Phishing Attacks 15_12_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender
ip |
37.0.10.173 |
|
From |
"Mona
Bharti <m.bhart@frigel.com>" |
|
Subject |
"Purchase
Order 1212200205_PR21220055" |
|
Attachment |
"Purchase
Order 1212200205_PR21220055.zip" |
|
MD5 |
5e1c9b4e130a7a9bb68ed6e6f414ff20 |
|
SHA256 |
0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
|
Sender
ip |
45.137.22.181 |
|
From |
"ajay.katoch@unilever.com" |
|
Subject |
"RE:
invoice & packing list for shipping order no. 411301" |
|
Attachment |
"Attached
CO.r15" |
|
MD5 |
cdc1a45890db6598b2f7a532060e29c2 |
|
SHA256 |
05dfdca2313e98aa8f9db4fddd13fe777104bb11953c2a4932eb49cec0dd7252 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
|
Sender
ip |
45.137.22.93 |
|
From |
"sophia
<sales01@cztymy.com>" |
|
Subject |
"Re:Invoice
and Packing List--amended" |
|
Attachment |
"PI
S30C-921111218111.GZ" |
|
MD5 |
ded5190cfaa6ab27303caea6f9bd2e00 |
|
SHA256 |
22bf512a38e371b7fe797e1d539a3bce0079bd76f58abfeeaa6be698df43ff4a |
|
Family |
Formbook |
(4)
|
Sender
ip |
136.144.41.186 |
|
From |
"Mr
Kashaev Vladislav Eduardovich" |
|
Subject |
"VOLGOIL
LLC SOFT CORPORATE OFFER VESSEL TO TANK" |
|
Attachment |
"VOLGOIL
LLC SOFT CORPORATE OFFER VESSEL TO TANK.7z" |
|
MD5 |
78536dd4af9c3445f025ac888c0515ab |
|
SHA256 |
02be2acc2bc4878da5f573a27400a480122da8ae3d68182fd009e379d490352a |
|
Family |
NanoCore |
(5)
|
Sender
ip |
139.59.6.250 |
|
From |
"Debbie"
<system@sendtsafe.co>" |
|
Subject |
"Payment
Confirmation." |
|
Attachment |
"#00957.iso" |
|
MD5 |
75f85ffac63ed2e49f0ce8f4d6a8e929 |
|
SHA256 |
0c576250fd7f281b88f55de3f3c6aef2fda03fc3a2e88ee51b92af6b317ae515 |
|
Family |
Vjw0rm |
(6)
|
Sender
ip |
139.59.6.250 |
|
From |
"Debbie"
<system@sendtsafe.co>" |
|
Subject |
"Payment
Confirmation." |
|
Attachment |
"#00958.iso" |
|
MD5 |
4071996d3dbb7b9be8e22a813fdef1a6 |
|
SHA256 |
8eedb8f6d698589f1ce2e40ebae8b6804033ac909843f4ab2dda71dff231759e |
|
Family |
Vjw0rm |
(7)
|
Sender
ip |
139.59.6.250 |
|
From |
"Debbie"
<system@sendtsafe.co>" |
|
Subject |
"Payment
Confirmation." |
|
Attachment |
"#00959.iso" |
|
MD5 |
591bb2b50c347846a568c82d300969b9 |
|
SHA256 |
0f82668bfc4a7cb6bfa8f8b0acfe7aeade12584e9929423de0fbbee8f0686384 |
|
Family |
QuasarRAT |
(8)
|
Sender
ip |
144.217.179.149 |
|
From |
"=?UTF-8?B?TXIuIEFtcmFuaSBOYcOvbQ==?=
<gmadmin@dirdgroup.org>" |
|
Subject |
"Re:Re
TT remit details copy" |
|
Attachment |
"Drawing.zip" |
|
MD5 |
d0567533d3fdd72f2924f99d98336a38 |
|
SHA256 |
608a227b1f369c8d6199cb345284e689dd96b1abb0498d4fc64e1041d5f62dac |
|
Family |
Formbook |
(9)
|
Sender
ip |
144.217.179.149 |
|
From |
"=?UTF-8?B?TXIuIEFtcmFuaSBOYcOvbQ==?=
<gmadmin@dirdgroup.org>" |
|
Subject |
"Re:Re
TT remit details copy" |
|
Attachment |
"PO_4781RNY2196.zip" |
|
MD5 |
335886f67b3724ecdc7326fd00446b5b |
|
SHA256 |
4dfdf9be94f946ee6fd91be20934b4faaf6610f87e3335eae5bd325fc49976b1 |
|
Family |
Formbook |
(10)
|
Sender
ip |
173.212.242.124 |
|
From |
"Glen
James <tdimitrijevski@renova.com.mk>" |
|
Subject |
"RE:
Purchase Order December" |
|
Attachment |
"PO#201805131.xll" |
|
MD5 |
fce4e9bf1b79c9344f0156e80876962f |
|
SHA256 |
8587e22ee5ba8c7b55be29e8d3494afa049a2aaacb583a2c66f807090edf8bc3 |
|
Family |
Dridex |
(11)
|
Sender
ip |
167.71.107.114 |
|
From |
"HSBC
Advising Service" <advising.service@mail.hsbcnet.hsbc.com>" |
|
Subject |
"Payment
Advice - Advice Ref:[GLV211429671] / ACH credits / Customer
Ref:[ACHKACH120210215104455BND]" |
|
Attachment |
"Payment
Slip.ace" |
|
MD5 |
5de066d7efae5ff7cf8741714a46d199 |
|
SHA256 |
915f1ad11eb5ea4be828afae635c1a5583b93505d04f5cb29a6da8bced9bbb57 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender
ip |
134.209.32.215 |
|
From |
"Ratul
<ratul@mbmdhaka.com>" |
|
Subject |
"INVOICE
AND PACKING LIST" |
|
Attachment |
"INV
and PL_ 8822.xlsx" |
|
MD5 |
3101496c44097ae9f0ca2df31a5d7bfc |
|
SHA256 |
9aa08f13b82fc623a5df0d8e6af31801012b349eccd638cff9e3125a9ac0aa0b |
|
Family |
RemcosRAT |
(13)
|
Sender
ip |
167.71.107.114 |
|
From |
"TNT
eInvoicing" <service@tnt.com>" |
|
Subject |
"TNT
E-Invoicing Notification - 04592648 - URGENT" |
|
Attachment |
"TNT
Original Invoice.ace" |
|
MD5 |
3e74e07bac450e61f75b4cdcc088ed42 |
|
SHA256 |
d5578f2bc2a1b53b6d71aa92005df73552ec0f1f58e2e71d32b00efd59e14446 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
|
Sender
ip |
167.71.107.114 |
|
From |
"TNT
eInvoicing" <service@tnt.com>" |
|
Subject |
"TNT
E-Invoicing Notification - 04592648 - URGENT" |
|
Attachment |
"TNT
Original Invoice.ace" |
|
MD5 |
3e74e07bac450e61f75b4cdcc088ed42 |
|
SHA256 |
d5578f2bc2a1b53b6d71aa92005df73552ec0f1f58e2e71d32b00efd59e14446 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
|
Sender
ip |
159.65.77.142 |
|
From |
"Deena
Sarala<sales@fvmnxbvo.bar>" |
|
Subject |
"REQUEST
FOR QUOTATION Ref. # IRQ/21/07799" |
|
Attachment |
"IRQ2107799_pdf.rar" |
|
MD5 |
9f31051dd992feee202e0e1337fabbff |
|
SHA256 |
cb12e77313f8ee2e81f01e8808a2ecb3116797e8dc988a97c74cc0d7b2ee9fcd |
|
Family |
Formbook |
(16)
|
Sender
ip |
37.0.10.173 |
|
From |
"Forexhub
<fom@bwpheritagehotel.com>" |
|
Subject |
"Soft
copy of SWIFT message" |
|
Attachment |
"E008_SWIFT_MSG_13122021_26.pdf.z.zip" |
|
MD5 |
e102c31a628e1338b997d8916fa8c820 |
|
SHA256 |
53800d0333233122697c6e3eef1864370d8e4cb62cc47420b49c38ac23c68411 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
|
Sender
ip |
167.71.244.75 |
|
From |
"Account
Officer <Account@fvmnxbvo.bar>" |
|
Subject |
"Payment
Swift#8765498" |
|
Attachment |
"Payment
Swift#8765498.zip" |
|
MD5 |
8153878607856dfe8fe2e80ffb198514 |
|
SHA256 |
529271437ee1960fc39854963c8da79fc43842959d0af0674518827eeef72289 |
|
Family |
SnakeKeylogger |
(18)
|
Sender
ip |
185.222.58.146 |
|
From |
"He
Ping Qing <q.he@schwartz-hts.com>" |
|
Subject |
"=?UTF-8?B?TnVldmEgY290aXphY2nDs24=?=" |
|
Attachment |
"Nueva
cotizaci�n.1119918.img" |
|
MD5 |
d09e0b39d0fdaef8394a20eaa33cd12a |
|
SHA256 |
0ee912f9023209747e60617a512cc7d5ae6bf4820c37e1e20c4e7abe27b8dfc0 |
|
Family |
Formbook |
(19)
|
Sender
ip |
45.137.22.181 |
|
From |
"customercare@omfreight.com.cn" |
|
Subject |
"RE
RECONFIRM BANK DETAILS FOR PAYMENT" |
|
Attachment |
"PROFORMA
INVOICE.r15" |
|
MD5 |
f2658a1fb477742310630f94bdde5fe9 |
|
SHA256 |
e413c2f3ae67cb1b1dcf5c51f7e50b3163b46dff2e5b9778d6eba77b0dbea244 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
|
Sender
ip |
23.254.231.10 |
|
From |
"wendy"
<wendy@minglidagroup.live>" |
|
Subject |
"MALINDA
ELECTRONICS BALANCE CONFIRMATION AS AT 12.12.2021" |
|
Attachment |
"COPY-Telegraphic
Transfer TT copy hefco USD 242,357.59 overdue payment.rar" |
|
MD5 |
eb1d06353fab49b92375b9c9dea478d2 |
|
SHA256 |
e11aa7d33cbd28cc5567eaf664abcdc17425f6e12f86d868847cb9f69eb9eb4e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
|
Sender
ip |
192.162.246.99 |
|
From |
"telegram-mainserv0.live"
<info@telegram-mainserv0.live>" |
|
Subject |
"Transaction
Proceeded" |
|
Attachment |
"Statement_1321.xll" |
|
MD5 |
925412d32980c6ede6140e576fda5753 |
|
SHA256 |
99afafb9edf09d9430d229df428dd5532de770adbfdb5aa798574607cb6b15a2 |
|
Family |
Unknown |
(22)
|
Sender
ip |
185.222.58.146 |
|
From |
"West
Legend Trading <sales@westlegend.com>" |
|
Subject |
"=?UTF-8?B?UmU6IFNvbGljaXRhcmUgZGUgb2ZlcnTEgyBwZW50cnUgY29tYW5kYSB1cmdlbnTEgyBQTyAxMTA5MjFfMTEwOTIx?=" |
|
Attachment |
"Quotation
for Urgent PO 110921.zip" |
|
MD5 |
69364aeb8d0d7494b2c57b15468d80da |
|
SHA256 |
6a0e26086494a46e09c1ed630a51998f05dc8ea0ec1584d2d1775f0e40ef5869 |
|
Family |
Formbook |
(23)
|
Sender
ip |
185.222.57.171 |
|
From |
"Bettie"
< bettie.moore@alexcomva.com>" |
|
Subject |
"3816
Outer Banks" |
|
Attachment |
"Invoice
3816 Outer Banks Report.rar" |
|
MD5 |
897b9bf001cf832673ce58090e28f1ac |
|
SHA256 |
a0c7a560d6659170771ecdad2ee8b11602401ab5aae8ccd84deffb0119d6de44 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
|
Sender
ip |
185.222.57.171 |
|
From |
"Bettie"
< bettie.moore@alexcomva.com>" |
|
Subject |
"3816
Outer Banks" |
|
Attachment |
"Invoice
3816 Outer Banks Report.rar" |
|
MD5 |
897b9bf001cf832673ce58090e28f1ac |
|
SHA256 |
a0c7a560d6659170771ecdad2ee8b11602401ab5aae8ccd84deffb0119d6de44 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(25)
|
Sender
ip |
185.222.57.171 |
|
From |
"LCP
MARTHA MEZA <contabilidad@electrifica.com.mx>" |
|
Subject |
"RE:
CONFIRMAR FACTURA" |
|
Attachment |
"factura
3816.r11" |
|
MD5 |
ade5b3a352bd689b9b89c05dd9f07805 |
|
SHA256 |
e44ee702e250c1796e4b3545729181e86f790143ce5f29be84061b3d0466bd25 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(26)
|
Sender
ip |
185.222.57.150 |
|
From |
"Lenny
Ciccarone <lciccarone@mrpcollects.com>" |
|
Subject |
"RE:
SHIPMENT PLAN OF DEC" |
|
Attachment |
"報價參.zip" |
|
MD5 |
762ebbb4ab96ee0a0ed46dd8eda39174 |
|
SHA256 |
532012653a0b13e63b531db7af3d9fc9096637e826c36dc3a6d6e7e4d4c315e0 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(27)
|
Sender
ip |
143.198.55.73 |
|
From |
"Mansoor
Ali <Ali@dgfxbvo.bar>" |
|
Subject |
"NEW
ORDER 75647834984" |
|
Attachment |
"ORDER#75647834984.zip" |
|
MD5 |
fc479068aca098d87db4f054a0163e11 |
|
SHA256 |
d4ba9b24d1e97b8a0872f8124104f4e48491eaf601b4087abb5b0407cf5f2417 |
|
Family |
SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment