Phishing Attacks 13_11_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course


(1)

Sender ip

185.222.58.154

From

"Eric Fontes <sales@bsb.ie>"

Subject

"MV. PAN FORTUNE //Vale//30,000MT"

Attachment

"Purchase Order 30,000MT.rar"

MD5

a04074b77c82e0fa2843fca4b8a1e414

SHA256

bda5add79e9e06801f579e8f7a249a3abf1a7d78ec56275c0ab5ffe8e97176ca

Family

GuLoader

 

(2)

Sender ip

185.222.57.209

From

"Ashwin Kumar.S <purchase5@spic.co.in>"

Subject

"New Request for Quotation 2000051165"

Attachment

"R F Q 2000051165.zip"

MD5

661ed4aaf21f9dccb550f6b3bb1e3c65

SHA256

3c6ec9674570d6bae26b02e9de162dfaed5d2f62dddcef662944937ca9eff320

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(3)

 

Sender ip

185.222.57.209

From

"Return-Path: <Paul.Yip@speedmark.com.hk>"

Subject

"RE:PAYMENT DUE & SHIPMENT STATUS"

Attachment

"UPDATTED S O A.zip"

MD5

ee6ae4c68d6e6f431dea28deb7b312ee

SHA256

f217cc024d292764cf387fd52ec78843be77df06bd723219bd15dd655b9399c7

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

 

(4)

 

Sender ip

104.224.28.167

From

"Wuh Xueming <export@haitunggroup.com>"

Subject

"WRONG IBAN/PAYMENT TRANSFER REQUEST"

Attachment

"Transfer request form.zip"

MD5

4e0b2510b7140142249cbde36fc413fb

SHA256

371654d341cc7be04dc802cef9caf4a98824fe970018134270872b336b889973

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(5)

Sender ip

103.232.53.21

From

"finance"<finance@meerland.com.ua"

Subject

"FWD : OVERDUE FOR SEPTEMBER AND OCTOBER"

Attachment

"Overdue SOA.rar"

MD5

44eed39afa188133fa3f0b8f805dd28e

SHA256

f86bc63b72c1d321eff336fb6d3a70571c3f1ee95fb84102b974b42e98d5c00f

Family

Unknown

 

 (6)

Sender ip

185.222.57.150

From

"cnsale03@gmvalves.com"

Subject

"purchase order"

Attachment

"zCEr8cPJ5GpDgmz.rar"

MD5

9ccc298fe40ef1fa7f0dc74b845538a0

SHA256

8856d012bb2216bb3bb44e6cef106e71457bc2ec12024d71b458e8614f1289e9

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(7)

Sender ip

185.222.57.209

From

"Jason.mao@yizhanparts.com"

Subject

"RE; payment made to your account toda"

Attachment

"PAYMENT DATAILS.zip"

MD5

d39e07783d5e24e788060987f67aee33

SHA256

1060cd77d3b53d02466d168aa1eaa8ff9bb27ded165484b56ad61c529d117982

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(8)

Sender ip

185.222.58.151

From

"Purchase"<info@jawaczownersclub.co.uk>"

Subject

"Re: Conference Equipment Request"

Attachment

"AWS EC2 Benchmarks for puchase.rar"

MD5

91fbf027b66141de38d86e46dcf53278

SHA256

894184fb3ef4d586b2404fd78b5c772c08da6c90cecc51188bb708a476fad58b

Family

AveMariaRAT

 

(9)

Sender ip

195.133.18.176

From

"Anderson Rosa <tyr.pri@desertelim.com>"

Subject

"Order_20211011"

Attachment

"Official Order_20211011.iso"

MD5

6c96d9c71b982d9ca78c66813d4acec1

SHA256

c553b899af61e2858632931a56c19593657e3619be758acc646d59898ac81f11

Family

RemcosRAT

 

(10)

Sender ip

185.222.57.150

From

"cnsale03@gmvalves.com"

Subject

"purchase order"

Attachment

"0JGFOez7vfZ18Tg.rar"

MD5

215f758414865ec605ea51b0c2cf0ea4

SHA256

5ad0a97284f0fa0c22934b37d45376d2041c90624f73617286164ffa771a3fd1

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(11)

Sender ip

51.15.9.169

From

"Alert <alert@zelran.com>"

Subject

"Invoice 16705 revoked"

Attachment

"Invoice-16705_1.xll"

MD5

6d036f8c550f491c4cce6ac9332e7cd5

SHA256

1173e3ebe11e6a3bf51596de33082e6ccac764113af2738ddb8a2ef864ae2a7f

Family

Dridex

 (12)

Sender ip

202.169.41.42

From

"Invoice Notification <invoice_notification@anaplaam.com.com>"

Subject

"INV 28151 RCVD"

Attachment

"INV-28151_2.xll"

MD5

98a5120e647a89e1f9c39c983b79d5a1

SHA256

b7513bf021f37be5313215ff5f77db379f463f04b10ddce15eee76a3e421c1f2

Family

Dridex

 

(13)

Sender ip

103.232.53.21

From

"acct22 <acct22@shintechhk.com>"

Subject

"Payment Details as at 16th NOV 2021"

Attachment

"SOA LIST XLS.rar"

MD5

124a8e19a8dc31e0aa17969decbfe0a5

SHA256

905926496c669e4b37bf76bbaa802e5981f75f252de28fbe0962f9e310f2cad5

Family

Unknown


(14)

Sender ip

185.222.57.209

From

"Return-Path: <Paul.Yip@speedmark.com.hk>"

Subject

"RE:PAYMENT DUE & SHIPMENT STATUS"

Attachment

"UPDATTED S O A.zip"

MD5

19317fe0352db2f1b75d8ed48336a657

SHA256

15ca527588c49eed78e28adc9011c68f5dab58d2beef10e671b4b8b912eb5b99

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(15)

Sender ip

185.222.57.209

From

"Return-Path: <Paul.Yip@speedmark.com.hk>"

Subject

"RE:PAYMENT DUE & SHIPMENT STATUS"

Attachment

"UPDATTED S O A.zip"

MD5

19317fe0352db2f1b75d8ed48336a657

SHA256

15ca527588c49eed78e28adc9011c68f5dab58d2beef10e671b4b8b912eb5b99

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(16)

Sender ip

172.107.237.56

From

"=?UTF-8?B?V2VybmVyIEfDtnR6?= <marketing@jnpowerbatteries.com>"

Subject

"Fw: New Order No. BCM190282"

Attachment

"New Order-2021-PO#0834.r00"

MD5

a213b2a896d6d056768a73cdfaa73710

SHA256

4758f80ca599c7a9056bc42ee5c8691a4452a473f11fb75636e410516cc7b76c

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(17)

Sender ip

193.56.29.164

From

"post@hans-koerber.de"

Subject

"Urgent request of quotation and Stock availabilty"

Attachment

"PO 210411.xlsx"

MD5

71ba147565071da166cd1dfd13950efd

SHA256

b8b509a03643e795ab01342047385d9780efda93fc0ba6875976caeec5a43843

Family

Formbook

(18)

Sender ip

134.0.112.157

From

"Harold" <17998794@hotmail.com>"

Subject

"paperwork"

Attachment

"20211111.gz"

MD5

ce669986e6fb486f41dd99971b5cf91a

SHA256

eda063fdc27f841acb44ec9ee48b2632fc6b3897a88e7966f798fd44459988cc

Family

Zeppelin

(19)

Sender ip

62.33.7.21

From

"Jason" <9679333@hotmail.com>"

Subject

"docs"

Attachment

"20211111.zip"

MD5

dc34591a6d6b9512d8e2c0233668e828

SHA256

209c4ae6f5020b6065fa3c7bc5bc1a54e47fc197947364d80a5c58dbd7a09dd7

Family

Unknown

(20)

Sender ip

103.195.101.74

From

"DHL Express <mike@southnottscfr.org.uk>"

Subject

"DHL Delivery-AWB /NOV/2021/"

Attachment

"DHL Delivery Documents.r01"

MD5

4f9e5fa9d377c6b95f2a133e22e8bcad

SHA256

ce74a421212ea6db55404fc4a177a3607144bc82ecfb1c671125225e5940bfa7

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(21)

Sender ip

208.73.206.131

From

"David Chen <sales@alarmafzco.com>"

Subject

"AW: INV-facture-paid Invoice-transfer"

Attachment

"PayDoc.rar"

MD5

4ab5e365f00113bb9f4699b3a29de8ac

SHA256

620196f781f633a241d151a2dc4eac215ca950453c2ff8eccf55cf575bc706ed

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(22)

Sender ip

45.137.22.152

From

"ASIAN SHIPPING<sales01@gulflogisticsltd.com>"

Subject

"RE: Refund Request to release our outstanding payment of USD 88,508"

Attachment

"SHIPPING DOCUMENTS.zip"

MD5

fc924e8eca5a311af10cc7aa25546ac8

SHA256

e1452a1151d352da3ffbe845dee67b071e66dc4b99aaf1b121f320b5bc7b6768

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(23)

Sender ip

45.137.22.152

From

"Creamy Ho (CHK-SD3)<creamy.ho@chemtax.com>"

Subject

"RE new contract no. FU21-062A for 1st lot 4437.34kgs- updated P/I and packing list - pls sign back the updated contract and note"

Attachment

"CONTRACT ASIAN SHIPPING.zip"

MD5

2d80f334e1b977ce7167e5ff6129322e

SHA256

9505e8cd560bc3a8a2fd616201018551970f9d038e58ea4c82f870ddf1069e27

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(24)

Sender ip

136.144.41.113

From

"Nancy Ngan <newforwarders@gmail.com>"

Subject

"Bank Correction"

Attachment

"INV8897.xlsx"

MD5

8ecedf54cded946685b748405e313519

SHA256

bc9da4a90923bec00235b54e4489519add79923f52cd1acb22a5237b69dcca53

Family

Formbook

(25)

Sender ip

185.222.57.150

From

"sales@matcoasia.com"

Subject

"Re: Purchase Order"

Attachment

"Iz150pqkbOdUArY.zip"

MD5

48d2888df2bcca3d392783bfc235764e

SHA256

5d99bdb224452fda2c738f2f882fe1c812afac3d98f2c9824ef6d750e9494a46

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(26)

Sender ip

180.214.237.130

From

"michelle.li@cq.de-well.com"<michelle.li@cq.de-well.com"

Subject

"Re: Re: De Well Container Shipping Inc. - Arrival Notice - SQINS0013227 - COSU6885585530 -"

Attachment

"invoice.rar"

MD5

d5b09a5750e08a7ddfe7314fb31c1d46

SHA256

ef9a58606acdad93bb6c06c17f68f3878ddcfd8106b34184729c017c63ca5405

Family

Unknown

(27)

Sender ip

45.137.22.61

From

"Sulak@universalstarch.com"

Subject

"FW: URGENT ORDER_NO.238275-ENQUIRY"

Attachment

"Swift copy.zip"

MD5

424bdee5675bde82c078315f7701309b

SHA256

bbe48c851cb2d77e0c97d76df8b8816f337b718c7211547f552a489f995e6352

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(28)

Sender ip

104.168.176.25

From

"Alan Xie" <export@terra-oiltech.com>"

Subject

"fw: co"

Attachment

"DECLARATION with date and name of factory and name of exporter.rar"

MD5

24c509eacfeb8bb3b1f75b8ec51188aa

SHA256

cd897eb3dbe04c9d28c3d6a4c7deceff8c1695c377696b134a3b0864de3db180

Family

Unknown

 

(29)

Sender ip

45.137.22.114

From

"Andy claims" <claims@kpiclub.or.kr>"

Subject

"Payment Advice - Advice-Customer Ref: [8589567458]"

Attachment

"Advice Payment Copy.GZ"

MD5

dd0e51e456fd10786bffa6be29ff9389

SHA256

66fe8dd2339e12fb3de52730d49d38f4471512c70c6b593b9d3735458a2e9b53

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(30)

Sender ip

103.150.8.18

From

"Sujay A.N Account Executive <admin@wattek.ae>"

Subject

"ACE Alpha PO55455 and Wattek PI Approval"

Attachment

"ACE Alpha PO and Wattek Invoice.tar.gz"

MD5

202d624d4e67fc8d31f325728bf158cb

SHA256

0888105ce18f83950bfeb10d1e6b81770d975aa5e7ea10e8803e3f9b5e917d62

Family

AveMariaRAT

(31)

Sender ip

37.0.11.45

From

"Info@lawsonair.com.au"

Subject

"RE: RE: Proceed with Invoice 2021-11-10."

Attachment

"Re 22-039 Quotationinstant tent shipment qty.gz"

MD5

503e0e42857f4a31935a7180c6d1c73a

SHA256

7ebc7f5a95b0d6723dd769348955a1c71c6df487b59588f55b97604961fcd1ae

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(32)

Sender ip

45.12.213.162

From

"sales@ezehighway.space"

Subject

"PO#20210510"

Attachment

"PO#20210510.zip"

MD5

dc7d39feb4e179bda2d87981b0bd6a3e

SHA256

ed73bc6297ad87b60767e90df04fa0cc3c005f92c89fcd3257383ef0ff334e26

Family

Unknown

(33)

Sender ip

45.133.1.148

From

"Shahzad Faiz" <procurement.pk@mtechintl.com>"

Subject

"FW: INQUIRY / 09112021 / MT-SGWI"

Attachment

"KJ 09112021 MT-SGWI.ace"

MD5

06a7eac10627a09ac91ebd277c186425

SHA256

f52b9806cd2f5398beda8e65ead2ee5d0c818c0ca7872d6eb44b570a1bd58539

Family

Formbook

(34)

Sender ip

95.211.88.158

From

"Hassan Basit <snaqiahmed@timespresspk.com>"

Subject

"URGENT REQUEST FOR QUOTATION- DUBAI UAE AL JABER REGA 2021 REF:3214ED21 Please send your best possible rates"

Attachment

"DUBAI BHPC 23HPO.Gz"

MD5

dd734dd46c7e0e1dc75219348d16c2d1

SHA256

5ddf928d9fa5d1efbb45c86a264c9c3308ccf71ae537df116a4a15097704f1c5

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(35)

Sender ip

202.27.215.17

From

"Renate Klopf <info@theeasyslicer.com>"

Subject

"AWS: new order /Proforma-Invoice / Order Confirmation AB22-00569"

Attachment: "CERAMIC VASE

Attachment

"CERAMIC VASE

(3X40HQ).xlsx"

MD5

f9b6591ed514f1cbaf6c7dea5142ef0e

SHA256

56ad77fb10203eb4216f26993861e96d0e37a283f1ce6ca78069f054138828b7

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(36)

Sender ip

45.137.22.61

From

"aroma@preskonita.com"

Subject

"RE: Confirmation Of Bank Details.."

Attachment

"details of payment.zip"

MD5

a6446e81cb608996349dbc140a741f9b

SHA256

d18a843a646b90c2e69a33ff5c0bef8e91a363c19e7f1d43a298a5279217c747

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(37)

Sender ip

185.222.57.209

From

"Return-Path: <Paul.Yip@speedmark.com.hk>"

Subject

"RE:PAYMENT DUE & SHIPMENT STATUS"

Attachment

"UPDATTED S O A.zip"

MD5

745ab1a0e629cc308b789fe8e01504a6

SHA256

5319fb9aa658191a80c6054ad80dec70455c01c580b7aba556c23d4b22c3be41

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(38)

Sender ip

118.98.72.87

From

"Overdue <overdue@billing.anaplam.com>"

Subject

"Payment#1747 canceled"

Attachment

"Payment 1747_2.xll"

MD5

2eff85a8e5f41feedeae53385e679f18

SHA256

6540c0bfa0958b40ae99db2746c733044982ab6adf8f34b1b5cdbce55e121f95

Family

Dridex

(39)

Sender ip

180.214.237.130

From

"michelle.li@cq.de-well.com"<michelle.li@cq.de-well.com"

Subject

"Re: Re: De Well Container Shipping Inc. - Arrival Notice - SQINS0013227 - COSU6885585530 -"

Attachment

"invoice.rar"

MD5

1cb38b39610710cc7bb7d6bac49165f7

SHA256

7de1de7f48735f921e285a86897de868ad763aaa0f23ac3b94abfb8b519a1d8e

Family

Unknown

(40)

Sender ip

180.214.237.130

From

"Jayla"<op_cs239@aaa-china.net"

Subject

"RE: Overdue for September Shpt"

Attachment

"SOA.rar"

MD5

2ba9d2a3729bf46efe4fa5772b5b4c79

SHA256

5ddfcc4e30838c4c6953c777757b3436df567efa124d114eb07a6ff6f5ffe53e

Family

Unknown

(41)

Sender ip

45.137.22.152

From

"Creamy Ho (CHK-SD3)<creamy.ho@chemtax.com>"

Subject

"RE new contract no. FU21-062A for 1st lot 4437.34kgs- updated P/I and packing list - pls sign back the updated contract and note"

Attachment

"Contract Documents.zip"

MD5

1db49a4c116febc7a2979ec8cfcfb9a6

SHA256

90d5da5b1f895affb2b49f3d703e2392b113b16a8b17a9a4b00d02ba927e9ed3

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(42)

Sender ip

185.222.57.209

From

Ashwin Kumar.S <purchase5@spic.co.in>

Subject

"New Request for Quotation 2000051165"

Attachment

"R F Q 2000051165.zip"

MD5

c688adf17f6c33a4e8d783e5940e34c2

SHA256

590318eeea1e2faccd86cbab6b213157f0ae27a0c91ed0472352fd543aaa1e4d

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(43)

Sender ip

172.107.237.56

From

"=?UTF-8?B?V2VybmVyIEfDtnR6?= <marketing@jnpowerbatteries.com>"

Subject

"Fw: New Order No. BCM190282"

Attachment

"New Order-2021-PO#0834.r00"

MD5

a213b2a896d6d056768a73cdfaa73710

SHA256

4758f80ca599c7a9056bc42ee5c8691a4452a473f11fb75636e410516cc7b76c

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 


Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 3_3_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 45.137.22.124 From "Cheng Yong"<rosa@franball.net>" Subject "RV: Shipping advice - 2nd container under ct.876" Attachment "SHIPPING ADVICE#202203.zip" MD5 aa2d18552a8d5041e4c757cee09f2c4d SHA256 0628b564bad3c4e59644e91398899f88143aa2eb3473e720270fb1566c628d60 Family AgentTesla If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .       (2) Sender ip 2.56.56.35 From "contato@vastoverde.com.br" Subject "fwd :Outstanding Remittance payment" Attachment "receipt_pdf.z" ...
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH...
Read more

Phishing Attacks 24_3_2022

Image
If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 185.222.58.240 From "flocon acc" <accounts@flocon-industries.com>" Subject "Re: RE: RE: RE: RE: RE: RE: RE: Re: RE: RE: Purchase of Wire Cutting, Stripping and Twisting Machine" Attachment "Sales Contract Copy.TAR" MD5 40e05d66fa334f0e1595c1a6417fecab SHA256 c57086d514c801eaded5f2b6e02b21784c8154f1423693bc9c40454c6bb79d85 Family Formbook   (2) Sender ip 107.173.104.75 From "Yergazy Nurbekuly<info@highomeleds.com>" Subject "=?UTF-8?B?UmU6IFJFOiBBV1M6IG5ldyBvcmRlciAvUHJvZm9ybWEtSW52b2ljZSAvIE0vNDU2IOKAkyBNaWQgTWFyY2g=?=" Attachment ...
Read more