If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
| Sender ip | 185.222.57.72 |
| From | "=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<[email protected]>" |
| Subject | "RE: Statement Of Account" |
| Attachment | "UPDATED S O A.zip" |
| MD5 | cce761a6801c7b93374efc6fac094941 |
| SHA256 | ea1cdd93670b588f9719c7ecf883586b1f393cf3f84e61ec8502ca9ee327716e |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
| Sender ip | 185.222.57.72 |
| From | "Feng Cun <[email protected]>" |
| Subject | "RE:MCL002----PO21AC060366" |
| Attachment | "NEW P O.zip" |
| MD5 | aa98d531ce212240609e4c8f7d67618e |
| SHA256 | 454632ee1aa7b7ceb476c32bdfe1b27b054ffa0d8888c848cfd68db6c2bc4127 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(3)
| Sender ip | 103.155.80.90 |
| From | |
| Subject | "Re: RFQ ** REVISED ORDER ** PR.NO. 19143383 FP3 IDEA ADDITIONAL PRICE" |
| Attachment | "Revised Order.iso" |
| MD5 | 24a7897ab472bd1228a67a4a0bb6a1bd |
| SHA256 | b232686d3a03aba48288942b91ad3b20107000e4e615816313f0a30dd9ba565a |
| Family | Loki |
(4)
| Sender ip | 185.222.57.72 |
| From | "=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<[email protected]>" |
| Subject | "RE: Statement Of Account" |
| Attachment | "UPDATED S O A.zip" |
| MD5 | 412ac4cc715154005ba87bd65f9c90e1 |
| SHA256 | 62a92f05c0c46b08df2a5a225912f93c502a359c7f4d468f3293da049c827ade |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
| Sender ip | 193.56.29.119 |
| From | |
| Subject | "Rubberex Request For Quotation" |
| Attachment | "RFQ 55140 ER.doc" |
| MD5 | 76a265a20e8788bb3798312d8ebb3638 |
| SHA256 | 497a977375495ac590ee1ca2d037bb06e25ace568747f8b9b5e1593a8d447865 |
| Family | Formbook |
(6)
| Sender ip | 172.96.137.110 |
| From | "China Express <[email protected]>" |
| Subject | "=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzcyNTc5NCk=?=" |
| Attachment | "7723421.zip" |
| MD5 | 7cc2c3ea3bce329eb9f31f36e24ffcf9 |
| SHA256 | 764fa32bea940317cac43cb18365056eeec420673281f3585d3068e5e249c82d |
| Family | Formbook |
(7)
| Sender ip | 185.222.57.72 |
| From | "Feng Cun <[email protected]>" |
| Subject | "RE:MCL002----PO21AC060366" |
| Attachment | "NEW P O.zip" |
| MD5 | 130e6f99e95553fea7197f08ce1c9621 |
| SHA256 | c5398c5cfee92e6d601874b13643b6fc7c734ddac76c8b698af42686c26ce9d3 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(8)
| Sender ip | 172.96.137.110 |
| From | "Sar"<[email protected]>" |
| Subject | "Confirm Payment Account" |
| Attachment | "Incorrect Pi.zip" |
| MD5 | 251562b9a01a39aabaa6e90b388db3de |
| SHA256 | 5bac5e555b8504bcd9e0cfc48e89c6ab0f9c3f1faa30996a4341893a911ee613 |
| Family | Formbook |
(9)
| Sender ip | 185.222.57.226 |
| From | "DHL Express<[email protected]>" |
| Subject | "DHL BILL OF LADING SHIPPING INVOICE DOCUMENTS" |
| Attachment | "DHL INVOICE SHIPPING DOCUMENTS.z" |
| MD5 | 91e19793d621a7151e14bb8001bd400f |
| SHA256 | 4a8f832dad98a98642890cfddb2efa7b599705fc170fbcca69c92dfc4240fc3c |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
| Sender ip | 92.52.218.101 |
| From | "Ivyn <[email protected]>" |
| Subject | "New Order" |
| Attachment | "new Order.doc" |
| MD5 | e878302e18fbbf24520dbad1f2105a60 |
| SHA256 | e78c379150f1d1dbb3f655d2df110a160462ee3f6a8c9fa73a1ba9f0e65f0907 |
| Family | NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(11)
| Sender ip | 185.222.58.104 |
| From | "Barbara Liu < [email protected]>" |
| Subject | "New Order " |
| Attachment | "New Order 84731.lzh" |
| MD5 | 934cc31f3d71af4979e61eac8f4ce05d |
| SHA256 | 0d74ba8f9637e7c33a66d7cb6a3dbea81267c8aeedeaa08efe8785300b0e81b7 |
| Family | Unknown |
(12)
| Sender ip | 185.222.57.233 |
| From | "Ibrahim BA Hashwan <[email protected]>" |
| Subject | "Urgent Tender RFQ 18757 FOR CPUW-1022601" |
| Attachment | "RFQ 18757_Pdf_________.iso" |
| MD5 | 86492f609c56774ba638f7d69783a3c2 |
| SHA256 | 9ff203c1fe2e11952de2655d7e830a1d59b87ceedc39cfe6fe2420be49f99bae |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 193.142.59.37 |
| From | "Info <[email protected]>" |
| Subject | "Business Enquiry #2570" |
| Attachment | "Scanned Document.doc" |
| MD5 | 55792544ad840eaa0fdbe5cc04683529 |
| SHA256 | f0fbd7ed1921ad8c47a0b91b32487d4cdeb7bd72ea54f49434ff91da0273e31c |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 103.82.21.233 |
| From | "Led Farm Pty Ltd <[email protected]>" |
| Subject | "RFQ No49958 Led Farm Pty. Ltd New Order" |
| Attachment | "RFQ No49958 Led Farm Pty. Ltd New Order.PDF.zip" |
| MD5 | 5370fe8061601f28ddce092bfb2a33dd |
| SHA256 | a00680f547b2155b2e24d09bdd49e74b38a7883a13e47553662fb657e42cf007 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
| Sender ip | 185.222.58.104 |
| From | "Barbara Liu <[email protected]>" |
| Subject | "New Order 010" |
| Attachment | "NEW ORDER 010.lzh" |
| MD5 | 0f65290ae96097510511d905c02bf675 |
| SHA256 | 17b5d075ed67fda41b5b7ca7f53bab58d82872e678293f0697ed68e342be831c |
| Family | Unknown |
(16)
| Sender ip | 45.137.22.110 |
| From | |
| Subject | "RE: Reconfirm Bank Details" |
| Attachment | "payment.r00" |
| MD5 | 5362533a4f03ac9da822c2d5e27b6614 |
| SHA256 | c03770bf3487e4fcb8e642b98a14fca264cab11fb8da17502928e1f59eba6d68 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
| Sender ip | 185.222.58.104 |
| From | "Luthra associates <[email protected]>" |
| Subject | "Please send us your quotation for BK Vision" |
| Attachment | "infjgd7371.lzh" |
| MD5 | d54260950af9e1ee49beaa697ad81858 |
| SHA256 | 5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b |
| Family | Unknown |
(18)
| Sender ip | 185.222.58.104 |
| From | "Luthra associates <[email protected]>" |
| Subject | "Please send us your quotation for BK Vision" |
| Attachment | "infjgd7371.lzh" |
| MD5 | d54260950af9e1ee49beaa697ad81858 |
| SHA256 | 5f9e7cd21a11f7fdecd24d8725d6bfb27fb1297bd884ad18f703fc1c8b203e1b |
| Family | Unknown |
(19)
| Sender ip | 103.155.80.90 |
| From | "Regional Manager<[email protected]>" |
| Subject | "RE_RFQ-2021-QPE-Q63440093-0001_//PICTURES_A-5555-1239_&IMG." |
| Attachment | "RFQ01072021.iso" |
| MD5 | ad98537a1796949ef413cba82662ae33 |
| SHA256 | f33c5ab923663af6614c346e1691e7cc30f0c2c1afed05efd6f7beacd096a166 |
| Family | Loki |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: https://menshaway.blogspot.com/2021/07/phishing-attacks-172021.html