Phishing Attacks 5_4_2022
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender ip |
194.31.98.47 |
|
From |
"Mr. Daniel
Zhao<mgil0x01@gmail.com>" |
|
Subject |
"Proforma invoice
payment" |
|
Attachment |
"Payment Copy.zip" |
|
MD5 |
bb4dde2a2433bedfd2c6bedab19a8c12 |
|
SHA256 |
6da35e1f392e0a4b0235cc81cf68b39970aafda21030d2fea6af7bcc74e40045 |
|
Family |
Formbook |
(2)
|
Sender ip |
45.58.34.21 |
|
From |
"account
<admin@2080technologiesllc.partners>" |
|
Subject |
"Re: Proforma Invoice 2796 /
confirmation for Payment" |
|
Attachment |
"Proforma
Invoice_2796_xlsx.arj" |
|
MD5 |
83ba6d0051c75780ba34f08cb02333b1 |
|
SHA256 |
6dbb568a27ba00004d455a2bd66439c2fca1f9948fc6f4c19371862ea2d8c25e |
|
Family |
Formbook |
(3)
|
Sender ip |
185.222.57.233 |
|
From |
"Benjamin Martinez Bonilla
<bmartinez@cuervo.com.mx>" |
|
Subject |
"Re: Pago" |
|
Attachment |
"Pago.001" |
|
MD5 |
8179e8d9b30b978278500bcf4c30ab1e |
|
SHA256 |
67b86d0361a567e04ddaf54753ecb70e5fcdf894caa5e051cbf615121326c8c0 |
|
Family |
AgentTesla |
(4)
|
Sender ip |
185.102.170.181 |
|
From |
"HSBC Advising Service"
<cha.bel@towingfolsom.com>" |
|
Subject |
"Payment Advice - Advice
Ref:[A1NtIO94cfao] / ACHcredits / Customer Ref:[1015676834] / Second Party
Ref:[2002028205] |
|
Attachment |
"Payment Advice - Advice
Ref[A1NtIO94cfao].gz" |
|
MD5 |
213e50ff19cba2a393149aedc41103ed |
|
SHA256 |
bda2bc4dc57a7c748348cdb4756349af46c3bee0943bec60afc4d48ad23594eb |
|
Family |
Unknown |
(5)
|
Sender ip |
37.49.225.131 |
|
From |
"Gauri .G
<info@impac-group.in>" |
|
Subject |
"RFQ - CP22037 // Quotation
for Materials #BSST-CP22670A-1" |
|
Attachment |
"RFQ - CP22037 Quotation for
Materials #BSST-CP22670A-1.pdf.arj" |
|
MD5 |
d6e36bb85d98e9fcc7800cc2499ba2cd |
|
SHA256 |
edca8a81cf317bfee1b549f6b3ece655d3a3595d179b253ae11bb8e96436bd05 |
|
Family |
Formbook |
(6)
|
Sender ip |
185.222.57.188 |
|
From |
"Ahmet AYDIN <sales@hidros.com.tr>" |
|
Subject |
"RFQ: YKL GLOBAL METAL
SERVICE - TR / flange request from NPSC" |
|
Attachment |
"pipe & valve
BOQ.pdf.xz" |
|
MD5 |
9f0ef6ac989f1f3b430b6e8c0d4d854f |
|
SHA256 |
08a828eacfad53f42ac7cbb2184690202db0a2eb2c82a9b548e35b6e277d45dc |
|
Family |
SnakeKeylogger |
(7)
|
Sender ip |
185.222.57.188 |
|
From |
"Ahmet AYDIN
<sales@hidros.com.tr>" |
|
Subject |
"RFQ: YKL GLOBAL METAL
SERVICE - TR / flange request from NPSC" |
|
Attachment |
"Generic Pipe Master SDRL Rev
2.pdf.xz" |
|
MD5 |
f797aded8037bd22c90db56ddb7cd89f |
|
SHA256 |
811143cbf29068b4248600a57441ce0a2a1cf5194473a287c2ac9eab05552927 |
|
Family |
SnakeKeylogger |
(8)
|
Sender ip |
178.62.41.228 |
|
From |
"Andrzej Budziak <contact@krodaer.bar>" |
|
Subject |
"SKM_2872106104863364
CONTRACT 2022" |
|
Attachment |
"Contract.gz" |
|
MD5 |
0edb0ac46978ea19cd8a7d1593603dc3 |
|
SHA256 |
b732982c4bcbf62d6fbab3b1e1ddd3764a8f99a17d1e8f679632f891b65c03ce |
|
Family |
RemcosRAT |
(9)
|
Sender ip |
185.222.57.233 |
|
From |
"Sales
<sales@alassriya.com>" |
|
Subject |
"Re: Quote" |
|
Attachment |
"Quote.r11" |
|
MD5 |
210512f01ddf3ea6f59026054820cae8 |
|
SHA256 |
cd9d8ce9ca80265854e70ba9148f9e22ab4d7018eecea466618098ec8f8f74be |
|
Family |
AgentTesla |
(10)
|
Sender ip |
193.56.29.132 |
|
From |
"info@carbonhousecomposites.com" |
|
Subject |
"RFQ - inquiry no. WPS-
3602-2022" |
|
Attachment |
"RFQ-WPS-3602.xlsx" |
|
MD5 |
0181ddead2fc2a2a1eba3819d7f6237a |
|
SHA256 |
a6d67eac3f8ec8b8b72469dc712fa468da42451215ac27bd81e394e55aab4e15 |
|
Family |
Formbook |
(11)
|
Sender ip |
2.58.149.14 |
|
From |
"bkmfilter.sales@gmail.com" |
|
Subject |
"Quote order#098799" |
|
Attachment |
"5092134.zip" |
|
MD5 |
ef3ca757554e2b0359aa8d1b7d5bac28 |
|
SHA256 |
dd97a028f4656cf793b963960e8eb1b27243cf135a39ec796470e0328c59fb2f |
|
Family |
Formbook |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Safe and Reliable Nationwide Auto Transport Travelers Auto Transport
ReplyDelete