Phishing Attacks 26_10_2021

 

If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here .

My udemy course


(1)

Sender ip

91.247.145.78

From

"Kevin Fang <[email protected]>"

Subject

"RE: MISTAKEN PAYMENT"

Attachment

"credit notification pdf.z"

MD5

5e43ecd7972ed7e8810c6249411d9b22

SHA256

6c7c8b5aa8a3f0e067ae9e55f33b3e7d3b772e441cd8585fdadaa72561e5c6ed

Family

Unknown

 

(2)

Sender ip

159.65.71.105

From

"Purchasing Admin <[email protected]>"

Subject

"Order PO#800A3E4"

Attachment

"PO 800A3E4.zip"

MD5

7e05385a7f581bd4aa51c70e216a2ef0

SHA256

797d9b18dcc820b02e9a22a8ed6e65bc944e5f097509335853237ac733f339d6

Family

Formbook

 

(3)

 

Sender ip

5.206.227.95

From

"Carmen Torres<[email protected]>"s

Subject

"Fw: 4th Hire Payment"

Attachment

"invoice.z"

MD5

6087be7f37cba2960a9777150c6e9d15

SHA256

000fe45623053414c6c7ef7d53693f485d4e3e27e2e0fe4e003d118e7016501f

Family

Unknwon

 

 

(4)

 

Sender ip

45.137.22.53

From

"HSBC Advising Service <[email protected]>"

Subject

"Payment Advice - Advice Ref:[GB1690364901] "

Attachment

"Payment Advice.rar"

MD5

5e4bd71725fff39ac8a6bcc472d64c0e

SHA256

e22c8e63a85b05a5902a9eb7e8934c48ffa09fd4dac5365da68189771d4296b3

Family

Unknown

 

(5)

Sender ip

45.137.22.61

From

"[email protected]"

Subject

"FW: URGENT ORDER_NO.238275-ENQUIRY"

Attachment

"Swift copy.r15"

MD5

e814f48455988959d5345f7ce3fbe78c

SHA256

b4bd228ebad545f0f152f8c37baa338aa76eac7749f55d5c496954834a782d07

Family

Unknown

 

 (6)

Sender ip

110.4.42.27

From

"Ksenia Ryapolova" <[email protected]>"

Subject

"=?utf-8?B?4Y6hZTog4Y6hZTogRtGhZDogQXR0YWNoZWQtUGF5bWVudCBE?=

=?utf-8?B?b25lIFRvZGF5?="

Attachment

"Attached-Payment Done Today"

MD5

d2e2cdd6fa6b98ec2ce195bfc0079835

SHA256

d45bd3cd9838ab93a42cfbacf31527272ea2862f18577a4fa5465d5c47f2b726

Family

Formbook

 

(7)

Sender ip

91.247.145.78

From

"NRB Commercial Bank <[email protected]>"

Subject

"Wrong Payment details"

Attachment

"Bank Details pdf.z"

MD5

fc57f298e10adcf52da5459bef2f6009

SHA256

f5047237825cb59540fbd413acf1ddb83fd6122b5675506141461033c2ea0965

Family

Unknown

 

(8)

Sender ip

45.137.22.156

From

"Valcris Group<[email protected]>"

Subject

"Re: Enquiry"

Attachment

"SHIPPING ADVICE.zip"

MD5

f20714420113afb1b16f1dfe4a701c42

SHA256

95898595f6352aeb430b9b0ea8ecc363a057f8224ed81f69611db0dcab0fb969

Family

Unknwon

 

(9)

Sender ip

45.137.22.53

From

"Eric Fontes" <[email protected]>"

Subject

"PO - RFQ # 0976028391 NEW ORDER"

Attachment

"RFQ # 097602839 NEW ORDER.rar"

MD5

520b9fe031b979ac19f5e624754bd5a0

SHA256

a5073840fbd28637bc8537e99e533728d1274c402c2aa22b4550e5a647e97b07

Family

Unknwon

 

(10)

Sender ip

45.9.168.102

From

"Maria Humberts - Accounts Payables Dept <[email protected]>"

Subject

"fwd: Payment Advice Note from 26.10.2021"

Attachment

"USD54,884.56_202110260056MT103_0034D.ace"

MD5

0cf0b292ece4583c5ce710c2ca81243b

SHA256

4d6d12e951585311015e623e5ec2f97f9b8ab1249d729961a8acd4b5ebc751d6

Family

Unknown

 

(11)

Sender ip

37.0.10.6

From

"[email protected]"

Subject

"Urgent: PO//Inquiry Order//RFQ"

Attachment

"New_Order_PO#960780_MT_Quote.gz"

MD5

eda9597e4908dbdc5a2c7a4ca4cb3925

SHA256

026a4841afc0a27a36f74e4de837e02e64853be2a67f70506ad9933116a9f669

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

 (12)

Sender ip

103.167.85.70

From

"[email protected]"

Subject

"Purchase order 2900517+2906627"

Attachment

"purchase order 2900517+2906627 pdf.7z"

MD5

9f57c3ad7d81f07720ca6fa4405ae4a0

SHA256

3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8

Family

AgentTesla

     If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.

(13)

Sender ip

199.10.31.238

From

"Shruti Bhoyar <[email protected]>"

Subject

"Quote For October 2021"

Attachment

"OS-QTN-0320-21-Rev1.rar"

MD5

e98b3b25eb0f4f6e14a8b09ba517e340

SHA256

55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912

Family

Formbook

(14)

Sender ip

45.137.22.61

From

"[email protected]"

Subject

"RE : NEW ORDER"

Attachment

"Lebanon Khayat Trading Company.r15"

MD5

f8f556291f188343fb61560420999421

SHA256

6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(15)

Sender ip

167.172.91.230

From

"Manoj Pillai (DHL) <[email protected]>"

Subject

"FW: DHL Express Courier Onhold for invalid Clearance and delivery"

Attachment

"AWB D2101002050-292.zip"

MD5

2705ca9846114cc34fd8e3909292b128

SHA256

6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3

Family

AgentTesla

     If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.


(16)

Sender ip

103.167.85.70

From

"[email protected]"

Subject

"Purchase order 2900517+2906627"

Attachment

"purchase order 2900517+2906627 pdf.7z"

MD5

9f57c3ad7d81f07720ca6fa4405ae4a0

SHA256

3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8

Family

AgentTesla

     If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(17)

Sender ip

103.167.85.70

From

"[email protected]"

Subject

"Purchase order 2900517+2906627"

Attachment

"purchase order 2900517+2906627 pdf.7z"

MD5

9f57c3ad7d81f07720ca6fa4405ae4a0

SHA256

3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8

Family

AgentTesla

     If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(18)

Sender ip

199.10.31.238

From

"Shruti Bhoyar <[email protected]>"

Subject

"Quote For October 2021"

Attachment

"OS-QTN-0320-21-Rev1.rar"

MD5

e98b3b25eb0f4f6e14a8b09ba517e340

SHA256

55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912

Family

Formbook

(19)

Sender ip

45.137.22.61

From

"[email protected]"

Subject

"RE : NEW ORDER"

Attachment

"Lebanon Khayat Trading Company.r15"

MD5

f8f556291f188343fb61560420999421

SHA256

6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3

Family

AgentTesla

    If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(20)

Sender ip

167.172.91.230

From

"Manoj Pillai (DHL) <[email protected]>"

Subject

"FW: DHL Express Courier Onhold for invalid Clearance and delivery"

Attachment

"AWB D2101002050-292.zip"

MD5

2705ca9846114cc34fd8e3909292b128

SHA256

833b7028bbc8e154e3f45fd0a700f022847208bf6706389ef61620f8d242e49a

Family

AgentTesla

     If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 




Article Link: Phishing Attacks 26_10_2021