Phishing Attacks 15_12_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here .

My udemy course


(1)

Sender ip

37.0.10.173

From

"Mona Bharti <[email protected]>"

Subject

"Purchase Order 1212200205_PR21220055"

Attachment

"Purchase Order 1212200205_PR21220055.zip"

MD5

5e1c9b4e130a7a9bb68ed6e6f414ff20

SHA256

0ba7a7c7189d5bcd38048ba7418ff521d6a00ab36804b8980c4d51ba43fcf070

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

 

(2)

Sender ip

45.137.22.181

From

"[email protected]"

Subject

"RE: invoice & packing list for shipping order no. 411301"

Attachment

"Attached CO.r15"

MD5

cdc1a45890db6598b2f7a532060e29c2

SHA256

05dfdca2313e98aa8f9db4fddd13fe777104bb11953c2a4932eb49cec0dd7252

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

 

(3)

 

Sender ip

45.137.22.93

From

"sophia <[email protected]>"

Subject

"Re:Invoice and Packing List--amended"

Attachment

"PI S30C-921111218111.GZ"

MD5

ded5190cfaa6ab27303caea6f9bd2e00

SHA256

22bf512a38e371b7fe797e1d539a3bce0079bd76f58abfeeaa6be698df43ff4a

Family

Formbook

 

 

(4)

 

Sender ip

136.144.41.186

From

"Mr Kashaev Vladislav Eduardovich"

Subject

"VOLGOIL LLC SOFT CORPORATE OFFER VESSEL TO TANK"

Attachment

"VOLGOIL LLC SOFT CORPORATE OFFER VESSEL TO TANK.7z"

MD5

78536dd4af9c3445f025ac888c0515ab

SHA256

02be2acc2bc4878da5f573a27400a480122da8ae3d68182fd009e379d490352a

Family

NanoCore

 

(5)

Sender ip

139.59.6.250

From

"Debbie" <[email protected]>"

Subject

"Payment Confirmation."

Attachment

"#00957.iso"

MD5

75f85ffac63ed2e49f0ce8f4d6a8e929

SHA256

0c576250fd7f281b88f55de3f3c6aef2fda03fc3a2e88ee51b92af6b317ae515

Family

Vjw0rm

 

 (6)

Sender ip

139.59.6.250

From

"Debbie" <[email protected]>"

Subject

"Payment Confirmation."

Attachment

"#00958.iso"

MD5

4071996d3dbb7b9be8e22a813fdef1a6

SHA256

8eedb8f6d698589f1ce2e40ebae8b6804033ac909843f4ab2dda71dff231759e

Family

Vjw0rm

 

(7)

Sender ip

139.59.6.250

From

"Debbie" <[email protected]>"

Subject

"Payment Confirmation."

Attachment

"#00959.iso"

MD5

591bb2b50c347846a568c82d300969b9

SHA256

0f82668bfc4a7cb6bfa8f8b0acfe7aeade12584e9929423de0fbbee8f0686384

Family

QuasarRAT

 

(8)

Sender ip

144.217.179.149

From

"=?UTF-8?B?TXIuIEFtcmFuaSBOYcOvbQ==?= <[email protected]>"

Subject

"Re:Re TT remit details copy"

Attachment

"Drawing.zip"

MD5

d0567533d3fdd72f2924f99d98336a38

SHA256

608a227b1f369c8d6199cb345284e689dd96b1abb0498d4fc64e1041d5f62dac

Family

Formbook

 

(9)

Sender ip

144.217.179.149

From

"=?UTF-8?B?TXIuIEFtcmFuaSBOYcOvbQ==?= <[email protected]>"

Subject

"Re:Re TT remit details copy"

Attachment

"PO_4781RNY2196.zip"

MD5

335886f67b3724ecdc7326fd00446b5b

SHA256

4dfdf9be94f946ee6fd91be20934b4faaf6610f87e3335eae5bd325fc49976b1

Family

Formbook

 

(10)

Sender ip

173.212.242.124

From

"Glen James <[email protected]>"

Subject

"RE: Purchase Order December"

Attachment

"PO#201805131.xll"

MD5

fce4e9bf1b79c9344f0156e80876962f

SHA256

8587e22ee5ba8c7b55be29e8d3494afa049a2aaacb583a2c66f807090edf8bc3

Family

Dridex

 

(11)

Sender ip

167.71.107.114

From

"HSBC Advising Service" <[email protected]>"

Subject

"Payment Advice - Advice Ref:[GLV211429671] / ACH credits / Customer Ref:[ACHKACH120210215104455BND]"

Attachment

"Payment Slip.ace"

MD5

5de066d7efae5ff7cf8741714a46d199

SHA256

915f1ad11eb5ea4be828afae635c1a5583b93505d04f5cb29a6da8bced9bbb57

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


 (12)

Sender ip

134.209.32.215

From

"Ratul <[email protected]>"

Subject

"INVOICE AND PACKING LIST"

Attachment

"INV and PL_ 8822.xlsx"

MD5

3101496c44097ae9f0ca2df31a5d7bfc

SHA256

9aa08f13b82fc623a5df0d8e6af31801012b349eccd638cff9e3125a9ac0aa0b

Family

RemcosRAT

 

(13)

Sender ip

167.71.107.114

From

"TNT eInvoicing" <[email protected]>"

Subject

"TNT E-Invoicing Notification - 04592648 - URGENT"

Attachment

"TNT Original Invoice.ace"

MD5

3e74e07bac450e61f75b4cdcc088ed42

SHA256

d5578f2bc2a1b53b6d71aa92005df73552ec0f1f58e2e71d32b00efd59e14446

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(14)

Sender ip

167.71.107.114

From

"TNT eInvoicing" <[email protected]>"

Subject

"TNT E-Invoicing Notification - 04592648 - URGENT"

Attachment

"TNT Original Invoice.ace"

MD5

3e74e07bac450e61f75b4cdcc088ed42

SHA256

d5578f2bc2a1b53b6d71aa92005df73552ec0f1f58e2e71d32b00efd59e14446

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(15)

Sender ip

159.65.77.142

From

"Deena Sarala<[email protected]>"

Subject

"REQUEST FOR QUOTATION Ref. # IRQ/21/07799"

Attachment

"IRQ2107799_pdf.rar"

MD5

9f31051dd992feee202e0e1337fabbff

SHA256

cb12e77313f8ee2e81f01e8808a2ecb3116797e8dc988a97c74cc0d7b2ee9fcd

Family

Formbook

(16)

Sender ip

37.0.10.173

From

"Forexhub <[email protected]>"

Subject

"Soft copy of SWIFT message"

Attachment

"E008_SWIFT_MSG_13122021_26.pdf.z.zip"

MD5

e102c31a628e1338b997d8916fa8c820

SHA256

53800d0333233122697c6e3eef1864370d8e4cb62cc47420b49c38ac23c68411

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(17)

Sender ip

167.71.244.75

From

"Account Officer <[email protected]>"

Subject

"Payment Swift#8765498"

Attachment

"Payment Swift#8765498.zip"

MD5

8153878607856dfe8fe2e80ffb198514

SHA256

529271437ee1960fc39854963c8da79fc43842959d0af0674518827eeef72289

Family

SnakeKeylogger

(18)

Sender ip

185.222.58.146

From

"He Ping Qing <[email protected]>"

Subject

"=?UTF-8?B?TnVldmEgY290aXphY2nDs24=?="

Attachment

"Nueva cotizaci�n.1119918.img"

MD5

d09e0b39d0fdaef8394a20eaa33cd12a

SHA256

0ee912f9023209747e60617a512cc7d5ae6bf4820c37e1e20c4e7abe27b8dfc0

Family

Formbook

(19)

Sender ip

45.137.22.181

From

"[email protected]"

Subject

"RE RECONFIRM BANK DETAILS FOR PAYMENT"

Attachment

"PROFORMA INVOICE.r15"

MD5

f2658a1fb477742310630f94bdde5fe9

SHA256

e413c2f3ae67cb1b1dcf5c51f7e50b3163b46dff2e5b9778d6eba77b0dbea244

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(20)

Sender ip

23.254.231.10

From

"wendy" <[email protected]>"

Subject

"MALINDA ELECTRONICS BALANCE CONFIRMATION AS AT 12.12.2021"

Attachment

"COPY-Telegraphic Transfer TT copy hefco USD 242,357.59 overdue payment.rar"

MD5

eb1d06353fab49b92375b9c9dea478d2

SHA256

e11aa7d33cbd28cc5567eaf664abcdc17425f6e12f86d868847cb9f69eb9eb4e

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(21)

Sender ip

192.162.246.99

From

"telegram-mainserv0.live" <[email protected]>"

Subject

"Transaction Proceeded"

Attachment

"Statement_1321.xll"

MD5

925412d32980c6ede6140e576fda5753

SHA256

99afafb9edf09d9430d229df428dd5532de770adbfdb5aa798574607cb6b15a2

Family

Unknown

(22)

Sender ip

185.222.58.146

From

"West Legend Trading <[email protected]>"

Subject

"=?UTF-8?B?UmU6IFNvbGljaXRhcmUgZGUgb2ZlcnTEgyBwZW50cnUgY29tYW5kYSB1cmdlbnTEgyBQTyAxMTA5MjFfMTEwOTIx?="

Attachment

"Quotation for Urgent PO 110921.zip"

MD5

69364aeb8d0d7494b2c57b15468d80da

SHA256

6a0e26086494a46e09c1ed630a51998f05dc8ea0ec1584d2d1775f0e40ef5869

Family

Formbook

(23)

Sender ip

185.222.57.171

From

"Bettie" < [email protected]>"

Subject

"3816 Outer Banks"

Attachment

"Invoice 3816 Outer Banks Report.rar"

MD5

897b9bf001cf832673ce58090e28f1ac

SHA256

a0c7a560d6659170771ecdad2ee8b11602401ab5aae8ccd84deffb0119d6de44

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(24)

Sender ip

185.222.57.171

From

"Bettie" < [email protected]>"

Subject

"3816 Outer Banks"

Attachment

"Invoice 3816 Outer Banks Report.rar"

MD5

897b9bf001cf832673ce58090e28f1ac

SHA256

a0c7a560d6659170771ecdad2ee8b11602401ab5aae8ccd84deffb0119d6de44

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(25)

Sender ip

185.222.57.171

From

"LCP MARTHA MEZA <[email protected]>"

Subject

"RE: CONFIRMAR FACTURA"

Attachment

"factura 3816.r11"

MD5

ade5b3a352bd689b9b89c05dd9f07805

SHA256

e44ee702e250c1796e4b3545729181e86f790143ce5f29be84061b3d0466bd25

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(26)

Sender ip

185.222.57.150

From

"Lenny Ciccarone <[email protected]>"

Subject

"RE: SHIPMENT PLAN OF DEC"

Attachment

"報價參.zip"

MD5

762ebbb4ab96ee0a0ed46dd8eda39174

SHA256

532012653a0b13e63b531db7af3d9fc9096637e826c36dc3a6d6e7e4d4c315e0

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    


(27)

Sender ip

143.198.55.73

From

"Mansoor Ali <[email protected]>"

Subject

"NEW ORDER 75647834984"

Attachment

"ORDER#75647834984.zip"

MD5

fc479068aca098d87db4f054a0163e11

SHA256

d4ba9b24d1e97b8a0872f8124104f4e48491eaf601b4087abb5b0407cf5f2417

Family

SnakeKeylogger

 

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA  

Article Link: Phishing Attacks 15_12_2021