Phishing Attacks 1_12_2021

Malware Analysis
1

 



If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here .

My udemy course


(1)

Sender ip

193.56.29.188

From

"[email protected]"

Subject

"MSV MAGDALENA PANAK- Stocklist"

Attachment

"Stocklist-Nov 2021.xlsx"

MD5

83c23ce9359c563ef411033945a329dc

SHA256

b19815b9d2f36641d41426292eb3e88fe049feeea18662e5f579d8d0452f56ea

Family

Formbook

 

(2)

Sender ip

202.55.133.225

From

"Deepesh <[email protected]>"

Subject

"PAYMENT DETAILS"

Attachment

"BANK DETAILS.xlsx"

MD5

d087236fc006137adec1fe9947f9130b

SHA256

dc92da90b642e4f9f8574cd27ee31086291da034a50c5267c447a158fccc0dbd

Family

Unknown

 

(3)

 

Sender ip

199.10.31.237

From

"Larry Doyle <[email protected]>"

Subject

"PROOF OF PAYMENT"

Attachment

"PAYMENT SLIP.ISO"

MD5

a6c3e5b5d77adf92a07e03ac74943d28

SHA256

01b26acb014d8d6851ffa92a3f4ca19c85a1690b563cc40cbf7706772c722d7d

Family

Formbook

 

 

(4)

 

Sender ip

45.137.22.156

From

"Antonio Puga <[email protected]>"

Subject

"FW: Factura 74927/ NEW PURCHASE "

Attachment

"factura 74927.r11"

MD5

073781a7d22e8e5b22980b6efbc2a386

SHA256

13d19edef3f6b4bcafbf41005708f34601f2710307513d962df8ee2d38846f7d

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(5)

Sender ip

185.222.58.155

From

"Marta Garcia <[email protected]>"

Subject

"RE: Re: Proforma-Invoice CAC1105 CI&PL"

Attachment

"Proforma-Invoice CAC1105 CI&PL.gz"

MD5

f90e70c0ae55eaddb4cbc30d8a4775da

SHA256

84a7181bafd43e9a585e1a8509c3e94beeff26f879405e4ce85b416af0fbab49

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

 (6)

Sender ip

45.137.22.169

From

"Secretary General" <[email protected]>"

Subject

"RFQ New Order -Ref:US-GOV2021"

Attachment

"New Order US-GOV-INQUIRY2021.rar"

MD5

a508c59fa4a74c198a2a4a3c0584953e

SHA256

f4f778fe07e37b40081911eb52e5063b1e55ddb87ca049a0acdd7d48f8e7b9b3

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(7)

Sender ip

199.10.31.237

From

"DHL EXPRESS<[email protected]>"

Subject

"DHL Delivery Invoice/Receipt as attached"

Attachment

"Shipment documents.pdf.ppam"

MD5

025c1af2b8e11a2001b7d359f2a4e58d

SHA256

39d20d577f1cba20c8d720f08ae14eae8bd46fa60297a8b11d8f4aad6aa81221

Family

Unknown

 

(8)

Sender ip

51.79.145.191

From

"[email protected], Team Leader <operations,[email protected]>"

Subject

"Failure of the business to respond complaint 931852728"

Attachment

"4784 details.xlsb"

MD5

8a7b8bae3d9860e341af04b60a5c6c59

SHA256

144e904f21e547c079a1b9280ebf5aa3d1164bfd9f904890aea4a1d90bbcf443

Family

Dridex

 

(9)

Sender ip

185.222.58.155

From

"Marta Garcia <[email protected]>"

Subject

"RE: Re: Proforma-Invoice CAC1105 CI&PL"

Attachment

"Proforma-Invoice CAC1105 CI&PL.img"

MD5

bf1def201523e02caa24e87ae3ceb389

SHA256

36a1c63121f940299f8d82f81045947aafe11d265b57116785fecd1e32498cd2

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(10)

Sender ip

185.222.57.142

From

"Bariq Support" <[email protected]>"

Subject

"RE: NOVEMBER SOA"

Attachment

"SOA.zip"

MD5

37f89d50d34cc10618e763a01541dc48

SHA256

b9bd914037f9e689469bd5c6d16da80f82b5796baf8d61ec96540ed838235590

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(11)

Sender ip

185.222.57.142

From

"Shubhangi" <[email protected]>"

Subject

"RE:Sandhya - 10010064326 / 10010065742 - FInal doc"

Attachment

"BL DRAFT COPY.zip"

MD5

b7cfce8a4af0c9486b414749d56501bd

SHA256

a2a7b118f19ec3c310046dc91adb960de63d224978e76a80028360614b0a89cc

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

 (12)

Sender ip

185.222.57.142

From

"Daniela Vukosavljevic" <[email protected]>"

Subject

"SHIPPING DOCUMENTS FOR NOVEMBER "

Attachment

"SHIPPING DOCUMENTS.zip"

MD5

7059109158ee18df6fd04a6ed876d971

SHA256

162ea79f7fcee015c01322b8964eda6edb25ca1c0e1ea2bc7d9fe4c65cd44bb3

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(13)

Sender ip

185.222.57.209

From

"[email protected]"

Subject

"RE:balance 70% payment"

Attachment

"TRANSFER SLIP.zip"

MD5

c854c194f4ce5336677f09f2143e781a

SHA256

cfe1b82bbc4ccaf2b6bebced753e559632fc0f83b45969d060320225a970dfbb

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(14)

Sender ip

185.222.58.105

From

"David" <[email protected]>"

Subject

"INVOICE CONFIRMATION TO PROCEED WITH PAYMENT"

Attachment

"INVOICE.zip"

MD5

b87ceb8f2ef2d7dbb266b75f78e927c6

SHA256

401400d289a4793b90e2bbcb8e9b787f12f690f5405f6409b920a829135c3746

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(15)

Sender ip

185.222.58.106

From

"Dipak Sarkar" <[email protected]>"

Subject

"Top urgent last order of year 2021"

Attachment

"PO2018975601.zip"

MD5

625cedc1575c8377027e3fe6d3ab3c27

SHA256

fbd9accbd658afec40aece3cd8d1a6bcb83c442411e1938a380e55ba939e1065

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(16)

Sender ip

185.222.58.155

From

"Mihir Shah <[email protected]>"

Subject

"Over Due proforma invoice for payment"

Attachment

"proforma invoice packing list.r00"

MD5

9fec16e5ed9570acf4ef06012bde09bd

SHA256

e8c9bc8eb8d190a11a36961ab1b88544690a013376b934b2ecbfdf3daef89667

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(17)

Sender ip

45.87.62.168

From

"Jocelyn Tousignant <[email protected]>"

Subject

"Re: PG4636 - Confirmed"

Attachment

"PG4636 - Confirmed .xls.zip"

MD5

75205250a9224d1e4e941d780659d048

SHA256

a85ada7f6429065c7796e8f6c15431940833425ad2cc0a02d358ffbf0920128f

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(18)

Sender ip

31.24.158.28

From

"Barry Deasy <[email protected]>"

Subject

"Re: Purchase Order PO20211027STK"

Attachment

"Purchase Order PO20211027STK.z"

MD5

6c24b895b5e54e8a7ef3d11f4f18c381

SHA256

3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150

Family

GuLoader

(19)

Sender ip

38.103.244.107

From

"HR-Manager johnlay.ch <[email protected]>"

Subject

"YOUR EMPLOYMENT STATUS"

Attachment

"SALARY_RECEIPT.iso"

MD5

696526b7ca61198e1304656929396d79

SHA256

0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605

Family

Formbook

(20)

Sender ip

38.103.244.107

From

"HR-Manager johnlay.ch <[email protected]>"

Subject

"YOUR EMPLOYMENT STATUS"

Attachment

"SALARY_RECEIPT.iso"

MD5

696526b7ca61198e1304656929396d79

SHA256

0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605

Family

Formbook

(21)

Sender ip

2.56.59.78

From

"[email protected]"

Subject

"DHL Shipping Document"

Attachment

"Shipping Document.jpg.ace"

MD5

de0db7d0abd74d617dc815e13a41388b

SHA256

65a8197891e366a49f8577460a9aaa89ca583cfbec7aac0847d9ccbf75842b1a

Family

Loki

(22)

Sender ip

45.137.22.189

From

"Rohan" <[email protected]>"

Subject

"Fwd: payment copy"

Attachment

"print_01.rar"

MD5

fb0fcfe1c1dd1230b7638168bb611148

SHA256

64c77b664168d14cdf8e6f496dfb85843c1d5b24ffc7c6b5a7756a0872f6673b

Family

SnakeKeylogger

(23)

Sender ip

185.222.58.155

From

"funami-int <[email protected]>"

Subject

"Over Due proforma invoice for payment"

Attachment

"proforma invoice packing list.7z"

MD5

fc17d1c66efb0295841b8c3e98e43585

SHA256

e53e055f73bf831b81bdfbfebd66fa4168a637322af475e226d1d591cf49127c

Family

Unknown

(24)

Sender ip

45.87.62.168

From

"Jocelyn Tousignant <[email protected]>"

Subject

"Re: PG4636 - Confirmed"

Attachment

"PG4636 - Confirmed .xls.zip"

MD5

be067ef8a7a292aad57ce40ea68fc580

SHA256

afa5a92d8aacd7771dcb1c0a3e9151b5d3639e5b5d6661a0583ea9d93b967db8

Family

Unknown

(25)

Sender ip

142.4.1.23

From

"Unified [email protected]"

Subject

"Telephone_Message_for_ [email protected]"

Attachment

"Telephone_message_7368390939.zip"

MD5

9f53b336254121c02c7c83a0d8019d76

SHA256

6c2aa974038b8020678c7e61d721d1872176ac844ec806f55e57c04499be0b7e

Family

Unknown

(26)

Sender ip

45.137.22.187

From

"Mohamed Elshayeb <[email protected]>"

Subject

"Re: Bank Slip"

Attachment

"Bank Slip.r11"

MD5

4a8bb19bb98e81252bd905f2a5873e85

SHA256

9928bc779e691c6dc94a0adb34dd18b6905c50bf4b7699c7d878a2421e145c5d

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 

Article Link: Phishing Attacks 1_12_2021