If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
| Sender ip | 174.136.57.143 |
| From | "Purchase manager <[email protected]>" |
| Subject | "New Order Picture Dawing " |
| Attachment | "PICTURE DEAWING DESIGN.zip" |
| MD5 | d9f2ecffe72fc450d4286ba7d78a56cb |
| SHA256 | 580fbb995ccbdb6810dbbc1ccd811b8865cd56a2c5ba77be3381834b17557c1d |
| Family | Formbook |
(2)
| Sender ip | 31.214.2.12 |
| From | "=?UTF-8?B?V2VybmVyIEfDtnR6?= <[email protected]>" |
| Subject | "Fw: Re: New Order No. BCM190282" |
| Attachment | "NEW ORDER.GZ" |
| MD5 | 987105f7184d924abbe38eeceecf56d7 |
| SHA256 | 6920a20b8f4efe8dea10ea3496e329fcdb06d6ff36189e4f16f0fcb864de9af5 |
| Family | Unknown |
(3)
| Sender ip | 45.137.22.158 |
| From | "Pham Dung <[email protected]>" |
| Subject | "=?UTF-8?B?UkU6IOioguWWrlQyMTcxNjAwOA==?=" |
| Attachment | "訂單T21716008.zip" |
| MD5 | 4630ce9bd1fee20516bf62cea575a2fd |
| SHA256 | 696af21363abdc6892fa25b8959f0ae718fb236e7efbd838a9a0931b04534e30 |
| Family | Unknown |
(4)
| Sender ip | 45.137.22.61 |
| From | |
| Subject | "RE: Confirmation Of Bank Details.." |
| Attachment | "details of payment.zip" |
| MD5 | 1dc43f5bb93b01962c4cc8da446daba0 |
| SHA256 | 1724f70b37f3d2d32eba0554b3edb0657c3d0048a6b4ec5985b4bde47bc7ba69 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(5)
| Sender ip | 185.222.57.242 |
| From | |
| Subject | "Order# 1006847-Attached invoice" |
| Attachment | "INV9854784321.Scan.pdf....iso" |
| MD5 | 6a71eab9d6772283fbab5642d90680e7 |
| SHA256 | 86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c |
| Family | Unknown |
(6)
| Sender ip | 45.137.22.61 |
| From | |
| Subject | "RE: PRODUCT ENQUIRY" |
| Attachment | "Purchase order.zip" |
| MD5 | de8ba3669bfb241195cde17a23478df9 |
| SHA256 | 8903d2eab032609849c63b469d3ee7af4769ca84b1fd5c5b08a4946aee47b012 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
| Sender ip | 185.222.57.150 |
| From | |
| Subject | "purchase order" |
| Attachment | "uCkIzRN4ZzUIzCY.rar" |
| MD5 | 143a404280f2e9c41a04cbb27d9246c5 |
| SHA256 | f94380f600899a30f325f87a138ed39739a748366afd27cf46f10756ab88c5ed |
| Family | Unknown |
(8)
| Sender ip | 212.192.241.172 |
| From | "Ahamed Pramod" <[email protected]>" |
| Subject | "Product Inquiries" |
| Attachment | "items.doc" |
| MD5 | 43def8eefaaf8cdf55225bffdda8ec38 |
| SHA256 | 16fd16f1795de27c016a22b16c4db01bf7f2197a91dfc98dc8f7ab9c4e85c464 |
| Family | Unknwon |
(9)
| Sender ip | 104.168.176.25 |
| From | "Andrey Smirnov" <[email protected]>" |
| Subject | "new flexible project" |
| Attachment | "swicthable project blue prints smrtdoc09001 WOB 08112021,NEW.rar" |
| MD5 | b791b848daa612ca56e42c616ffceacd |
| SHA256 | 41ea161038efe62415e2476d68288ade993533746800d24becaffa97099f5961 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
| Sender ip | 45.9.168.101 |
| From | "Induvac Textiles & Leather B.V <[email protected]>" |
| Subject | "December PO 20210034" |
| Attachment | "December_PO_20210034_from_Induvac Textiles_&Leather.ace" |
| MD5 | ac11b54c53cbbfab6a0f839bcbc51a1e |
| SHA256 | 3206d4a7ee1ff19c900cd1956cacb379a2970cbce2ab476b401a95c92da6bc44 |
| Family | Formbook |
(11)
| Sender ip | 45.12.213.162 |
| From | |
| Subject | "RE: Payment swift copy" |
| Attachment | "PAYMENT SLIP.zip" |
| MD5 | b1343d0ca05adf9d609cb2bfbcd79b44 |
| SHA256 | a23407d6057e0203bcc4e1b0a77ad8eba2edfc035e5962697c354a8bf362f30e |
| Family | Unknown |
(12)
| Sender ip | 103.171.1.178 |
| From | "David Dai"<[email protected]" |
| Subject | "Payment reminder" |
| Attachment | "SOA.rar" |
| MD5 | 975b42b49f7e3a1cbc1575bcfa12dd8e |
| SHA256 | 2eb02744feb7539fd5c9fe39ba39f9be1b9ceb347da963e75a493b8bb674201f |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
| Sender ip | 174.138.56.139 |
| From | "DHL <[email protected]>" |
| Subject | "my subject" |
| Attachment | "AWB 2101.ARJ" |
| MD5 | 3b66a2095a59fc06f8e22eb18ce7624e |
| SHA256 | f0afe792177b3dddaf461a670525f1aa03f1c18d1ec466dcdf3a13b4c2f7b3d9 |
| Family | Unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Article Link: Phishing Attacks 10_11_2021