eb0f4f6e14a8b09ba517e340 |
SHA256 |
55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912 |
Family |
Formbook |
(14)
Sender
ip |
45.137.22.61 |
From |
"sales@5index.com" |
Subject |
"RE
: NEW ORDER" |
Attachment |
"Lebanon
Khayat Trading Company.r15" |
MD5 |
f8f556291f188343fb61560420999421 |
SHA256 |
6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family |
AgentTesla |
(15)
Sender
ip |
167.172.91.230 |
From |
"Manoj
Pillai (DHL) <Manoj.Pillai@dhl.com>" |
Subject |
"FW:
DHL Express Courier Onhold for invalid Clearance and delivery" |
Attachment |
"AWB
D2101002050-292.zip" |
MD5 |
2705ca9846114cc34fd8e3909292b128 |
SHA256 |
6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family |
AgentTesla |
(16)
Sender
ip |
103.167.85.70 |
From |
"info1@cnsanmu.com" |
Subject |
"Purchase
order 2900517+2906627" |
Attachment |
"purchase
order 2900517+2906627 pdf.7z" |
MD5 |
9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 |
3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family |
AgentTesla |
(17)
Sender
ip |
103.167.85.70 |
From |
"info1@cnsanmu.com" |
Subject |
"Purchase
order 2900517+2906627" |
Attachment |
"purchase
order 2900517+2906627 pdf.7z" |
MD5 |
9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 |
3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family |
AgentTesla |
(18)
Sender
ip |
199.10.31.238 |
From |
"Shruti
Bhoyar <makana@rpglobals.co.in>" |
Subject |
"Quote
For October 2021" |
Attachment |
"OS-QTN-0320-21-Rev1.rar" |
MD5 |
e98b3b25eb0f4f6e14a8b09ba517e340 |
SHA256 |
55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912 |
Family |
Formbook |
(19)
Sender
ip |
45.137.22.61 |
From |
"sales@5index.com" |
Subject |
"RE
: NEW ORDER" |
Attachment |
"Lebanon
Khayat Trading Company.r15" |
MD5 |
f8f556291f188343fb61560420999421 |
SHA256 |
6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family |
AgentTesla |
(20)
Sender
ip |
167.172.91.230 |
From |
"Manoj
Pillai (DHL) <Manoj.Pillai@dhl.com>" |
Subject |
"FW:
DHL Express Courier Onhold for invalid Clearance and delivery" |
Attachment |
"AWB
D2101002050-292.zip" |
MD5 |
2705ca9846114cc34fd8e3909292b128 |
SHA256 |
833b7028bbc8e154e3f45fd0a700f022847208bf6706389ef61620f8d242e49a |
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment