Phishing Attacks 4_4_2022

If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course


(1)

Sender ip

180.214.238.36

From

"easont@cnthrong.com"<easont@cnthrong.com"

Subject

"Re: Request Quotation"

Attachment

"Request Quotation.rar"

MD5

7a084890bd549d63e536ab4233de148a

SHA256

cdff43b16fb843b25faf7d72675eba5b3b311407e43ad4f3e3131c17edc45975

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 


(2)

Sender ip

185.222.57.251

From

"lgpartner.ch <IT@lgpartner.ch>"

Subject

"Payment Advice - Ref: HSBC99002992"

Attachment

"payment advice..zip"

MD5

7e764f0cc7499cda61945f697c021c87

SHA256

26214ac0f1af80311fdcb7034f6c206dbeecaae6ff70fb9e040dd44486542841

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(3) 

Sender ip

199.10.31.238

From

"Tarek Dakroury <tarek.dakroury@dhl.com>"

Subject

"DHL Shipment Notification : 9290293600"

Attachment

"DHL8735679093.zip"

MD5

dfa686026c7ba10bf9d540a8668826a0

SHA256

e4816d5eafb882c6c774f695ecbc760d74f21e289581df1472c741ffcfbbb8b3

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(4) 

Sender ip

199.10.31.238

From

"Tarek Dakroury <tarek.dakroury@dhl.com>"

Subject

"DHL Shipment Notification : 9290293600"

Attachment

"AWB 673687387678.zip"

MD5

530aaf718e220183c538da5b9be9158b

SHA256

6d675f75b5bd44470026f4e50e311cd61d79f3496a18df69b63d833e34eafa88

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(5)

Sender ip

2.56.57.154

From

"Wang weishun" <agencqhd@hoscogroup.com>"

Subject

"RE: Shipment Docs"

Attachment

"Shipment Docs.rar"

MD5

16f49209497cc69dbbb5e8cba25c5dc4

SHA256

20b377289c99905181f6096acdeb077fec5510f0f323ab818429c7b0afb620da

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(6)

Sender ip

178.62.41.228

From

"Andrzej Budziak <contact@krodaer.bar>"

Subject

"SKM_2872106104863364 CONTRACT 2022"

Attachment

"SKM_2872106104863364 CONTRACT 2022_pdf.gz"

MD5

20f83af490d1151fe2bd8a35f30b5589

SHA256

21940f1a2a4ef598cee77a38016ad363f2585012b51474081182a6aa03b1b513

Family

RemcosRAT


(7)

Sender ip

178.62.41.228

From

"Andrzej Budziak <contact@krodaer.bar>"

Subject

"SKM_2872106104863364 CONTRACT 2022"

Attachment

"Payment442022.gz"

MD5

aa78c846f29708c57e99973c7f1ec142

SHA256

ee7f3f56d2d8f4af4cb4d130578c31e47bf88a2a7a366ac8b9234001ccecf0f7

Family

RemcosRAT


(8)

Sender ip

45.137.22.40

From

"=?UTF-8?B?Q28ub3BNYXJ0IE5oacOqdSBM4buZYy1UUENO?=<mnhieuloc-tpcn@coopmart.vn>"

Subject

"=?UTF-8?B?5Zue5aSNOiBSZTogUkVRVUVTVCBEIE4gQ09QWQ==?="

Attachment

"D N invoice CN2022.lzh"

MD5

0e0abb0ff456680e0895ed28afb801e9

SHA256

0f3f589d07be141096cfcccc6f87880fcb941929da46617149c8960de43cfd54

Family

Formbook


(9)

Sender ip

2.58.149.14

From

"bkmfilter.sales@gmail.com"

Subject

"Quote order#098799"

Attachment

"Quote order#098799.zip"

MD5

6db311c2d77b745601c87f47259e7d34

SHA256

65fef0825244239ee368dc96574652ceb31452ba4916aacda68819c50aa7369e

Family

Formbook


(10)

Sender ip

185.222.57.188

From

"Joshua Lebeau <sales@vatvalve.com>"

Subject

"REQUEST FOR QUOTATION (RFQ REF : R2100131410)"

Attachment

"RFQ REF R2100131410.pdf.gz"

MD5

dcf00adfcfbc65c261a297ecef2c6556

SHA256

f1336ed5605c9ec187b28a30d0d07aba63d2338657c2e73adafa29772a29f28e

Family

SnakeKeylogger


(11)

Sender ip

159.65.71.104

From

"Deena Sarala<shirley@23.fxvinru.cfd>"

Subject

"REQUEST FOR QUOTATION Ref. # IRQ/21/07797"

Attachment

"IRQ2107797_pdf.rar"

MD5

b745c521f8696b166f23f5c35c8826fd

SHA256

c79d18cbcb3d8173a566953d17d6b9de45677be87bc580e234e6767488f096a5

Family

Formbook


(12)

Sender ip

185.222.58.92

From

"HSBC Advising Service <clange@karschcapital.com>"

Subject

"Payment Advice - Advice Ref:[GLV124182676] / ACH credits / Customer Ref:[100000265388] / Second Party Ref:[KW05200000032220]"

Attachment

"ScannerHSBC202204.gz"

MD5

675902db4b9acd3973cfaca93f02c251

SHA256

55ac8b49ceea146e352895dce622a25121a8bf142614b3b8418e6b974da4a4d6

Family

Formbook

((13)

Sender ip

45.137.22.115

From

"Abhishek gpibicol<gpibicol@gakkenphil.com>"

Subject

"PO:- 4100357120 - Best Infrastructure Developers LLC ."

Attachment

"Purchase Order_PDF________________________...iso"

MD5

5d3d02334f5fb89ef50cfc36e122994b

SHA256

b3131c30b6304e5303203adc0a1788c88e7272764de6c8ef6fd3288379d3f911

Family

NanoCore


(14)

Sender ip

170.249.208.50

From

"SEB C.A.P TRADINGS <mariah@sebacap.com>"

Subject

"Attn. Request for Quotation "

Attachment

"New Request For Quotation.img"

MD5

952b234903e79da5603e408aac75e7da

SHA256

5518370f0e69054b6ca919fdfb728ddd3899c83390287bd79e0f4e5677f64bb0

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(15)

Sender ip

62.1.46.111

From

“Accounts Payable <holargos@novashops.gr>"

Subject

"Payment advice"

Attachment

"Payment advice.xlsx"

MD5

a030edca5fbca4e76c74e427bb130df3

SHA256

f5ded3866c2ac6e33a463579ac7c41d5b25bcda1e74ad51128c85aeafddd093c

Family

Formbook


(16)

Sender ip

185.222.57.188

From

"Fanny Mendez <sales@tsubaki.co.uk>"

Subject

"=?UTF-8?B?UkZRIE5ldyBPcmRlciAtIDU3bcKzIExQRyBTRU1JIFRSQUlMRVIgNyBOT1M=?="

Attachment

"New Order - 57m LPG SEMI TRAILER 7 NOS.pdf.xxe"

MD5

e36b6dec73651e6ff8bb612a3074a883

SHA256

0507ba39db1b49b9dcd7b0b09d39b4f3e58ee0ed3ef3628d16d8b5b76ee8ffa9

Family

SnakeKeylogger


(17)

Sender ip

45.137.22.40

From

"Summary Jobin <jobin@dhofarcement.com>"

Subject

"=?UTF-8?B?5Zue5aSNOiBVcmdlbnQtcmVxdWVzdCBwYWtpbmcgbGlzdA==?="

Attachment

"paking list PO no. 4600033008.lzh"

MD5

55092a2675740b05a0a58597546a435c

SHA256

c977407ce7f7662fb5914531ca9cce60acdeeeedced357c69f53bd1140fc0aa5

Family

Formbook


(18)

Sender ip

185.222.58.56

From

"cal.cheng@apclogistics.com"

Subject

"FW RE: ORDER SHIPPED#"

Attachment

"invoice 001.ZST"

MD5

c81247b1c508f04a740ab1576d8abebc

SHA256

79dea8d357a2191b48ab647db9edf780578d67fdb674a8d3df3e1cf47788e832

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(19)

Sender ip

185.222.57.155

From

"Mohammad Mehedi Hasan <mehedi.hasan@osgbd.com>"

Subject

"Shipping docs of 758 ctns hanger"

Attachment

"Docs 758.zip"

MD5

4468ebefd4e1f97f6b111d630023dd51

SHA256

8ebf14bda2a12fb9a08e7dce21c85f626978e6bc9ff6ceda5434097daeac744e

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(20)

Sender ip

185.222.57.237

From

"HSBC Advising Service" <advising.service@mail.hsbcnet.hsbc.com>"

Subject

"Payment Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer Ref:[SSNSB TO #83849201]"

Attachment

"HSBC Payment Advice Ref 6258729922_Pdf__.iso"

MD5

84912056e36ace39daef5cacaf3d9644

SHA256

9671b342c3bb26a40af8c558dc4a85b5338330061db000e54100106f2fef74d1

Family

NanoCore


(21)

Sender ip

45.137.22.254

From

"Abdul Rahim" <abdul.rahim@ikl.ae>"

Subject

"RE: Payment"

Attachment

"payment slip.zip"

MD5

c9876d2c6dd361347a67df92c531520d

SHA256

b4b6d0b62c5f96b10a29bc5d4c251682342b6d122f4572832f7d3ef8e6da45f9

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(22)

Sender ip

180.214.238.36

From

"op02@lyshipping.net"<op02@lyshipping.net"

Subject

"RE: Re: Statement of Account (SOA)"

Attachment

"bank TT slip.rar"

MD5

61e18df6e2bbb652b717d5b398c96a68

SHA256

7169a9ef698761785c152c9df7959b0006682343d17278c92a2982fe7ea81bf0

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(23)

Sender ip

45.137.22.153

From

"mkt@timberartdesign.com"

Subject

"RE: Confirm Invoice details for Payment"

Attachment

"PI.r15"

MD5

e60d87c67253413fd6c98be5106c84f1

SHA256

4379def4cc2df6d9f9ff2cff2258f28c669cf77a86967276d4c409751d92d134

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(24)

Sender ip

45.137.22.153

From

"mkt@timberartdesign.com"

Subject

"RE: Confirm Invoice details for Payment"

Attachment

"PI.r15"

MD5

e60d87c67253413fd6c98be5106c84f1

SHA256

4379def4cc2df6d9f9ff2cff2258f28c669cf77a86967276d4c409751d92d134

Family

AgentTesla

 If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla. 

(25)

Sender ip

45.9.168.117

From

"Sabrina Woon <sabrina.woon@converge.com>"

Subject

"PURCHASE ORDER = 62048-2 => 10,000 pcs RZK"

Attachment

"NEW PO 62048-2.img"

MD5

347d2062d9dfe4c87404183c4820c6aa

SHA256

d7d0621c3ff2101f0492523d4c6a6329ad3e573a7c90561405c6e5774447c454

Family

Unknown
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA   

Comments

Post a Comment

Popular posts from this blog

IOCs 7_8_2021

Image
  (1) File Name Netflix Checker AutoProxy.rar Created process Qsbb.exe Connected (Ip/Dns) Fhruhceio[.]eu5[.]org MD5 54407258f1e20055897fe7dad504a5dc SHA256 4c54592475d4636eb0fe0555dbe44813332059d787c755571797484b87983a50 Family njRAT   (2) File Name Start.exe Created process yGYkD7gHOX.exe Connected (Ip/Dns) Telete[.]in MD5 e123bd2a5d074027510e792b92bce913 SHA256 245c87b29983815f1bad519d8490e4fae064ec3f4788781f3944cbe4ad7e8e8b Family Raccoon   (3) File Name Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Created process Banco do Brasil_eDeclaração_SMX_046_6-08-2021_SWIFT.COPY.exe Connected (Ip/Dns) www[.]transinta[.]com MD5 c5
Read more

Phishing Attacks 23_4_2022

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course   (1) Sender ip 180.214.238.82 From "Dang Thi Thu Hien<hiendang@panpacific.co.kr>" Subject "RE: [SSC CS] F22 03/09 Buy Shipping request_04062022" Attachment "SEALOGISTICS DEBIT NOTE.zip" MD5 add8e964a595d7af30f02783943c3a00 SHA256 24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f Family AgentTesla   If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube   AgentTesla .         (2) Sender ip 138.197.200.182 From "Nguyen Thi Quy <nguyen@47.fximnii.sbs>" Subject "RE: Purchase Inquiry: KPC/PU-231(MECH)NBI/20-22"
Read more

Phishing Attacks 15_2_2021

Image
  If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here  . My udemy course (1) Sender ip 137.184.90.200 From "<zita@anthonybirch.ml>" Subject "Attached our formal P/O : 4501226854." Attachment "PO - 4501226854,pdf (1).iso" MD5 9addd85060db79af3b0ac0e3011c69c1 SHA256 b0b0135c292340ab5993a9f2bea6f3f6e6478fb5883fe2e1ef67c60cf3dd0944 Family Formbook   (2) Sender ip 143.198.41.151 From "Gilbert Anderson <info@digimaincheckshower.com>" Subject "Please accept my applicant " Attachment "Approvald-32134.doc" MD5 40582aacc0f7f8a0946a64249dae4767 SHA256 1b97ac97a845c9f63cf7308e3f6f983
Read more