If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
| Sender ip | 185.222.57.75 |
| From | "Executive Operations <[email protected]>" |
| Subject | "RE: Re AW: 45949 - Confirmation Order 3886636 Open file." |
| Attachment | "PURCHASE ORDER-890003.r00" |
| MD5 | 7d3a9e753d73e64f6593babb4a50f749 |
| SHA256 | 72ae99647b3d5a4ea568cf9091544ca96bbab701e5e275e88b37eef3b98f51ce |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
| Sender ip | 103.139.44.91 |
| From | |
| Subject | "Payment Proof for PO-MPU702734" |
| Attachment | "MPU702734-pdf.gz" |
| MD5 | 8cc223e6cc55de1d025e392e7010cc67 |
| SHA256 | 4f35c50ec3a7099c8058d999c4c8756f0230dc9c68760b61156586031fe52db3 |
| Family | Unknown |
(3)
| Sender ip | 103.139.44.91 |
| From | |
| Subject | "RFQ PO-391SXF- URGENT " |
| Attachment | "391SXF-pdf.gz" |
| MD5 | 4b9bca84a76b99a378984a901448e5aa |
| SHA256 | f3d652a1de146b29816ecbd82b3e3f012244c350f245f52bb0954ece786ad4dc |
| Family | Unknown |
(4)
| Sender ip | 91.222.7.1 |
| From | "Dennis TradeGlobal <[email protected]>" |
| Subject | "Fwd: Order Inquiry" |
| Attachment | "Order_Sample.png.img" |
| MD5 | 04a77f3faec48eef1fab1f90d0c13ce9 |
| SHA256 | 6bdd8c9323dfe3f3ce5d5c438f5062b22038e4642b6990125e06f9189d382e00 |
| Family | Unknown |
(5)
| Sender ip | 103.114.106.156 |
| From | |
| Subject | "Euro Payment Only//Revise Invoice to Euro Currency//Provide Euro Bank Details" |
| Attachment | "Inv_7623980.r15" |
| MD5 | fc6affa7cd16c60dc547d3417142dbe4 |
| SHA256 | 74895afae683396981f97ac9816f39ea4f0c0588355ea6e7696034aa1650d6f8 |
| Family | Unknown |
(6)
| Sender ip | 185.222.57.72 |
| From | "ANZ Kiribati <[email protected]>" |
| Subject | "RE:TT Payment advice P44898408970-1 from Australia and " |
| Attachment | "P44898408970-1.zip" |
| MD5 | 0aa67c12db0e3ea16a183f2625b0b31d |
| SHA256 | 4a919c78e17213d98f10f49a921bf41164e6206e63bc3cbe487092b078189a0a |
| Family | Unknown |
(7)
| Sender ip | 185.222.57.72 |
| From | "David Ng <[email protected]>" |
| Subject | "RECONFIRM BANK DETAILS FOR PAYMENT" |
| Attachment | "BANK DETAILS.zip" |
| MD5 | d96806deb211163cce64cb6d8bfe76e1 |
| SHA256 | fe9a3933128b2954090c969682e654f1349ed093f45d4bd2e8546beff5497654 |
| Family | Unknown |
(8)
| Sender ip | 185.222.57.72 |
| From | "Mohammad Rashedul Alam<[email protected]>" |
| Subject | "Request to URGENT REQUIREMENT! ( Ref : 10M-86776)" |
| Attachment | "Ref 10M-86776.zip" |
| MD5 | 569c5034055681e0b6fe61e6aed888d0 |
| SHA256 | 8ed5b07f6059f515eb428156e40bf1e192ec7cfde40fa64d0938b7edea8fd3e9 |
| Family | Unknown |
(9)
| Sender ip | 103.139.45.212 |
| From | "Irene Chan<[email protected]>" |
| Subject | "Payment Invoice" |
| Attachment | "Payment_invoice.zip" |
| MD5 | d3564945f7bca84c662520b8417d3b39 |
| SHA256 | a6bd7955c36addf2593f1fd2ec04ea6557db2e1e2af523ca750f5923116994c0 |
| Family | Unknown |
(10)
| Sender ip | 45.137.22.75 |
| From | "Ravi jaitly"<[email protected]>" |
| Subject | "Purchase Order 4110043899" |
| Attachment | "Released Order.r15" |
| MD5 | 6c8eba98915a064fcad85ae98528877e |
| SHA256 | 6dab315ebf0f7fee41c9a2377512f4d2a98b0e1c27cc6980324c0820fcf163df |
| Family | Unknown |
(11)
| Sender ip | 172.93.164.220 |
| From | "Tana Medic <[email protected]>" |
| Subject | "Items Description for Quote" |
| Attachment | "DOC98374933_JULY2021.iso" |
| MD5 | c6c39101ee5c94dff00cd940617d0294 |
| SHA256 | 9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a |
| Family | OskiStealer |
(12)
| Sender ip | 172.93.164.220 |
| From | "Tana Medic <[email protected]>" |
| Subject | "Items Description for Quote" |
| Attachment | "DOC98374933_JULY2021.iso" |
| MD5 | c6c39101ee5c94dff00cd940617d0294 |
| SHA256 | 9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a |
| Family | OskiStealer |
(13)
| Sender ip | 185.222.57.75 |
| From | "Export Manager <[email protected]>" |
| Subject | "RE: Re Forwarded Payment slip Confirmation attached bill No. 2652-21-22O open attach file." |
| Attachment | "Payment slip.r00" |
| MD5 | b5b2779d4fbbac3dcfbd03397782e528 |
| SHA256 | ddade50a00b5a1e9b4c41b2d8f79be151b55e52a240378e2e2a10f4fca67d03f |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(14)
| Sender ip | 40.107.67.64 |
| From | "Gagnon-Rolland, Marianne" <[email protected]>" |
| Subject | "=?iso-8859-1?Q?TR_:_R=E9clamation_de_Gain?=" |
| Attachment | "Remise.docx" |
| MD5 | bf6840f282a788c22d47afa80c9f850a |
| SHA256 | e03772203fb29e8893bf4e0664c4bdd16b36177ee694cf9047e5d8251edeec40 |
| Family | Unknown |
(15)
| Sender ip | 103.139.44.91 |
| From | |
| Subject | "payment advice 10-06-21" |
| Attachment | "Swift-pdf.gz" |
| MD5 | af9bb5934be920668eb417cdb72f7148 |
| SHA256 | 5c12f69c9907c35269bc9893b25c5440583167d7384d838c285bd97b8726337b |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
| Sender ip | 185.222.58.104 |
| From | "Azarudeen<[email protected]>" |
| Subject | "CARGO ARRIVAL NOTICE-MEDICOM AWB:098-88679080" |
| Attachment | "CARGO ARRIVAL.lzh" |
| MD5 | ded00ce5f2d97d2c052322e83c814d20 |
| SHA256 | a0c5b8f728ee17e96b5e49b9ba5de873331dda3f5751efc0665d22b3491c6139 |
| Family | Unknown |
(17)
| Sender ip | 45.137.22.75 |
| From | |
| Subject | "RE: Payment Advice for SN 951606" |
| Attachment | "HSBc20210216B1.r15" |
| MD5 | e4a4399e36ec35372d36c2c3fc3b9da3 |
| SHA256 | 00738e5877d85de04dce218a652c689db6ce03926ed4d27efaa2b9f2670e8739 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
| Sender ip | 185.222.57.75 |
| From | "Export Manager <[email protected]>" |
| Subject | "RE: Re: Re: AW: Ref No.46116- Qoutation Inquiry download file." |
| Attachment | "Purchase Order-46116.r00" |
| MD5 | 6dee8a69c588a2cb06e4e844ee92f3b3 |
| SHA256 | 29eefeb71cbe62702ee8a28df21a8cff6a030a14f92583d9e1f3cd57600e316c |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(19)
| Sender ip | 203.124.11.93 |
| From | "Julius G. Ramas <[email protected]>" |
| Subject | "QUOTATION REQUIRED" |
| Attachment | "QUOTATION.tar.gz" |
| MD5 | 0343a4901e5c4cf535dedc473010a80f |
| SHA256 | 9fff4cf47a6bc7a063864d90715f6edcb12ef9582106ab0e0dbf7e84cbae3b59 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
| Sender ip | 185.222.57.72 |
| From | "Mohammad Rashedul Alam<[email protected]>" |
| Subject | "Request to URGENT REQUIREMENT! ( Ref : 10M-86776)" |
| Attachment | : "Ref 10M-86776.zip" |
| MD5 | c223ea5319157c107c0f59f8120af147 |
| SHA256 | d5aaa5af1ffb58a3e7ac83653521b6d3d0f5dfb9f3be3b1b324482906c6e1346 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(21)
| Sender ip | 185.222.57.72 |
| From | "Caterina Rebora <[email protected]>" |
| Subject | "RE:Commission Payment Form " |
| Attachment | "Payment Form.zip" |
| MD5 | b95574f0b21fb85e7d2dd96a0a026594 |
| SHA256 | c01f41a2f928c4e3b9bc4130e059095d87994146625fc71708c7bc85f5dae09a |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(22)
| Sender ip | 45.137.22.38 |
| From | "Rayeez Raja" <[email protected]>" |
| Subject | "Second Invoice Overdue Notice" |
| Attachment | "Second Invoice Overdue Notice.wim.tar" |
| MD5 | 14169794d8615087d914881bb421566d |
| SHA256 | d2ef9477fd0faf7f5cbf4cba2c39301cf3b3081b4f392083d21eac2555377f1c |
| Family | SnakeKeylogger |
(23)
| Sender ip | 37.0.11.194 |
| From | "jessica<[email protected]>" |
| Subject | "Deposit slip." |
| Attachment | "Deposit slip.arj" |
| MD5 | 6d58e3e81fb649bc2590291075f4527b |
| SHA256 | 35b7180a93ebdc908cd25c04511e9761497d046422dbb3b5f1cd0627c0fc9b47 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(24)
| Sender ip | 195.58.39.197 |
| From | "Svetlana Hristenko"<[email protected]>" |
| Subject | "Re: ORDER." |
| Attachment | "ORDER407-395.ace" |
| MD5 | c002fb890ed879bfc9919b22f50bf764 |
| SHA256 | aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b |
| Family | NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..
(25)
| Sender ip | 45.35.196.153 |
| From | "BEIJING GUANGHUA TIMES CO.LTD <[email protected]>" |
| Subject | "Sales Contract & PO NO-00234517BE/2021" |
| Attachment | "doc-00234517BE.iso" |
| MD5 | 4b4b1585fe76a888eda17c40fb163e53 |
| SHA256 | 11b09cc2d87dc87734ea25e219603fd0fc0b789b4605e4aeb56787f2a76d4e68 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 23_7_2021