Phishing Attacks 16_2_2021
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender ip |
203.159.80.182 |
|
From |
"DHL Group
<dev@lists.roundcube.net>" |
|
Subject |
"Shipment Document BL,INV and
packing list" |
|
Attachment |
"Shipment Document BL,INV and
packing list.jpg.ace" |
|
MD5 |
b800504be883e3cda511a86d7c16ee3d |
|
SHA256 |
00a6ef981cfb0915c42062fc29892b2c55408f5fabbb77ac528cd85428578cc0 |
|
Family |
Formbook |
(2)
|
Sender ip |
185.222.58.58 |
|
From |
"KCTC International
Ltd.<accounts@kctcintl.co.kr>" |
|
Subject |
"pounds Payment Only//Revise
Invoice to pounds Currency//Provide pounds Bank Details" |
|
Attachment |
"pounds Payment.zip" |
|
MD5 |
d232c424641bd7c98da1e72b340c9960 |
|
SHA256 |
ae027ce7ae2fe9beae54dd28cc762c3be6a7652918490c9cc30f8498937d50b8 |
|
Family |
Formbook |
(3)
|
Sender ip |
199.10.31.237 |
|
From |
"Roseline"<mfry@fathomrealty.com>" |
|
Subject |
"Payment" |
|
Attachment |
"Scanned101.zip" |
|
MD5 |
4b60bb4d11850a546305a201443fd580 |
|
SHA256 |
a1554259073fe90c0b577c90357f22a73291e57836e74933f0c6a000f7f1ead3 |
|
Family |
BitRAT |
(4)
|
Sender ip |
199.10.31.237 |
|
From |
"Roseline"<mfry@fathomrealty.com>" |
|
Subject |
"Payment" |
|
Attachment |
"Scanned101.zip" |
|
MD5 |
4b60bb4d11850a546305a201443fd580 |
|
SHA256 |
a1554259073fe90c0b577c90357f22a73291e57836e74933f0c6a000f7f1ead3 |
|
Family |
BitRAT |
(5)
|
Sender ip |
185.222.58.92 |
|
From |
"Zahir Uddin"
<zohir@linktexsportswear.com>" |
|
Subject |
"Re: PT sai payment" |
|
Attachment |
"Wire Transfer Copy.7Z" |
|
MD5 |
129188feb16f5ac6f3a69aa70933955f |
|
SHA256 |
13e22246d7ab046d62946c11bcdd0d8968348beea1c5d854274c069770e1c614 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(6)
|
Sender ip |
37.0.11.89 |
|
From |
"Accounts Payables"
<alarmsysteme@t-online.de>" |
|
Subject |
"Re: Payment receipt" |
|
Attachment |
"PAYMENT RECEIPT.rar" |
|
MD5 |
67401c6d9af39147878e35a54b8ce21f |
|
SHA256 |
4dddf65a4208903c0672ef3d5c6f2507cb0b0a46e6d997b8323097639c2f7f41 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
|
Sender ip |
2.56.59.219 |
|
From |
"Angie Yuan"
<lee@18964395826.com>" |
|
Subject |
"Re: Forwarder Details" |
|
Attachment |
"SC221420.IMG" |
|
MD5 |
2e39197eefddf6c8d79a4775078872d1 |
|
SHA256 |
cc8d7caae86931fd55dbe76f6dce9cbbfedc3a9bd329c39a63e62c4b58ec39a4 |
|
Family |
Formbook |
(8)
|
Sender ip |
185.222.58.58 |
|
From |
"KCTC International
Ltd.<accounts@kctcintl.co.kr>" |
|
Subject |
"80% advance payment" |
|
Attachment |
"advance payment.zip" |
|
MD5 |
4a3f27f583265d76d6bbdf933a4a0ffc |
|
SHA256 |
86437f5988a08ba44e610ae53eb2d77426e00f3ed8e5110dee63f98abdb30092 |
|
Family |
Formbook |
(9)
|
Sender ip |
185.222.58.41 |
|
From |
"Kirsten Buermans
<kirsten.kjos@myccnb.com>" |
|
Subject |
"fw: Payment" |
|
Attachment |
"Swift copy.zip" |
|
MD5 |
2997ea9b25150b59e39fd7a800364f9a |
|
SHA256 |
f3c1fcd51e7c19668dd1d407d55e600cfe09ded3cac37b2906be6a8f6ca729b4 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
|
Sender ip |
45.137.22.148 |
|
From |
"contact.eg@eticeurope.com" |
|
Subject |
"RE: NEW REVISED ORDER" |
|
Attachment |
"NEW REVISED ORDER.r00" |
|
MD5 |
a48ae81e89ec55a5ccd35564b8312c94 |
|
SHA256 |
3e3c65d9214cdcdf6bb00dfa213bd53009f16cf9b2e0eb6b015596f767cdcd63 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment