Phishing Attacks 1_12_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender
ip |
193.56.29.188 |
|
From |
"info@msv.com.pl" |
|
Subject |
"MSV
MAGDALENA PANAK- Stocklist" |
|
Attachment |
"Stocklist-Nov
2021.xlsx" |
|
MD5 |
83c23ce9359c563ef411033945a329dc |
|
SHA256 |
b19815b9d2f36641d41426292eb3e88fe049feeea18662e5f579d8d0452f56ea |
|
Family |
Formbook |
(2)
|
Sender
ip |
202.55.133.225 |
|
From |
"Deepesh
<soumik@multitrackservices.com>" |
|
Subject |
"PAYMENT
DETAILS" |
|
Attachment |
"BANK
DETAILS.xlsx" |
|
MD5 |
d087236fc006137adec1fe9947f9130b |
|
SHA256 |
dc92da90b642e4f9f8574cd27ee31086291da034a50c5267c447a158fccc0dbd |
|
Family |
Unknown |
(3)
|
Sender
ip |
199.10.31.237 |
|
From |
"Larry
Doyle <noreply-service@hd1.vsnl.net.in>" |
|
Subject |
"PROOF
OF PAYMENT" |
|
Attachment |
"PAYMENT
SLIP.ISO" |
|
MD5 |
a6c3e5b5d77adf92a07e03ac74943d28 |
|
SHA256 |
01b26acb014d8d6851ffa92a3f4ca19c85a1690b563cc40cbf7706772c722d7d |
|
Family |
Formbook |
(4)
|
Sender
ip |
45.137.22.156 |
|
From |
"Antonio
Puga <projectmanager@chevroletiztacalco.com.mx>" |
|
Subject |
"FW:
Factura 74927/ NEW PURCHASE " |
|
Attachment |
"factura
74927.r11" |
|
MD5 |
073781a7d22e8e5b22980b6efbc2a386 |
|
SHA256 |
13d19edef3f6b4bcafbf41005708f34601f2710307513d962df8ee2d38846f7d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
|
Sender
ip |
185.222.58.155 |
|
From |
"Marta
Garcia <mgo@caminoacasa.es>" |
|
Subject |
"RE:
Re: Proforma-Invoice CAC1105 CI&PL" |
|
Attachment |
"Proforma-Invoice
CAC1105 CI&PL.gz" |
|
MD5 |
f90e70c0ae55eaddb4cbc30d8a4775da |
|
SHA256 |
84a7181bafd43e9a585e1a8509c3e94beeff26f879405e4ce85b416af0fbab49 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
|
Sender
ip |
45.137.22.169 |
|
From |
"Secretary
General" <secretary@fccisl.lk>" |
|
Subject |
"RFQ
New Order -Ref:US-GOV2021" |
|
Attachment |
"New
Order US-GOV-INQUIRY2021.rar" |
|
MD5 |
a508c59fa4a74c198a2a4a3c0584953e |
|
SHA256 |
f4f778fe07e37b40081911eb52e5063b1e55ddb87ca049a0acdd7d48f8e7b9b3 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
|
Sender
ip |
199.10.31.237 |
|
From |
"DHL
EXPRESS<noreply@thelinkagents.com>" |
|
Subject |
"DHL
Delivery Invoice/Receipt as attached" |
|
Attachment |
"Shipment
documents.pdf.ppam" |
|
MD5 |
025c1af2b8e11a2001b7d359f2a4e58d |
|
SHA256 |
39d20d577f1cba20c8d720f08ae14eae8bd46fa60297a8b11d8f4aad6aa81221 |
|
Family |
Unknown |
(8)
|
Sender
ip |
51.79.145.191 |
|
From |
"Operations@server9.serverqu.com,
Team Leader <operations,.team.leader@bbbb.0rg.com>" |
|
Subject |
"Failure
of the business to respond complaint 931852728" |
|
Attachment |
"4784
details.xlsb" |
|
MD5 |
8a7b8bae3d9860e341af04b60a5c6c59 |
|
SHA256 |
144e904f21e547c079a1b9280ebf5aa3d1164bfd9f904890aea4a1d90bbcf443 |
|
Family |
Dridex |
(9)
|
Sender
ip |
185.222.58.155 |
|
From |
"Marta
Garcia <mgo@caminoacasa.es>" |
|
Subject |
"RE:
Re: Proforma-Invoice CAC1105 CI&PL" |
|
Attachment |
"Proforma-Invoice
CAC1105 CI&PL.img" |
|
MD5 |
bf1def201523e02caa24e87ae3ceb389 |
|
SHA256 |
36a1c63121f940299f8d82f81045947aafe11d265b57116785fecd1e32498cd2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
|
Sender
ip |
185.222.57.142 |
|
From |
"Bariq
Support" <info@bariqarabia.com>" |
|
Subject |
"RE:
NOVEMBER SOA" |
|
Attachment |
"SOA.zip" |
|
MD5 |
37f89d50d34cc10618e763a01541dc48 |
|
SHA256 |
b9bd914037f9e689469bd5c6d16da80f82b5796baf8d61ec96540ed838235590 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
|
Sender
ip |
185.222.57.142 |
|
From |
"Shubhangi"
<monirul@abbl.com>" |
|
Subject |
"RE:Sandhya
- 10010064326 / 10010065742 - FInal doc" |
|
Attachment |
"BL
DRAFT COPY.zip" |
|
MD5 |
b7cfce8a4af0c9486b414749d56501bd |
|
SHA256 |
a2a7b118f19ec3c310046dc91adb960de63d224978e76a80028360614b0a89cc |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender
ip |
185.222.57.142 |
|
From |
"Daniela
Vukosavljevic" <forwarding1@jadroagentbar.com>" |
|
Subject |
"SHIPPING
DOCUMENTS FOR NOVEMBER " |
|
Attachment |
"SHIPPING
DOCUMENTS.zip" |
|
MD5 |
7059109158ee18df6fd04a6ed876d971 |
|
SHA256 |
162ea79f7fcee015c01322b8964eda6edb25ca1c0e1ea2bc7d9fe4c65cd44bb3 |
|
Family |
AgentTesla |
(13)
|
Sender
ip |
185.222.57.209 |
|
From |
"AIR-OP6@REACH-WIN.COM" |
|
Subject |
"RE:balance
70% payment" |
|
Attachment |
"TRANSFER
SLIP.zip" |
|
MD5 |
c854c194f4ce5336677f09f2143e781a |
|
SHA256 |
cfe1b82bbc4ccaf2b6bebced753e559632fc0f83b45969d060320225a970dfbb |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
|
Sender
ip |
185.222.58.105 |
|
From |
"David"
<customercare@omfreight.com.cn>" |
|
Subject |
"INVOICE
CONFIRMATION TO PROCEED WITH PAYMENT" |
|
Attachment |
"INVOICE.zip" |
|
MD5 |
b87ceb8f2ef2d7dbb266b75f78e927c6 |
|
SHA256 |
401400d289a4793b90e2bbcb8e9b787f12f690f5405f6409b920a829135c3746 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
|
Sender
ip |
185.222.58.106 |
|
From |
"Dipak
Sarkar" <dipak.sarkar@ifgl.in>" |
|
Subject |
"Top
urgent last order of year 2021" |
|
Attachment |
"PO2018975601.zip" |
|
MD5 |
625cedc1575c8377027e3fe6d3ab3c27 |
|
SHA256 |
fbd9accbd658afec40aece3cd8d1a6bcb83c442411e1938a380e55ba939e1065 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
|
Sender
ip |
185.222.58.155 |
|
From |
"Mihir
Shah <mihir.shah@hallmarkasia.com>" |
|
Subject |
"Over
Due proforma invoice for payment" |
|
Attachment |
"proforma
invoice packing list.r00" |
|
MD5 |
9fec16e5ed9570acf4ef06012bde09bd |
|
SHA256 |
e8c9bc8eb8d190a11a36961ab1b88544690a013376b934b2ecbfdf3daef89667 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
|
Sender
ip |
45.87.62.168 |
|
From |
"Jocelyn
Tousignant <jocelyn.tousignant@milenium-usa.us>" |
|
Subject |
"Re:
PG4636 - Confirmed" |
|
Attachment |
"PG4636
- Confirmed .xls.zip" |
|
MD5 |
75205250a9224d1e4e941d780659d048 |
|
SHA256 |
a85ada7f6429065c7796e8f6c15431940833425ad2cc0a02d358ffbf0920128f |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
|
Sender
ip |
31.24.158.28 |
|
From |
"Barry
Deasy <Barry.Deasy@stryker.com>" |
|
Subject |
"Re:
Purchase Order PO20211027STK" |
|
Attachment |
"Purchase
Order PO20211027STK.z" |
|
MD5 |
6c24b895b5e54e8a7ef3d11f4f18c381 |
|
SHA256 |
3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150 |
|
Family |
GuLoader |
(19)
|
Sender
ip |
38.103.244.107 |
|
From |
"HR-Manager
johnlay.ch <Hr-manager@null.net>" |
|
Subject |
"YOUR
EMPLOYMENT STATUS" |
|
Attachment |
"SALARY_RECEIPT.iso" |
|
MD5 |
696526b7ca61198e1304656929396d79 |
|
SHA256 |
0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605 |
|
Family |
Formbook |
(20)
|
Sender
ip |
38.103.244.107 |
|
From |
"HR-Manager
johnlay.ch <Hr-manager@null.net>" |
|
Subject |
"YOUR
EMPLOYMENT STATUS" |
|
Attachment |
"SALARY_RECEIPT.iso" |
|
MD5 |
696526b7ca61198e1304656929396d79 |
|
SHA256 |
0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605 |
|
Family |
Formbook |
(21)
|
Sender
ip |
2.56.59.78 |
|
From |
"shipping@dhl.com" |
|
Subject |
"DHL
Shipping Document" |
|
Attachment |
"Shipping
Document.jpg.ace" |
|
MD5 |
de0db7d0abd74d617dc815e13a41388b |
|
SHA256 |
65a8197891e366a49f8577460a9aaa89ca583cfbec7aac0847d9ccbf75842b1a |
|
Family |
Loki |
(22)
|
Sender
ip |
45.137.22.189 |
|
From |
"Rohan"
<purchasing@zepthaton.com>" |
|
Subject |
"Fwd:
payment copy" |
|
Attachment |
"print_01.rar" |
|
MD5 |
fb0fcfe1c1dd1230b7638168bb611148 |
|
SHA256 |
64c77b664168d14cdf8e6f496dfb85843c1d5b24ffc7c6b5a7756a0872f6673b |
|
Family |
SnakeKeylogger |
(23)
|
Sender
ip |
185.222.58.155 |
|
From |
"funami-int
<funami-int@caminoacasa.es>" |
|
Subject |
"Over
Due proforma invoice for payment" |
|
Attachment |
"proforma
invoice packing list.7z" |
|
MD5 |
fc17d1c66efb0295841b8c3e98e43585 |
|
SHA256 |
e53e055f73bf831b81bdfbfebd66fa4168a637322af475e226d1d591cf49127c |
|
Family |
Unknown |
(24)
|
Sender
ip |
45.87.62.168 |
|
From |
"Jocelyn
Tousignant <jocelyn.tousignant@milenium-usa.us>" |
|
Subject |
"Re:
PG4636 - Confirmed" |
|
Attachment |
"PG4636
- Confirmed .xls.zip" |
|
MD5 |
be067ef8a7a292aad57ce40ea68fc580 |
|
SHA256 |
afa5a92d8aacd7771dcb1c0a3e9151b5d3639e5b5d6661a0583ea9d93b967db8 |
|
Family |
Unknown |
(25)
|
Sender
ip |
142.4.1.23 |
|
From |
"Unified
TelecomVoicemailegyptebs@egypt-ebs.com" |
|
Subject |
"Telephone_Message_for_
eric.kessler@johnlay.ch" |
|
Attachment |
"Telephone_message_7368390939.zip" |
|
MD5 |
9f53b336254121c02c7c83a0d8019d76 |
|
SHA256 |
6c2aa974038b8020678c7e61d721d1872176ac844ec806f55e57c04499be0b7e |
|
Family |
Unknown |
(26)
|
Sender
ip |
45.137.22.187 |
|
From |
"Mohamed
Elshayeb <Mohamed@positiveenergykw.com>" |
|
Subject |
"Re:
Bank Slip" |
|
Attachment |
"Bank
Slip.r11" |
|
MD5 |
4a8bb19bb98e81252bd905f2a5873e85 |
|
SHA256 |
9928bc779e691c6dc94a0adb34dd18b6905c50bf4b7699c7d878a2421e145c5d |
|
Family |
AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment