Phishing Attacks 15_2_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender ip |
137.184.90.200 |
|
From |
"<zita@anthonybirch.ml>" |
|
Subject |
"Attached our formal P/O :
4501226854." |
|
Attachment |
"PO - 4501226854,pdf
(1).iso" |
|
MD5 |
9addd85060db79af3b0ac0e3011c69c1 |
|
SHA256 |
b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 |
|
Family |
Formbook |
(2)
|
Sender ip |
143.198.41.151 |
|
From |
"Gilbert Anderson
<info@digimaincheckshower.com>" |
|
Subject |
"Please accept my applicant
" |
|
Attachment |
"Approvald-32134.doc" |
|
MD5 |
40582aacc0f7f8a0946a64249dae4767 |
|
SHA256 |
1b97ac97a845c9f63cf7308e3f6f9832173b1f67d31e8902b59f8c2a891657cc |
|
Family |
Unknown |
(3)
|
Sender ip |
143.198.41.151 |
|
From |
"Gilbert Anderson <info@digimaincheckshower.com>" |
|
Subject |
"facture-544443" |
|
Attachment |
"facture-544443.doc" |
|
MD5 |
338e6d7a8a2649e72c464782ce1016a3 |
|
SHA256 |
5f2d56f3a1eb00c00cd227ca5658f2fdf2d45f7e263346fcaeb7ed8ec439c097 |
|
Family |
Unknown |
(4)
|
Sender ip |
37.0.11.89 |
|
From |
"Atilla TIKVESLIGIL"
<atikvesligil@richhobby.com>" |
|
Subject |
"Fwd: wire confirmation copy
against Proforma Invoice" |
|
Attachment |
"Euro_swiftcopy.rar" |
|
MD5 |
e54205a35ee21598e06d637435ceef86 |
|
SHA256 |
1d2ea705b33041009cd57d7c3274b2378f6d2d249320d62aeaeff012348f1835 |
|
Family |
AgentTesla |
(5)
|
Sender ip |
37.0.11.89 |
|
From |
"DHL Express"
<shipments_notice@dhl.com>" |
|
Subject |
"Fwd: DHL Express Shipment
Confirmation: 4651438620" |
|
Attachment |
"DHL CUSTOM INVOICE SHIPMENT
WAYBILL DOC.rar" |
|
MD5 |
df27e24e8631219b969aefd959558874 |
|
SHA256 |
bc9f97d8273b5c2da60474613a131b9f107bb6715865fc3a654ad6f71eb42754 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
|
Sender ip |
199.10.31.237 |
|
From |
"Franco De Agazio"
<batinelli@pec.it>" |
|
Subject |
"FT. PRO INVOICE N. 6 DATE
28.01.2022 for aaron.young" |
|
Attachment |
"FT. PRO INVOICE N. 6 DATE
28.01.2022.img.rar" |
|
MD5 |
bdc096717c359b865a89c113bdeb5c35 |
|
SHA256 |
c07e38348293f1d9f3960272b93567a678005b6ad8036886d439b31f351095e1 |
|
Family |
AveMariaRAT |
(7)
|
Sender ip |
159.89.129.193 |
|
From |
"Asha Guveara
<asha@csonivx.sbs>" |
|
Subject |
"RE :New order" |
|
Attachment |
"New Quotation.rar" |
|
MD5 |
28b801b30bedfee91c9478cf4ce36aa2 |
|
SHA256 |
dc2fc2f28761355e28a6a604764121f16e98b35158432edb7fd307e5af80007c |
|
Family |
Loki |
(8)
|
Sender ip |
212.192.246.113 |
|
From |
"Hamad Ali Al-Otaibi" <sales@ares-trafo.com>" |
|
Subject |
"product inquiry" |
|
Attachment |
"products.doc" |
|
MD5 |
04fe442795d0079e19b4a55a4e8e4ccd |
|
SHA256 |
195c64e1ebaabf8d0bf624658861d0c14bd72b5280e42bb3e505211ad8f92e0d |
|
Family |
Unknown |
(9)
|
Sender ip |
185.222.57.217 |
|
From |
"ing.jbarragan@hotmail.com" |
|
Subject |
"Quote Order-AS-377578" |
|
Attachment |
"Enijidjm.001" |
|
MD5 |
34f43688d7a1abe4f127f7c0ac9820b0 |
|
SHA256 |
983790f3afb9aa0fb567435bb73750a94e66d134cf6dbc2566089af6d6c0ce34 |
|
Family |
Matiex |
(10)
|
Sender ip |
185.222.57.217 |
|
From |
"ing.jbarragan@hotmail.com" |
|
Subject |
"Quote Order-AS-377578" |
|
Attachment |
"Midgjuhe.001" |
|
MD5 |
4f370156a9c3da91df5c21a228af42ab |
|
SHA256 |
35248022f594b4c2af73374ce544ab23f99c26471bc8f6fafc898b3f5b5a9639 |
|
Family |
AgentTesla |
(11)
|
Sender ip |
185.222.58.57 |
|
From |
"Maria
Simao<admin@mokitens.gq>" |
|
Subject |
"RE: Project Quotation Reque |
|
Attachment |
"BID TENDER
DOCUMENTS.zip" |
|
MD5 |
cf251ae9ee92ea9882ee21de4601b32c |
|
SHA256 |
64b13fb51affdd02f7313c8125ecffbe689991494702e66c4054efd76d01f35e |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
|
Sender ip |
103.141.137.14 |
|
From |
"DHL CUSTOMER SUPPORT<queretaro@iespumas.com>" |
|
Subject |
"DHL Shipment
Notification" |
|
Attachment |
"583302921.rar" |
|
MD5 |
0244afe15d625c9a244ab34d5a1e2879 |
|
SHA256 |
c84af3491f284d8a9c99541c6c76f9e79c74fa89ecc6c3090cf001048280d0af |
|
Family |
AgentTesla |
(13)
|
Sender ip |
198.255.83.26 |
|
From |
"HSBC Advising Service
<info@hsbc.com>" |
|
Subject |
"Payment Advice - Ref:
[HSBC105700161022] / RFQ Priority Payment / Customer Ref: [PI107007QT50]" |
|
Attachment |
"HSBC Priority Payment Advice
HSBC105700161022.img" |
|
MD5 |
03b97d32cebb59beb3742c7a10bbc257 |
|
SHA256 |
1a7cc1ff5f8f305921f3f7908e1ea16688d94d4eeb27a6a4ae4fbfde29e952ad |
|
Family |
Formbook |
(14)
|
Sender ip |
185.222.58.75 |
|
From |
"=?UTF-8?B?VGFtYXJhIETFvmVibw==?=
<tamara.dzebo@delamode-group.com>" |
|
Subject |
"New Order" |
|
Attachment |
"ORDER
S20220211-601.pdf.rar" |
|
MD5 |
a9589f87c9b07500f1a4b990b4435e84 |
|
SHA256 |
df09637d286c69d436ecab49ff23c4d0fcea1bbfd91b9fa6a9fd2efa55a0811c |
|
Family |
Formbook |
(15)
|
Sender ip |
185.222.58.61 |
|
From |
"Jackie Porras at LAX x8664
<jporras@matson.com>" |
|
Subject |
"Re:Re: P/ INVOICE Draft TT
And Documents of Balance Payment" |
|
Attachment |
"P INVOICE.uue" |
|
MD5 |
5bf79da5721a9b26d5a0062f6437b9c4 |
|
SHA256 |
1e10035051f5a988c16c6c8d705e7222001036d49739f91d8467ded9401c506b |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
|
Sender ip |
185.222.58.50 |
|
From |
"sales@centerlinetech-usa.com" |
|
Subject |
"Re: Confirm revised invoice
to proceed with payment ASAP." |
|
Attachment |
"invoice.rar" |
|
MD5 |
348afd15b935a3a644e9d455eedf4794 |
|
SHA256 |
ea518da4196ed3d2c1f15c0d59205d4b0adf70d1111965544b9acd23292917cf |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
|
Sender ip |
185.222.58.61 |
|
From |
"karthika.p@iap-india.com" |
|
Subject |
"Fwd: Purchase Order" |
|
Attachment |
"Purchase Order.rar" |
|
MD5 |
eb6877580694ec56d4353d3a1d806486 |
|
SHA256 |
ef1d17187e2d20e12df4a4d56852ca470afecc309979a0fafb806676cafb2bed |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
|
Sender ip |
2.57.238.26 |
|
From |
"Franco De Agazio"
<batinelli@pec.it>" |
|
Subject |
"BL COPY-PACKING LIST &
CMR DOC" |
|
Attachment |
"BL COPY-PACKING LIST &
CMR DOC.rar" |
|
MD5 |
0cdc7e4e998681bea5d00387a73892a5 |
|
SHA256 |
b5b9fa7a242d729528b9317f1d31158230a18abc3b5de7d3cecf122b8fea7db0 |
|
Family |
AveMariaRAT |
(19)
|
Sender ip |
185.222.58.50 |
|
From |
"sales@centerlinetech-usa.com" |
|
Subject |
"Re: PAYMENT
COMFIRMATION" |
|
Attachment |
"invoice.rar" |
|
MD5 |
74bdf0415ab591124121fa8c5e4c52ba |
|
SHA256 |
239e12e8ee3b7389bacdb8a6f14c4e45d2ad5b63e1ad366c280750f8257e814d |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
|
Sender ip |
212.192.241.164 |
|
From |
"=?UTF-8?B?RXhwb3J0IFNhbGVzIE1hbmFnZXIgPMOBbmdlbCBBdmlsw6lzPg==?=" |
|
Subject |
"BALANCE PAYMENT " |
|
Attachment |
"payment swift.ARJ" |
|
MD5 |
70597b2d983fe3ebfd07c7e0b5628a3f |
|
SHA256 |
6d73c439dfcdc183082ce303c8563211bb3261f89bf10f743bff6995044bb96f |
|
Family |
NanoCore |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment