Phishing Attacks 27_11_2021

 




If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course


(1)

Sender ip

185.222.57.237

From

"Anthony" <info@jacom.or.jp>"

Subject

"Unpaid Due Invoice For Export Order_noref S10SMG00318021"

Attachment

"TT_SWIFT_Export Order_noref S10SMG00318021.Z"

MD5

c58d5e2b828ecaed0e6688d65e6961e9

SHA256

11128ecb20c21ca6dd1bc29409c2a33de2aa5f6db4483bd1062085821d3b4186

Family

Formbook

 

(2)

Sender ip

45.137.22.156

From

"=?UTF-8?B?TWFyaW8gw4FuZ2VsIFDDqXJleiBDYXJiYWphbA==?= <contacto@smartconsultoria.mx>"

Subject

"Factura correspondiente a noviembre"

Attachment

"Factura.r00"

MD5

ae7e9f9f1c5bb6eb02a9d257ff99b90d

SHA256

29bf36c6b6fd6fdc200e39fb811768cd413ba4ae7dd85ca0479a17047ecfe49c

Family

Unknown

 

(3)

 

Sender ip

103.167.93.76

From

"Hashim Abdulla" <sales@mr-freshco.com>"

Subject

"REQUEST FOR URGENT QUOTATION _{RFQ}"

Attachment

"PO_467889999087746346_PDF_.uu"

MD5

e74f27f6976becd6ec54a2be39583b0b

SHA256

ad437e05c9fe33a7b9a0368f65a663f7449a96c583a53483f85a88a95b815d1d

Family

Formbook

 

 

(4)

 

Sender ip

209.85.222.54

From

"FCB UK." <tgrorthamp@gmail.com>"

Subject

"Payment Notification."

Attachment

"FCB Payment Approval Letter..doc"

MD5

a8a00d83c5f3e11044176691a42fb780

SHA256

ed888c5440254e0626c897c2add0df6444821a1000f209f577e6f9e835130d61

Family

Unknown

 

(5)

Sender ip

193.56.29.188

From

"jacol@jacol.pl"

Subject

"FW: REQUEST FOR THE QUOTE 180030876"

Attachment

"RFQ- PO 180030876.xlsx"

MD5

be0f492d15478f27be7e79f07a901a2b

SHA256

e624803aab79b18716fc0ba9b78e37b8a340cc129dfc47a3eaad2b17d091dae4

Family

Formbook

 

 (6)

Sender ip

199.10.31.238

From

"DHL Express <info@dhlxpres.com>"

Subject

"On Demand Delivery"

Attachment

"attach-file.img"

MD5

e04d958c16df00046fe516e6ea187321

SHA256

00d0dcc155b889107ad32e90f8172490dc32280cc62e762bfa5e7deecea1099d

Family

RemcosRAT

 

(7)

Sender ip

198.23.165.240

From

"Dario Villamarin Munoz<postmaster@multwell.net>"

Subject

"RE: PERFORMA INVOICE FOR SUPPLIED ITEMS"

Attachment

"CDCB-PKG04-2573-2021 -TRANSGLOBAL.docx"

MD5

b2d2d9115bd393babe0f8b177b0d45fd

SHA256

2244a4685966cfd237ab4abba59f80b8c2eabd52ccf3ea5ddc0ef431ef458991

Family

Unknown

 

(8)

Sender ip

185.222.57.209

From

"Tiffany@lyshipping.net"

Subject

"RE:Payment is completed"

Attachment

"TRANSFER SLIP.zip"

MD5

1140fe7e4671de14bc4e93b7833388d2

SHA256

439c1ca11be7919835e6a3524baa7f86355d493963aadba4fe661c3ac878553e

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(9)

Sender ip

45.137.22.187

From

"=?UTF-8?B?VElFTkRBIFZBTFBBUkHDjVNPIExBRA==?= <valparaiso@sherwin.cl>"

Subject

"=?UTF-8?B?UmU6IENvdGl6YWNpw7NuIFJGUQ==?="

Attachment

"Cotizacin RFQ.r00"

MD5

3e8705370c9d62dd3bd1b4db16163b87

SHA256

de1fc9c68764558d6a62d45d6b165f97f912edb095327274d41997e8b10d5541

Family

Unknown

 

(10)

Sender ip

185.222.57.237

From

"International Contracting Company" <sales@icmaster.com.hk>"

Subject

"Reconfirm payment Information"

Attachment

"Reconfirm payment_details.rar"

MD5

fc12df534d811b1795367d0ae29f03ff

SHA256

1f52d3796cf118e643b744438f397d3a4321e44f6bf90df2b69e6cee7fdd815b

Family

Unknown

 

(11)

Sender ip

185.222.57.209

From

"op01@lyshipping.net"

Subject

"RE: payment made to your account today on behalf of our banking customer"

Attachment

"TRANSFER SLIP (3).zip"

MD5

4f4f779139b34d29b831687014a8c3d3

SHA256

305d5d000b62973f16324d78f8ae38a81f1e358d599bbc26bc4745123f78f45f

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

 (12)

Sender ip

185.222.57.209

From

"Tiffany@lyshipping.net"

Subject

"RE:Payment is completed"

Attachment

"TRANSFER SLIP.zip"

MD5

953bb3f3e78ad51aa164849fdabf8cc6

SHA256

eb317d5ea6169fd6359fd184a91c7948cce6a662a92405df636592952f1f20c0

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(13)

Sender ip

210.56.11.43

From

"HSBC Advising Service" <kc.hh@kitchencuisine.com.pk>"

Subject

"Payment Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer

Ref:[SSNSB TO #838476"

Attachment

"Document7000.xlsx"

MD5

607bac1d2dfb0d8a6859d5a67b812b5c

SHA256

4b19a3abba880de5f9fbb4dd9331add29b5ab61a5cdd7bff3c6c1933fa86146a

Family

Formbook


(14)

Sender ip

45.137.22.168

From

"Tina Wu <tina.wu@comaco.cn>"

Subject

"ORDER INQUIRY-PVP-SP-2021-54 F.W.G-Symbiosis"

Attachment

"ORDER INQUIRY-PVP-SP-2021-59.zip"

MD5

10791efbf3a5edd898dea687f99ce49d

SHA256

e6382f39e59a7a9ee50266d28cd9ff170879d6afe9c4a7d955905c34a860af38

Family

SnakeKeylogger

(15)

Sender ip

185.222.58.155

From

"=?UTF-8?B?ZW5kZXIgZ8O2esO8bW/En2x1?= <endergozumoglu@gmail.com>"

Subject

"RE: Re: Proforma-Invoice AB22-00178"

Attachment

"Emailing Swift.r00"

MD5

b8b4d09e7110f216879e21de187e5ec0

SHA256

5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more