Phishing Attacks 27_11_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender
ip |
185.222.57.237 |
|
From |
"Anthony"
<info@jacom.or.jp>" |
|
Subject |
"Unpaid
Due Invoice For Export Order_noref S10SMG00318021" |
|
Attachment |
"TT_SWIFT_Export
Order_noref S10SMG00318021.Z" |
|
MD5 |
c58d5e2b828ecaed0e6688d65e6961e9 |
|
SHA256 |
11128ecb20c21ca6dd1bc29409c2a33de2aa5f6db4483bd1062085821d3b4186 |
|
Family |
Formbook |
(2)
|
Sender
ip |
45.137.22.156 |
|
From |
"=?UTF-8?B?TWFyaW8gw4FuZ2VsIFDDqXJleiBDYXJiYWphbA==?=
<contacto@smartconsultoria.mx>" |
|
Subject |
"Factura
correspondiente a noviembre" |
|
Attachment |
"Factura.r00" |
|
MD5 |
ae7e9f9f1c5bb6eb02a9d257ff99b90d |
|
SHA256 |
29bf36c6b6fd6fdc200e39fb811768cd413ba4ae7dd85ca0479a17047ecfe49c |
|
Family |
Unknown |
(3)
|
Sender
ip |
103.167.93.76 |
|
From |
"Hashim
Abdulla" <sales@mr-freshco.com>" |
|
Subject |
"REQUEST
FOR URGENT QUOTATION _{RFQ}" |
|
Attachment |
"PO_467889999087746346_PDF_.uu" |
|
MD5 |
e74f27f6976becd6ec54a2be39583b0b |
|
SHA256 |
ad437e05c9fe33a7b9a0368f65a663f7449a96c583a53483f85a88a95b815d1d |
|
Family |
Formbook |
(4)
|
Sender
ip |
209.85.222.54 |
|
From |
"FCB
UK." <tgrorthamp@gmail.com>" |
|
Subject |
"Payment
Notification." |
|
Attachment |
"FCB
Payment Approval Letter..doc" |
|
MD5 |
a8a00d83c5f3e11044176691a42fb780 |
|
SHA256 |
ed888c5440254e0626c897c2add0df6444821a1000f209f577e6f9e835130d61 |
|
Family |
Unknown |
(5)
|
Sender
ip |
193.56.29.188 |
|
From |
"jacol@jacol.pl" |
|
Subject |
"FW:
REQUEST FOR THE QUOTE 180030876" |
|
Attachment |
"RFQ-
PO 180030876.xlsx" |
|
MD5 |
be0f492d15478f27be7e79f07a901a2b |
|
SHA256 |
e624803aab79b18716fc0ba9b78e37b8a340cc129dfc47a3eaad2b17d091dae4 |
|
Family |
Formbook |
(6)
|
Sender
ip |
199.10.31.238 |
|
From |
"DHL
Express <info@dhlxpres.com>" |
|
Subject |
"On
Demand Delivery" |
|
Attachment |
"attach-file.img" |
|
MD5 |
e04d958c16df00046fe516e6ea187321 |
|
SHA256 |
00d0dcc155b889107ad32e90f8172490dc32280cc62e762bfa5e7deecea1099d |
|
Family |
RemcosRAT |
(7)
|
Sender
ip |
198.23.165.240 |
|
From |
"Dario
Villamarin Munoz<postmaster@multwell.net>" |
|
Subject |
"RE:
PERFORMA INVOICE FOR SUPPLIED ITEMS" |
|
Attachment |
"CDCB-PKG04-2573-2021
-TRANSGLOBAL.docx" |
|
MD5 |
b2d2d9115bd393babe0f8b177b0d45fd |
|
SHA256 |
2244a4685966cfd237ab4abba59f80b8c2eabd52ccf3ea5ddc0ef431ef458991 |
|
Family |
Unknown |
(8)
|
Sender
ip |
185.222.57.209 |
|
From |
"Tiffany@lyshipping.net" |
|
Subject |
"RE:Payment
is completed" |
|
Attachment |
"TRANSFER
SLIP.zip" |
|
MD5 |
1140fe7e4671de14bc4e93b7833388d2 |
|
SHA256 |
439c1ca11be7919835e6a3524baa7f86355d493963aadba4fe661c3ac878553e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
|
Sender
ip |
45.137.22.187 |
|
From |
"=?UTF-8?B?VElFTkRBIFZBTFBBUkHDjVNPIExBRA==?=
<valparaiso@sherwin.cl>" |
|
Subject |
"=?UTF-8?B?UmU6IENvdGl6YWNpw7NuIFJGUQ==?=" |
|
Attachment |
"Cotizaci�n RFQ.r00" |
|
MD5 |
3e8705370c9d62dd3bd1b4db16163b87 |
|
SHA256 |
de1fc9c68764558d6a62d45d6b165f97f912edb095327274d41997e8b10d5541 |
|
Family |
Unknown |
(10)
|
Sender
ip |
185.222.57.237 |
|
From |
"International
Contracting Company" <sales@icmaster.com.hk>" |
|
Subject |
"Reconfirm
payment Information" |
|
Attachment |
"Reconfirm
payment_details.rar" |
|
MD5 |
fc12df534d811b1795367d0ae29f03ff |
|
SHA256 |
1f52d3796cf118e643b744438f397d3a4321e44f6bf90df2b69e6cee7fdd815b |
|
Family |
Unknown |
(11)
|
Sender
ip |
185.222.57.209 |
|
From |
"op01@lyshipping.net" |
|
Subject |
"RE:
payment made to your account today on behalf of our banking customer" |
|
Attachment |
"TRANSFER
SLIP (3).zip" |
|
MD5 |
4f4f779139b34d29b831687014a8c3d3 |
|
SHA256 |
305d5d000b62973f16324d78f8ae38a81f1e358d599bbc26bc4745123f78f45f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender
ip |
185.222.57.209 |
|
From |
"Tiffany@lyshipping.net" |
|
Subject |
"RE:Payment
is completed" |
|
Attachment |
"TRANSFER
SLIP.zip" |
|
MD5 |
953bb3f3e78ad51aa164849fdabf8cc6 |
|
SHA256 |
eb317d5ea6169fd6359fd184a91c7948cce6a662a92405df636592952f1f20c0 |
|
Family |
AgentTesla |
(13)
|
Sender
ip |
210.56.11.43 |
|
From |
"HSBC
Advising Service" <kc.hh@kitchencuisine.com.pk>" |
|
Subject |
"Payment
Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer Ref:[SSNSB
TO #838476" |
|
Attachment |
"Document7000.xlsx" |
|
MD5 |
607bac1d2dfb0d8a6859d5a67b812b5c |
|
SHA256 |
4b19a3abba880de5f9fbb4dd9331add29b5ab61a5cdd7bff3c6c1933fa86146a |
|
Family |
Formbook |
(14)
|
Sender
ip |
45.137.22.168 |
|
From |
"Tina
Wu <tina.wu@comaco.cn>" |
|
Subject |
"ORDER
INQUIRY-PVP-SP-2021-54 F.W.G-Symbiosis" |
|
Attachment |
"ORDER
INQUIRY-PVP-SP-2021-59.zip" |
|
MD5 |
10791efbf3a5edd898dea687f99ce49d |
|
SHA256 |
e6382f39e59a7a9ee50266d28cd9ff170879d6afe9c4a7d955905c34a860af38 |
|
Family |
SnakeKeylogger |
(15)
|
Sender
ip |
185.222.58.155 |
|
From |
"=?UTF-8?B?ZW5kZXIgZ8O2esO8bW/En2x1?=
<endergozumoglu@gmail.com>" |
|
Subject |
"RE:
Re: Proforma-Invoice AB22-00178" |
|
Attachment |
"Emailing
Swift.r00" |
|
MD5 |
b8b4d09e7110f216879e21de187e5ec0 |
|
SHA256 |
5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229 |
|
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment