Phishing Attacks 21_7_2021

MalBot · July 21, 2021, 2:00pm

If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .

(1)

Sender ip	185.222.57.75
From	"Abrar Ahamed <[email protected]>"
Subject	"RE: Re Supply of Aggregate Sub-base download file and see more."
Attachment	"Supply of Aggregate.r00"
MD5	2ecad21fb0ad5ddb2938d7503152a7ad
SHA256	f796a3fb3b89c3361d393605988484621450a0c8a73ff2c7f44ad65d11b56892
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(2)

Sender ip	103.139.44.91
From	"[email protected]"
Subject	"RFQ RE: New PO-MPU702734"
Attachment	"MPU702734-pdf.gz"
MD5	ad0a8dc9191cebc5364ce7ee9e7b0cac
SHA256	474f8ad5170c4840a256f8c9d43b8e012f380138e2b11e629f6927726e828b91
Family	Unknown

(3)

Sender ip	46.183.223.113
From	"Roman Cheremisin <[email protected]>"
Subject	"NEW PURCHASE ORDER PO2234511"
Attachment	"Purchase Order two. doc"
MD5	bdeba8a3ea9e98c5938cb8d611f607d3
SHA256	2e174386633828e5b4c6628c7957dc843ade571ac5644f27924459a76748c706
Family	Unknown

(4)

Sender ip	46.183.223.113
From	"Roman Cheremisin <[email protected]>"
Subject	"NEW PURCHASE ORDER PO2234511"
Attachment	"Purchase Order Three .doc"
MD5	9c641651b430f3250a63877c74d77e7a
SHA256	3c77ba2d84d91215e09d96edf47de3113194ee4154b0e38b9bf5de1d4d44031d
Family	Unknown

(5)

Sender ip	103.153.79.77
From	"account-HKGROUP <[email protected]>"
Subject	"FW: DEBIT NOTE/ LOI/ Re[12]: DELAY NOTICE/ BOOKING ZIMUHCM80175843/ HCM-SAVANNAH / LINE ZIM /ETD: 03-JUL"
Attachment	"2314.zip"
MD5	dbd20da7212d4b20e9c7173125d2ff9c
SHA256	3ffac520312b87f502950dcd7832db87888555a97e96719746205ebf4acfe438
Family	SnakeKeylogger

(6)

Sender ip	38.130.221.187
From	"DAVID WONG <[email protected]>"
Subject	"CONFIRMATION ORDER"
Attachment	"CONFIRMATION ORDER.zip"
MD5	00c2c49da45965b0e22597e0bd9c3964
SHA256	6d2acc22440a4f5c15c989e4faa896b92384c6df2eec613ee1c3e66ff449c81e
Family	SnakeKeylogger

(7)

Sender ip	103.99.3.112
From	T. Selvam<[email protected]"
Subject	"Re: Purchase Order"
Attachment	"Purchase Order.r00"
MD5	51e24302c3525b761872397b55ec653c
SHA256	5dad4092465dce8d51f59b964077033e72024134a2269b929a8002e52bbbb9ad
Family	Formbook

(8)

Sender ip	165.22.211.218
From	"Bonnie Wu" <[email protected]>"
Subject	"Payment receipt"
Attachment	"Payment Receipt.zip"
MD5	98f96d0a617b4fc387011474681b6d9d
SHA256	791c59d9b13a96c15e17baf22d85ffd8e8f783909c246043ba600f9c5f36181b
Family	Formbook

(9)

Sender ip	185.222.57.156
From	"Ravi Jaitly"<[email protected]>"
Subject	"Purchase Order 4110043899"
Attachment	"Released Order.r15"
MD5	5364961cf95f94c23988ec567ca7466a
SHA256	8b82e033dd3ab1e4b2d827e7b5627b4d2a937246e4c53e5400ea94f02f5e82ee
Family	Unknown

(10)

Sender ip	45.137.22.75
From	"[email protected]"
Subject	"Re: Invoice Query "
Attachment	"PAYMENT COPY.r00"
MD5	68ca906b3a5d37a1eb8dafba33ac3f04
SHA256	f0212164481dbc5204645f14e6fd604178e2a1bbc7064e021f459b3aa49abacf
Family	Unknown

(11)

Sender ip	103.139.45.212
From	"Irene Chan<[email protected]>"
Subject	"Payment Invoice"
Attachment	"Payment_invoice.zip"
MD5	9486933add946e50daa804e8179d77f2
SHA256	19206641ad6dfe10bc758922d2917b690431b0bc6b7f45a445cdec3b1a7fb7b3
Family	Unknown

(12)

Sender ip	149.202.44.208
From	"ANTHONY MACOVICH" <[email protected]>"
Subject	"Purchase Ordr 112345"
Attachment	"order.zip"
MD5	edded1e2382bd3fa5b966f3067690cc1
SHA256	497b04efe79c9dce8bb75a37d72702eb9b703912994c5351a6792a8c217160c9
Family	NetWire

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: https://menshaway.blogspot.com/2021/07/phishing-attacks-2172021.html