If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip | 185.222.58.154 |
From | "Eric Fontes <[email protected]>" |
Subject | "MV. PAN FORTUNE //Vale//30,000MT" |
Attachment | "Purchase Order 30,000MT.rar" |
MD5 | a04074b77c82e0fa2843fca4b8a1e414 |
SHA256 | bda5add79e9e06801f579e8f7a249a3abf1a7d78ec56275c0ab5ffe8e97176ca |
Family | GuLoader |
(2)
Sender ip | 185.222.57.209 |
From | "Ashwin Kumar.S <[email protected]>" |
Subject | "New Request for Quotation 2000051165" |
Attachment | "R F Q 2000051165.zip" |
MD5 | 661ed4aaf21f9dccb550f6b3bb1e3c65 |
SHA256 | 3c6ec9674570d6bae26b02e9de162dfaed5d2f62dddcef662944937ca9eff320 |
Family | AgentTesla |
(3)
Sender ip | 185.222.57.209 |
From | "Return-Path: <[email protected]>" |
Subject | "RE:PAYMENT DUE & SHIPMENT STATUS" |
Attachment | "UPDATTED S O A.zip" |
MD5 | ee6ae4c68d6e6f431dea28deb7b312ee |
SHA256 | f217cc024d292764cf387fd52ec78843be77df06bd723219bd15dd655b9399c7 |
Family | AgentTesla |
(4)
Sender ip | 104.224.28.167 |
From | "Wuh Xueming <[email protected]>" |
Subject | "WRONG IBAN/PAYMENT TRANSFER REQUEST" |
Attachment | "Transfer request form.zip" |
MD5 | 4e0b2510b7140142249cbde36fc413fb |
SHA256 | 371654d341cc7be04dc802cef9caf4a98824fe970018134270872b336b889973 |
Family | AgentTesla |
(5)
Sender ip | 103.232.53.21 |
From | "finance"<[email protected]" |
Subject | "FWD : OVERDUE FOR SEPTEMBER AND OCTOBER" |
Attachment | "Overdue SOA.rar" |
MD5 | 44eed39afa188133fa3f0b8f805dd28e |
SHA256 | f86bc63b72c1d321eff336fb6d3a70571c3f1ee95fb84102b974b42e98d5c00f |
Family | Unknown |
(6)
Sender ip | 185.222.57.150 |
From | |
Subject | "purchase order" |
Attachment | "zCEr8cPJ5GpDgmz.rar" |
MD5 | 9ccc298fe40ef1fa7f0dc74b845538a0 |
SHA256 | 8856d012bb2216bb3bb44e6cef106e71457bc2ec12024d71b458e8614f1289e9 |
Family | AgentTesla |
(7)
Sender ip | 185.222.57.209 |
From | |
Subject | "RE; payment made to your account toda" |
Attachment | "PAYMENT DATAILS.zip" |
MD5 | d39e07783d5e24e788060987f67aee33 |
SHA256 | 1060cd77d3b53d02466d168aa1eaa8ff9bb27ded165484b56ad61c529d117982 |
Family | AgentTesla |
(8)
Sender ip | 185.222.58.151 |
From | "Purchase"<[email protected]>" |
Subject | "Re: Conference Equipment Request" |
Attachment | "AWS EC2 Benchmarks for puchase.rar" |
MD5 | 91fbf027b66141de38d86e46dcf53278 |
SHA256 | 894184fb3ef4d586b2404fd78b5c772c08da6c90cecc51188bb708a476fad58b |
Family | AveMariaRAT |
(9)
Sender ip | 195.133.18.176 |
From | "Anderson Rosa <[email protected]>" |
Subject | "Order_20211011" |
Attachment | "Official Order_20211011.iso" |
MD5 | 6c96d9c71b982d9ca78c66813d4acec1 |
SHA256 | c553b899af61e2858632931a56c19593657e3619be758acc646d59898ac81f11 |
Family | RemcosRAT |
(10)
Sender ip | 185.222.57.150 |
From | |
Subject | "purchase order" |
Attachment | "0JGFOez7vfZ18Tg.rar" |
MD5 | 215f758414865ec605ea51b0c2cf0ea4 |
SHA256 | 5ad0a97284f0fa0c22934b37d45376d2041c90624f73617286164ffa771a3fd1 |
Family | AgentTesla |
(11)
Sender ip | 51.15.9.169 |
From | "Alert <[email protected]>" |
Subject | "Invoice 16705 revoked" |
Attachment | "Invoice-16705_1.xll" |
MD5 | 6d036f8c550f491c4cce6ac9332e7cd5 |
SHA256 | 1173e3ebe11e6a3bf51596de33082e6ccac764113af2738ddb8a2ef864ae2a7f |
Family | Dridex |
(12)
Sender ip | 202.169.41.42 |
From | "Invoice Notification <[email protected]>" |
Subject | "INV 28151 RCVD" |
Attachment | "INV-28151_2.xll" |
MD5 | 98a5120e647a89e1f9c39c983b79d5a1 |
SHA256 | b7513bf021f37be5313215ff5f77db379f463f04b10ddce15eee76a3e421c1f2 |
Family | Dridex |
(13)
Sender ip | 103.232.53.21 |
From | "acct22 <[email protected]>" |
Subject | "Payment Details as at 16th NOV 2021" |
Attachment | "SOA LIST XLS.rar" |
MD5 | 124a8e19a8dc31e0aa17969decbfe0a5 |
SHA256 | 905926496c669e4b37bf76bbaa802e5981f75f252de28fbe0962f9e310f2cad5 |
Family | Unknown |
(14)
Sender ip | 185.222.57.209 |
From | "Return-Path: <[email protected]>" |
Subject | "RE:PAYMENT DUE & SHIPMENT STATUS" |
Attachment | "UPDATTED S O A.zip" |
MD5 | 19317fe0352db2f1b75d8ed48336a657 |
SHA256 | 15ca527588c49eed78e28adc9011c68f5dab58d2beef10e671b4b8b912eb5b99 |
Family | AgentTesla |
(15)
Sender ip | 185.222.57.209 |
From | "Return-Path: <[email protected]>" |
Subject | "RE:PAYMENT DUE & SHIPMENT STATUS" |
Attachment | "UPDATTED S O A.zip" |
MD5 | 19317fe0352db2f1b75d8ed48336a657 |
SHA256 | 15ca527588c49eed78e28adc9011c68f5dab58d2beef10e671b4b8b912eb5b99 |
Family | AgentTesla |
(16)
Sender ip | 172.107.237.56 |
From | "=?UTF-8?B?V2VybmVyIEfDtnR6?= <[email protected]>" |
Subject | "Fw: New Order No. BCM190282" |
Attachment | "New Order-2021-PO#0834.r00" |
MD5 | a213b2a896d6d056768a73cdfaa73710 |
SHA256 | 4758f80ca599c7a9056bc42ee5c8691a4452a473f11fb75636e410516cc7b76c |
Family | AgentTesla |
(17)
Sender ip | 193.56.29.164 |
From | |
Subject | "Urgent request of quotation and Stock availabilty" |
Attachment | "PO 210411.xlsx" |
MD5 | 71ba147565071da166cd1dfd13950efd |
SHA256 | b8b509a03643e795ab01342047385d9780efda93fc0ba6875976caeec5a43843 |
Family | Formbook |
(18)
Sender ip | 134.0.112.157 |
From | "Harold" <[email protected]>" |
Subject | "paperwork" |
Attachment | "20211111.gz" |
MD5 | ce669986e6fb486f41dd99971b5cf91a |
SHA256 | eda063fdc27f841acb44ec9ee48b2632fc6b3897a88e7966f798fd44459988cc |
Family | Zeppelin |
(19)
Sender ip | 62.33.7.21 |
From | "Jason" <[email protected]>" |
Subject | "docs" |
Attachment | "20211111.zip" |
MD5 | dc34591a6d6b9512d8e2c0233668e828 |
SHA256 | 209c4ae6f5020b6065fa3c7bc5bc1a54e47fc197947364d80a5c58dbd7a09dd7 |
Family | Unknown |
(20)
Sender ip | 103.195.101.74 |
From | "DHL Express <[email protected]>" |
Subject | "DHL Delivery-AWB /NOV/2021/" |
Attachment | "DHL Delivery Documents.r01" |
MD5 | 4f9e5fa9d377c6b95f2a133e22e8bcad |
SHA256 | ce74a421212ea6db55404fc4a177a3607144bc82ecfb1c671125225e5940bfa7 |
Family | AgentTesla |
(21)
Sender ip | 208.73.206.131 |
From | "David Chen <[email protected]>" |
Subject | "AW: INV-facture-paid Invoice-transfer" |
Attachment | "PayDoc.rar" |
MD5 | 4ab5e365f00113bb9f4699b3a29de8ac |
SHA256 | 620196f781f633a241d151a2dc4eac215ca950453c2ff8eccf55cf575bc706ed |
Family | AgentTesla |
(22)
Sender ip | 45.137.22.152 |
From | "ASIAN SHIPPING<[email protected]>" |
Subject | "RE: Refund Request to release our outstanding payment of USD 88,508" |
Attachment | "SHIPPING DOCUMENTS.zip" |
MD5 | fc924e8eca5a311af10cc7aa25546ac8 |
SHA256 | e1452a1151d352da3ffbe845dee67b071e66dc4b99aaf1b121f320b5bc7b6768 |
Family | AgentTesla |
(23)
Sender ip | 45.137.22.152 |
From | "Creamy Ho (CHK-SD3)<[email protected]>" |
Subject | "RE new contract no. FU21-062A for 1st lot 4437.34kgs- updated P/I and packing list - pls sign back the updated contract and note" |
Attachment | "CONTRACT ASIAN SHIPPING.zip" |
MD5 | 2d80f334e1b977ce7167e5ff6129322e |
SHA256 | 9505e8cd560bc3a8a2fd616201018551970f9d038e58ea4c82f870ddf1069e27 |
Family | AgentTesla |
(24)
Sender ip | 136.144.41.113 |
From | "Nancy Ngan <[email protected]>" |
Subject | "Bank Correction" |
Attachment | "INV8897.xlsx" |
MD5 | 8ecedf54cded946685b748405e313519 |
SHA256 | bc9da4a90923bec00235b54e4489519add79923f52cd1acb22a5237b69dcca53 |
Family | Formbook |
(25)
Sender ip | 185.222.57.150 |
From | |
Subject | "Re: Purchase Order" |
Attachment | "Iz150pqkbOdUArY.zip" |
MD5 | 48d2888df2bcca3d392783bfc235764e |
SHA256 | 5d99bdb224452fda2c738f2f882fe1c812afac3d98f2c9824ef6d750e9494a46 |
Family | AgentTesla |
(26)
Sender ip | 180.214.237.130 |
From | |
Subject | "Re: Re: De Well Container Shipping Inc. - Arrival Notice - SQINS0013227 - COSU6885585530 -" |
Attachment | "invoice.rar" |
MD5 | d5b09a5750e08a7ddfe7314fb31c1d46 |
SHA256 | ef9a58606acdad93bb6c06c17f68f3878ddcfd8106b34184729c017c63ca5405 |
Family | Unknown |
(27)
Sender ip | 45.137.22.61 |
From | |
Subject | "FW: URGENT ORDER_NO.238275-ENQUIRY" |
Attachment | "Swift copy.zip" |
MD5 | 424bdee5675bde82c078315f7701309b |
SHA256 | bbe48c851cb2d77e0c97d76df8b8816f337b718c7211547f552a489f995e6352 |
Family | AgentTesla |
(28)
Sender ip | 104.168.176.25 |
From | "Alan Xie" <[email protected]>" |
Subject | "fw: co" |
Attachment | "DECLARATION with date and name of factory and name of exporter.rar" |
MD5 | 24c509eacfeb8bb3b1f75b8ec51188aa |
SHA256 | cd897eb3dbe04c9d28c3d6a4c7deceff8c1695c377696b134a3b0864de3db180 |
Family | Unknown |
(29)
Sender ip | 45.137.22.114 |
From | "Andy claims" <[email protected]>" |
Subject | "Payment Advice - Advice-Customer Ref: [8589567458]" |
Attachment | "Advice Payment Copy.GZ" |
MD5 | dd0e51e456fd10786bffa6be29ff9389 |
SHA256 | 66fe8dd2339e12fb3de52730d49d38f4471512c70c6b593b9d3735458a2e9b53 |
Family | AgentTesla |
(30)
Sender ip | 103.150.8.18 |
From | "Sujay A.N Account Executive <[email protected]>" |
Subject | "ACE Alpha PO55455 and Wattek PI Approval" |
Attachment | "ACE Alpha PO and Wattek Invoice.tar.gz" |
MD5 | 202d624d4e67fc8d31f325728bf158cb |
SHA256 | 0888105ce18f83950bfeb10d1e6b81770d975aa5e7ea10e8803e3f9b5e917d62 |
Family | AveMariaRAT |
(31)
Sender ip | 37.0.11.45 |
From | |
Subject | "RE: RE: Proceed with Invoice 2021-11-10." |
Attachment | "Re 22-039 Quotationinstant tent shipment qty.gz" |
MD5 | 503e0e42857f4a31935a7180c6d1c73a |
SHA256 | 7ebc7f5a95b0d6723dd769348955a1c71c6df487b59588f55b97604961fcd1ae |
Family | AgentTesla |
(32)
Sender ip | 45.12.213.162 |
From | |
Subject | "PO#20210510" |
Attachment | "PO#20210510.zip" |
MD5 | dc7d39feb4e179bda2d87981b0bd6a3e |
SHA256 | ed73bc6297ad87b60767e90df04fa0cc3c005f92c89fcd3257383ef0ff334e26 |
Family | Unknown |
(33)
Sender ip | 45.133.1.148 |
From | "Shahzad Faiz" <[email protected]>" |
Subject | "FW: INQUIRY / 09112021 / MT-SGWI" |
Attachment | "KJ 09112021 MT-SGWI.ace" |
MD5 | 06a7eac10627a09ac91ebd277c186425 |
SHA256 | f52b9806cd2f5398beda8e65ead2ee5d0c818c0ca7872d6eb44b570a1bd58539 |
Family | Formbook |
(34)
Sender ip | 95.211.88.158 |
From | "Hassan Basit <[email protected]>" |
Subject | "URGENT REQUEST FOR QUOTATION- DUBAI UAE AL JABER REGA 2021 REF:3214ED21 Please send your best possible rates" |
Attachment | "DUBAI BHPC 23HPO.Gz" |
MD5 | dd734dd46c7e0e1dc75219348d16c2d1 |
SHA256 | 5ddf928d9fa5d1efbb45c86a264c9c3308ccf71ae537df116a4a15097704f1c5 |
Family | AgentTesla |
(35)
Sender ip | 202.27.215.17 |
From | "Renate Klopf <[email protected]>" |
Subject | "AWS: new order /Proforma-Invoice / Order Confirmation AB22-00569" Attachment: "CERAMIC VASE |
Attachment | "CERAMIC VASE (3X40HQ).xlsx" |
MD5 | f9b6591ed514f1cbaf6c7dea5142ef0e |
SHA256 | 56ad77fb10203eb4216f26993861e96d0e37a283f1ce6ca78069f054138828b7 |
Family | AgentTesla |
(36)
Sender ip | 45.137.22.61 |
From | |
Subject | "RE: Confirmation Of Bank Details.." |
Attachment | "details of payment.zip" |
MD5 | a6446e81cb608996349dbc140a741f9b |
SHA256 | d18a843a646b90c2e69a33ff5c0bef8e91a363c19e7f1d43a298a5279217c747 |
Family | AgentTesla |
(37)
Sender ip | 185.222.57.209 |
From | "Return-Path: <[email protected]>" |
Subject | "RE:PAYMENT DUE & SHIPMENT STATUS" |
Attachment | "UPDATTED S O A.zip" |
MD5 | 745ab1a0e629cc308b789fe8e01504a6 |
SHA256 | 5319fb9aa658191a80c6054ad80dec70455c01c580b7aba556c23d4b22c3be41 |
Family | AgentTesla |
(38)
Sender ip | 118.98.72.87 |
From | "Overdue <[email protected]>" |
Subject | "Payment#1747 canceled" |
Attachment | "Payment 1747_2.xll" |
MD5 | 2eff85a8e5f41feedeae53385e679f18 |
SHA256 | 6540c0bfa0958b40ae99db2746c733044982ab6adf8f34b1b5cdbce55e121f95 |
Family | Dridex |
(39)
Sender ip | 180.214.237.130 |
From | |
Subject | "Re: Re: De Well Container Shipping Inc. - Arrival Notice - SQINS0013227 - COSU6885585530 -" |
Attachment | "invoice.rar" |
MD5 | 1cb38b39610710cc7bb7d6bac49165f7 |
SHA256 | 7de1de7f48735f921e285a86897de868ad763aaa0f23ac3b94abfb8b519a1d8e |
Family | Unknown |
(40)
Sender ip | 180.214.237.130 |
From | "Jayla"<[email protected]" |
Subject | "RE: Overdue for September Shpt" |
Attachment | "SOA.rar" |
MD5 | 2ba9d2a3729bf46efe4fa5772b5b4c79 |
SHA256 | 5ddfcc4e30838c4c6953c777757b3436df567efa124d114eb07a6ff6f5ffe53e |
Family | Unknown |
(41)
Sender ip | 45.137.22.152 |
From | "Creamy Ho (CHK-SD3)<[email protected]>" |
Subject | "RE new contract no. FU21-062A for 1st lot 4437.34kgs- updated P/I and packing list - pls sign back the updated contract and note" |
Attachment | "Contract Documents.zip" |
MD5 | 1db49a4c116febc7a2979ec8cfcfb9a6 |
SHA256 | 90d5da5b1f895affb2b49f3d703e2392b113b16a8b17a9a4b00d02ba927e9ed3 |
Family | AgentTesla |
(42)
Sender ip | 185.222.57.209 |
From | Ashwin Kumar.S <[email protected]> |
Subject | "New Request for Quotation 2000051165" |
Attachment | "R F Q 2000051165.zip" |
MD5 | c688adf17f6c33a4e8d783e5940e34c2 |
SHA256 | 590318eeea1e2faccd86cbab6b213157f0ae27a0c91ed0472352fd543aaa1e4d |
Family | AgentTesla |
(43)
Sender ip | 172.107.237.56 |
From | "=?UTF-8?B?V2VybmVyIEfDtnR6?= <[email protected]>" |
Subject | "Fw: New Order No. BCM190282" |
Attachment | "New Order-2021-PO#0834.r00" |
MD5 | a213b2a896d6d056768a73cdfaa73710 |
SHA256 | 4758f80ca599c7a9056bc42ee5c8691a4452a473f11fb75636e410516cc7b76c |
Family | AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 13_11_2021