Phishing Attacks 4_12_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender
ip |
31.24.158.28 |
|
From |
"Barry
Deasy <Barry.Deasy@stryker.com>" |
|
Subject |
"Re:
Purchase Order PO20211027STK" |
|
Attachment |
"Purchase
Order PO20211027STK.z" |
|
MD5 |
6c24b895b5e54e8a7ef3d11f4f18c381 |
|
SHA256 |
3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150 |
|
Family |
GuLoader |
(2)
|
Sender
ip |
38.103.244.107 |
|
From |
"HR-Manager
johnlay.ch <Hr-manager@null.net>" |
|
Subject |
"YOUR
EMPLOYMENT STATUS" |
|
Attachment |
"SALARY_RECEIPT.iso" |
|
MD5 |
696526b7ca61198e1304656929396d79 |
|
SHA256 |
0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605 |
|
Family |
Formbook |
(3)
|
Sender
ip |
2.56.59.78 |
|
From |
"shipping@dhl.com" |
|
Subject |
"DHL
Shipping Document" |
|
Attachment |
"Shipping
Document.jpg.ace" |
|
MD5 |
de0db7d0abd74d617dc815e13a41388b |
|
SHA256 |
65a8197891e366a49f8577460a9aaa89ca583cfbec7aac0847d9ccbf75842b1a |
|
Family |
Loki |
(4)
|
Sender
ip |
45.137.22.189 |
|
From |
"Rohan"
<purchasing@zepthaton.com>" |
|
Subject |
"Fwd:
payment copy" |
|
Attachment |
"print_01.rar" |
|
MD5 |
fb0fcfe1c1dd1230b7638168bb611148 |
|
SHA256 |
64c77b664168d14cdf8e6f496dfb85843c1d5b24ffc7c6b5a7756a0872f6673b |
|
Family |
SnakeKeylogger |
(5)
|
Sender
ip |
185.222.58.155 |
|
From |
"funami-int
<funami-int@caminoacasa.es>" |
|
Subject |
"Over
Due proforma invoice for payment" |
|
Attachment |
"proforma
invoice packing list.7z" |
|
MD5 |
fc17d1c66efb0295841b8c3e98e43585 |
|
SHA256 |
e53e055f73bf831b81bdfbfebd66fa4168a637322af475e226d1d591cf49127c |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
|
Sender
ip |
45.87.62.168 |
|
From |
"Jocelyn
Tousignant <jocelyn.tousignant@milenium-usa.us>" |
|
Subject |
"Re:
PG4636 - Confirmed" |
|
Attachment |
"PG4636
- Confirmed .xls.zip" |
|
MD5 |
be067ef8a7a292aad57ce40ea68fc580 |
|
SHA256 |
afa5a92d8aacd7771dcb1c0a3e9151b5d3639e5b5d6661a0583ea9d93b967db8 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
|
Sender
ip |
185.222.57.209 |
|
From |
"sales@elite-instrument.com" |
|
Subject |
"Re:fwd:
URGENT REQUEST" |
|
Attachment |
"TRANSFER
SLIP.zip" |
|
MD5 |
89f87c6aa7d7ccdc49b335e44359afa7 |
|
SHA256 |
aa48a588430e423effde1f2e227c787514e3a072801fc2944ae258e00e2ec59f |
|
Family |
AgentTesla |
(8)
|
Sender
ip |
212.192.246.122 |
|
From |
"portugal@jtmsa.com" |
|
Subject |
"payment
copy" |
|
Attachment |
"payment
copy.zip" |
|
MD5 |
51d3f014595c2b04f5ee5f0e6a6b6736 |
|
SHA256 |
69f3fe2cb60ac42ef8c40632555435044fac763f32f16dc3834fcaa0b9c1ee8f |
|
Family |
Loki |
(9)
|
Sender
ip |
185.222.58.106 |
|
From |
"Vijay"
<vijay@faanperfumes.com>" |
|
Subject |
"New
order dated 1-12-2021" |
|
Attachment |
"No.1089765423012021_inquiry.zip" |
|
MD5 |
62e913bfe9400696bf0cefb4d6e5e745 |
|
SHA256 |
7b2b019833000669a61ff58756311596663a48775af9426765d45a5ea397f27d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
|
Sender
ip |
194.85.248.110 |
|
From |
"Bosoni
Lorella<info@mauria.com>" |
|
Subject |
"RE:
Re: REQUEST FOR INVOICE BL. AWSMUNDAR3606-21" |
|
Attachment |
"BL.
AWSMUNDAR3606-21.zip" |
|
MD5 |
b4be89227289f2785ea2ddf6007d1b67 |
|
SHA256 |
5ba269a524a386908df78d49c779eb701d3eca1bf15f6dca223aa1f9988d8631 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(11)
|
Sender
ip |
103.167.93.76 |
|
From |
"Eric
Ye" < lribau@taurucsraco.com>" |
|
Subject |
"URGENT
REQUEST FOR SPECIFICATION" |
|
Attachment |
"REQUEST
FOR SPECIFICATION_JPG IMAGE.uu" |
|
MD5 |
62e55328189c53381575d6cbda316b86 |
|
SHA256 |
a61a1b250c1091d1068778d166e75c02246130043a03026e34b2a3d35b793db0 |
|
Family |
Formbook |
(12)
|
Sender
ip |
103.167.93.76 |
|
From |
"Eric
Ye" < lribau@taurucsraco.com>" |
|
Subject |
"URGENT
REQUEST FOR SPECIFICATION" |
|
Attachment |
"RFQ_83636736893_JPG
IMAGE.7z" |
|
MD5 |
cd29a6ac678cc6100264c8b934048e7d |
|
SHA256 |
79bf76f7e85b0e55d7c16a58a90c41e281d37b8c806d78653dc16d319bf89f01 |
|
Family |
FormBook |
(13)
|
Sender
ip |
183.111.126.148 |
|
From |
"Alerts
<alerts@mail.turbotax.intuit.com>" |
|
Subject |
"Holydays
highlights: Want to plan ahead?" |
|
Attachment |
"lifehacks_6582318243.docx" |
|
MD5 |
0b25f074b1a7ee7e3a553bdaeb43d11b |
|
SHA256 |
0aadc47fb5644a461486c1c46ac4139f7db57df540dbc80faa0a1501bedff956 |
|
Family |
Dridex |
(14)
|
Sender
ip |
185.144.29.141 |
|
From |
"A
Thomas Petersen <t.petersen@fsmilch.de>" |
|
Subject |
"Ref
Gulfood 2021 Purchase order " |
|
Attachment |
"Gulfood
2021 Purchase order 403 urgent spec.tar.gz" |
|
MD5 |
7b31bd3c88f283ba078f6917b444c711 |
|
SHA256 |
7ae7d148ef1f7ce42b9d4ef546c7b34c4c1e9f501d48d7358cb3995cd5150c23 |
|
Family |
AveMariaRAT |
(15)
|
Sender
ip |
185.222.58.105 |
|
From |
"David"
<customercare@omfreight.com.cn>" |
|
Subject |
"INVOICE
CONFIRMATION TO PROCEED WITH PAYMENT" |
|
Attachment |
"INVOICE.zip" |
|
MD5 |
15399ee8f9c1c99806ea7e155b1dd720 |
|
SHA256 |
e309a432d780486b1bad1716e2aee617acad9aac62cdbebb9615689373978ff4 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
|
Sender
ip |
199.10.31.237 |
|
From |
"Emma
Downey" <emma@loghanfrelght.com>" |
|
Subject |
"RE:
Proforma Invoice-EB01122021" |
|
Attachment |
"PI#EB01122021.rar" |
|
MD5 |
c96d95b605deb2a37903efedefd2ddde |
|
SHA256 |
d863ac93c86fe3294e12cc5c5d41c233568854922a94e4213a79c405850b9c5a |
|
Family |
RemcosRAT |
(17)
|
Sender
ip |
194.85.248.110 |
|
From |
"MAERSK
SHIPPING<marietherese.diouf@msc.com>" |
|
Subject |
"Re:
Shipping Advice - ETD 11DEC. 2021" |
|
Attachment |
"SHIPPING
ADVICE ASEAN.zip" |
|
MD5 |
7535f1abc6ca54d6296b84f64e54202c |
|
SHA256 |
0cf41981215a5ff601b361de4829764dd7b0ca81193fe3a7d291968da6ced314 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
|
Sender
ip |
79.141.165.201 |
|
From |
"andygong
<andygong@chinasiinlon.com>" |
|
Subject |
"Swift
copy" |
|
Attachment |
"Swift
copy.7z" |
|
MD5 |
9fce80c4ac594f4686fa7e114decd0f6 |
|
SHA256 |
b0ebcb139acedfb47ff77eb189aca21e2bd5de158be0c8615b434df9e264b1f6 |
|
Family |
Formbook |
(19)
|
Sender
ip |
103.28.70.63 |
|
From |
"=?UTF-8?B?5byg5Li95pWP?=
<sunny@maoding.com>" |
|
Subject |
"=?UTF-8?B?5Zue5aSNOiBSRVFVRVNUIEZPUiBCQUxBTkNFIFBBWU1FTlQgT1JFRjogNjg1MC4xMS4yMQ==?=" |
|
Attachment |
"swift
02.12.21.xlsx" |
|
MD5 |
ca21ae1c13784a8b5c7c3f684dc12414 |
|
SHA256 |
3ff533b427c96584e26d5d5634a03d31c5b582d077a2891222b70b0b44cec7eb |
|
Family |
Formbook |
(20)
|
Sender
ip |
207.210.201.159 |
|
From |
"Accounting
<accounting@quicckbooks.intvit.com>" |
|
Subject |
"Your
subscription plan TERMINATED" |
|
Attachment |
"new
offers885111832.docx" |
|
MD5 |
0aaa6f0186a7804c407c268651ddf512 |
|
SHA256 |
116f0f9b74f5a9b47bf1e1023249c678e2931e7b5d3dd14a56e6bb2fa6676b00 |
|
Family |
Dridex |
(21)
|
Sender
ip |
202.55.135.222 |
|
From |
"Kai
Kim" <info@sttech.kz>" |
|
Subject |
"Purchase
order confirmation." |
|
Attachment |
"New
order documents. pdf....................gz" |
|
MD5 |
ebbfc8df39e32fe0b39efa48d741d44c |
|
SHA256 |
b9430da874e58b6c0ad8e30f39cd57a8ffcb863eedc4aaa75ecb4d7ab2d3d8a5 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(22)
|
Sender
ip |
104.223.42.165 |
|
From |
"sales@ge-industry.com" |
|
Subject |
"RE:_Reply:_RE_:_RFQ_No.Order
8200004038_DAIDO-2021-QPE-Q63440093-0001_//_A-5555-1239_&_A-5004-0808" |
|
Attachment |
"No.Order
8200004038.rar" |
|
MD5 |
29abb3040e010e2600fadc73675c0491 |
|
SHA256 |
9f22091e006aab35e3021487b1a7a3bd2584cb38bdf737fe5cfcfb7a58f5fccf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(23)
|
Sender
ip |
45.137.22.93 |
|
From |
"Broucek,
Lukas <Lukas.Broucek@frischeis.com>" |
|
Subject |
"Rechnung
3199900-331" |
|
Attachment |
"Rechnung
3199900-331_pdf.img" |
|
MD5 |
5049d02483f1a153852025f16bea9261 |
|
SHA256 |
bccfde7df8d659a4bb697a1bc7bc9c9d9b4585cce8d3744e1847f7fb634084a5 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
|
Sender
ip |
202.55.135.222 |
|
From |
"Robert
Chen" <omn_dkpb_ns@emer.kz>" |
|
Subject |
"Purchase
order" |
|
Attachment |
"Po
docs. pdf...............................r16" |
|
MD5 |
520491b040ed3fdea7a877acee2f9ca1 |
|
SHA256 |
625d77dfe7f5dd78fa40accd4e84a12cb5387e6de68f771d0f138e97a18a2959 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(25)
|
Sender
ip |
206.189.129.162 |
|
From |
"Purchase3
<info@almatractors.com>" |
|
Subject |
"PO
& TT 02D12M2021Y" |
|
Attachment |
"PO
& TT 02D12M2021Y.zip" |
|
MD5 |
0ab0b8f624d5d47da0066e8da428c8a7 |
|
SHA256 |
964975c386f2de7ed9f03bb51a3f1d167f2feb93c04a97ca7c01c8ddc427eef8 |
|
Family |
Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment