Phishing Attacks 5_4_2022

If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here 👇.

My udemy course


(1)

Sender ip

194.31.98.47

From

"Mr. Daniel Zhao<mgil0x01@gmail.com>"

Subject

"Proforma invoice payment"

Attachment

"Payment Copy.zip"

MD5

bb4dde2a2433bedfd2c6bedab19a8c12

SHA256

6da35e1f392e0a4b0235cc81cf68b39970aafda21030d2fea6af7bcc74e40045

Family

Formbook

 

(2)

Sender ip

45.58.34.21

From

"account <admin@2080technologiesllc.partners>"

Subject

"Re: Proforma Invoice 2796 / confirmation for Payment"

Attachment

"Proforma Invoice_2796_xlsx.arj"

MD5

83ba6d0051c75780ba34f08cb02333b1

SHA256

6dbb568a27ba00004d455a2bd66439c2fca1f9948fc6f4c19371862ea2d8c25e

Family

Formbook

 

(3)

Sender ip

185.222.57.233

From

"Benjamin Martinez Bonilla <bmartinez@cuervo.com.mx>"

Subject

"Re: Pago"

Attachment

"Pago.001"

MD5

8179e8d9b30b978278500bcf4c30ab1e

SHA256

67b86d0361a567e04ddaf54753ecb70e5fcdf894caa5e051cbf615121326c8c0

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(4) 

Sender ip

185.102.170.181

From

"HSBC Advising Service" <cha.bel@towingfolsom.com>"

Subject

"Payment Advice - Advice Ref:[A1NtIO94cfao] / ACHcredits / Customer

Ref:[1015676834] / Second Party Ref:[2002028205]

Attachment

"Payment Advice - Advice Ref[A1NtIO94cfao].gz"

MD5

213e50ff19cba2a393149aedc41103ed

SHA256

bda2bc4dc57a7c748348cdb4756349af46c3bee0943bec60afc4d48ad23594eb

Family

Unknown

 

(5)

Sender ip

37.49.225.131

From

"Gauri .G <info@impac-group.in>"

Subject

"RFQ - CP22037 // Quotation for Materials #BSST-CP22670A-1"

Attachment

"RFQ - CP22037 Quotation for Materials #BSST-CP22670A-1.pdf.arj"

MD5

d6e36bb85d98e9fcc7800cc2499ba2cd

SHA256

edca8a81cf317bfee1b549f6b3ece655d3a3595d179b253ae11bb8e96436bd05

Family

Formbook

 

(6)

Sender ip

185.222.57.188

From

"Ahmet AYDIN <sales@hidros.com.tr>"

Subject

"RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC"

Attachment

"pipe & valve BOQ.pdf.xz"

MD5

9f0ef6ac989f1f3b430b6e8c0d4d854f

SHA256

08a828eacfad53f42ac7cbb2184690202db0a2eb2c82a9b548e35b6e277d45dc

Family

SnakeKeylogger

 

(7)

Sender ip

185.222.57.188

From

"Ahmet AYDIN <sales@hidros.com.tr>"

Subject

"RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC"

Attachment

"Generic Pipe Master SDRL Rev 2.pdf.xz"

MD5

f797aded8037bd22c90db56ddb7cd89f

SHA256

811143cbf29068b4248600a57441ce0a2a1cf5194473a287c2ac9eab05552927

Family

SnakeKeylogger

 

(8)

Sender ip

178.62.41.228

From

"Andrzej Budziak <contact@krodaer.bar>"

Subject

"SKM_2872106104863364 CONTRACT 2022"

Attachment

"Contract.gz"

MD5

0edb0ac46978ea19cd8a7d1593603dc3

SHA256

b732982c4bcbf62d6fbab3b1e1ddd3764a8f99a17d1e8f679632f891b65c03ce

Family

RemcosRAT

 

(9)

Sender ip

185.222.57.233

From

"Sales <sales@alassriya.com>"

Subject

"Re: Quote"

Attachment

"Quote.r11"

MD5

210512f01ddf3ea6f59026054820cae8

SHA256

cd9d8ce9ca80265854e70ba9148f9e22ab4d7018eecea466618098ec8f8f74be

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(10)

Sender ip

193.56.29.132

From

"info@carbonhousecomposites.com"

Subject

"RFQ - inquiry no. WPS- 3602-2022"

Attachment

"RFQ-WPS-3602.xlsx"

MD5

0181ddead2fc2a2a1eba3819d7f6237a

SHA256

a6d67eac3f8ec8b8b72469dc712fa468da42451215ac27bd81e394e55aab4e15

Family

Formbook

 

(11)

Sender ip

2.58.149.14

From

"bkmfilter.sales@gmail.com"

Subject

"Quote order#098799"

Attachment

"5092134.zip"

MD5

ef3ca757554e2b0359aa8d1b7d5bac28

SHA256

dd97a028f4656cf793b963960e8eb1b27243cf135a39ec796470e0328c59fb2f

Family

Formbook

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA   

 

Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 25_9_2021

Phishing Attacks 15_12_2021

Phishing Attacks 1_12_2021