Phishing Attacks 5_4

If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .

(1)

Sender ip	194.31.98.47
From	"Mr. Daniel Zhao<mgil0x01@gmail.com>"
Subject	"Proforma invoice payment"
Attachment	"Payment Copy.zip"
MD5	bb4dde2a2433bedfd2c6bedab19a8c12
SHA256	6da35e1f392e0a4b0235cc81cf68b39970aafda21030d2fea6af7bcc74e40045
Family	Formbook

(2)

Sender ip	45.58.34.21
From	"account <admin@2080technologiesllc.partners>"
Subject	"Re: Proforma Invoice 2796 / confirmation for Payment"
Attachment	"Proforma Invoice_2796_xlsx.arj"
MD5	83ba6d0051c75780ba34f08cb02333b1
SHA256	6dbb568a27ba00004d455a2bd66439c2fca1f9948fc6f4c19371862ea2d8c25e
Family	Formbook

(3)

Sender ip	185.222.57.233
From	"Benjamin Martinez Bonilla <bmartinez@cuervo.com.mx>"
Subject	"Re: Pago"
Attachment	"Pago.001"
MD5	8179e8d9b30b978278500bcf4c30ab1e
SHA256	67b86d0361a567e04ddaf54753ecb70e5fcdf894caa5e051cbf615121326c8c0
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(4)

Sender ip	185.102.170.181
From	"HSBC Advising Service" <cha.bel@towingfolsom.com>"
Subject	"Payment Advice - Advice Ref:[A1NtIO94cfao] / ACHcredits / Customer Ref:[1015676834] / Second Party Ref:[2002028205]
Attachment	"Payment Advice - Advice Ref[A1NtIO94cfao].gz"
MD5	213e50ff19cba2a393149aedc41103ed
SHA256	bda2bc4dc57a7c748348cdb4756349af46c3bee0943bec60afc4d48ad23594eb
Family	Unknown

(5)

Sender ip	37.49.225.131
From	"Gauri .G <info@impac-group.in>"
Subject	"RFQ - CP22037 // Quotation for Materials #BSST-CP22670A-1"
Attachment	"RFQ - CP22037 Quotation for Materials #BSST-CP22670A-1.pdf.arj"
MD5	d6e36bb85d98e9fcc7800cc2499ba2cd
SHA256	edca8a81cf317bfee1b549f6b3ece655d3a3595d179b253ae11bb8e96436bd05
Family	Formbook

(6)

Sender ip	185.222.57.188
From	"Ahmet AYDIN <sales@hidros.com.tr>"
Subject	"RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC"
Attachment	"pipe & valve BOQ.pdf.xz"
MD5	9f0ef6ac989f1f3b430b6e8c0d4d854f
SHA256	08a828eacfad53f42ac7cbb2184690202db0a2eb2c82a9b548e35b6e277d45dc
Family	SnakeKeylogger

(7)

Sender ip	185.222.57.188
From	"Ahmet AYDIN <sales@hidros.com.tr>"
Subject	"RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC"
Attachment	"Generic Pipe Master SDRL Rev 2.pdf.xz"
MD5	f797aded8037bd22c90db56ddb7cd89f
SHA256	811143cbf29068b4248600a57441ce0a2a1cf5194473a287c2ac9eab05552927
Family	SnakeKeylogger

(8)

Sender ip	178.62.41.228
From	"Andrzej Budziak <contact@krodaer.bar>"
Subject	"SKM_2872106104863364 CONTRACT 2022"
Attachment	"Contract.gz"
MD5	0edb0ac46978ea19cd8a7d1593603dc3
SHA256	b732982c4bcbf62d6fbab3b1e1ddd3764a8f99a17d1e8f679632f891b65c03ce
Family	RemcosRAT

(9)

Sender ip	185.222.57.233
From	"Sales <sales@alassriya.com>"
Subject	"Re: Quote"
Attachment	"Quote.r11"
MD5	210512f01ddf3ea6f59026054820cae8
SHA256	cd9d8ce9ca80265854e70ba9148f9e22ab4d7018eecea466618098ec8f8f74be
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(10)

Sender ip	193.56.29.132
From	"info@carbonhousecomposites.com"
Subject	"RFQ - inquiry no. WPS- 3602-2022"
Attachment	"RFQ-WPS-3602.xlsx"
MD5	0181ddead2fc2a2a1eba3819d7f6237a
SHA256	a6d67eac3f8ec8b8b72469dc712fa468da42451215ac27bd81e394e55aab4e15
Family	Formbook

(11)

Sender ip	2.58.149.14
From	"bkmfilter.sales@gmail.com"
Subject	"Quote order#098799"
Attachment	"5092134.zip"
MD5	ef3ca757554e2b0359aa8d1b7d5bac28
SHA256	dd97a028f4656cf793b963960e8eb1b27243cf135a39ec796470e0328c59fb2f
Family	Formbook

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel

https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Search This Blog

Malwares

Phishing Attacks 5_4_2022

Comments

Post a Comment

Popular posts from this blog

Phishing Attacks 23_4_2022

Phishing Attacks 3_3_2021

Phishing Attacks 13_11_2021