Phishing Attacks 16_2_2021

 



If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course



(1)

Sender ip

203.159.80.182

From

"DHL Group <dev@lists.roundcube.net>"

Subject

"Shipment Document BL,INV and packing list"

Attachment

"Shipment Document BL,INV and packing list.jpg.ace"

MD5

b800504be883e3cda511a86d7c16ee3d

SHA256

00a6ef981cfb0915c42062fc29892b2c55408f5fabbb77ac528cd85428578cc0

Family

Formbook

 

(2)

Sender ip

185.222.58.58

From

"KCTC International Ltd.<accounts@kctcintl.co.kr>"

Subject

"pounds Payment Only//Revise Invoice to pounds Currency//Provide pounds Bank Details"

Attachment

"pounds Payment.zip"

MD5

d232c424641bd7c98da1e72b340c9960

SHA256

ae027ce7ae2fe9beae54dd28cc762c3be6a7652918490c9cc30f8498937d50b8

Family

Formbook

 

(3)

 

Sender ip

199.10.31.237

From

"Roseline"<mfry@fathomrealty.com>"

Subject

"Payment"

Attachment

"Scanned101.zip"

MD5

4b60bb4d11850a546305a201443fd580

SHA256

a1554259073fe90c0b577c90357f22a73291e57836e74933f0c6a000f7f1ead3

Family

BitRAT

 

 

(4)

 

Sender ip

199.10.31.237

From

"Roseline"<mfry@fathomrealty.com>"

Subject

"Payment"

Attachment

"Scanned101.zip"

MD5

4b60bb4d11850a546305a201443fd580

SHA256

a1554259073fe90c0b577c90357f22a73291e57836e74933f0c6a000f7f1ead3

Family

BitRAT

 

(5)

Sender ip

185.222.58.92

From

"Zahir Uddin" <zohir@linktexsportswear.com>"

Subject

"Re: PT sai payment"

Attachment

"Wire Transfer Copy.7Z"

MD5

129188feb16f5ac6f3a69aa70933955f

SHA256

13e22246d7ab046d62946c11bcdd0d8968348beea1c5d854274c069770e1c614

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

 (6)

Sender ip

37.0.11.89

From

"Accounts Payables" <alarmsysteme@t-online.de>"

Subject

"Re: Payment receipt"

Attachment

"PAYMENT RECEIPT.rar"

MD5

67401c6d9af39147878e35a54b8ce21f

SHA256

4dddf65a4208903c0672ef3d5c6f2507cb0b0a46e6d997b8323097639c2f7f41

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(7)

Sender ip

2.56.59.219

From

"Angie Yuan" <lee@18964395826.com>"

Subject

"Re: Forwarder Details"

Attachment

"SC221420.IMG"

MD5

2e39197eefddf6c8d79a4775078872d1

SHA256

cc8d7caae86931fd55dbe76f6dce9cbbfedc3a9bd329c39a63e62c4b58ec39a4

Family

Formbook

 

(8)

Sender ip

185.222.58.58

From

"KCTC International Ltd.<accounts@kctcintl.co.kr>"

Subject

"80% advance payment"

Attachment

"advance payment.zip"

MD5

4a3f27f583265d76d6bbdf933a4a0ffc

SHA256

86437f5988a08ba44e610ae53eb2d77426e00f3ed8e5110dee63f98abdb30092

Family

Formbook

 

(9)

Sender ip

185.222.58.41

From

"Kirsten Buermans <kirsten.kjos@myccnb.com>"

Subject

"fw: Payment"

Attachment

"Swift copy.zip"

MD5

2997ea9b25150b59e39fd7a800364f9a

SHA256

f3c1fcd51e7c19668dd1d407d55e600cfe09ded3cac37b2906be6a8f6ca729b4

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(10)

Sender ip

45.137.22.148

From

"contact.eg@eticeurope.com"

Subject

"RE: NEW REVISED ORDER"

Attachment

"NEW REVISED ORDER.r00"

MD5

a48ae81e89ec55a5ccd35564b8312c94

SHA256

3e3c65d9214cdcdf6bb00dfa213bd53009f16cf9b2e0eb6b015596f767cdcd63

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA   


Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more