If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip | 91.247.145.78 |
From | "Kevin Fang <[email protected]>" |
Subject | "RE: MISTAKEN PAYMENT" |
Attachment | "credit notification pdf.z" |
MD5 | 5e43ecd7972ed7e8810c6249411d9b22 |
SHA256 | 6c7c8b5aa8a3f0e067ae9e55f33b3e7d3b772e441cd8585fdadaa72561e5c6ed |
Family | Unknown |
(2)
Sender ip | 159.65.71.105 |
From | "Purchasing Admin <[email protected]>" |
Subject | "Order PO#800A3E4" |
Attachment | "PO 800A3E4.zip" |
MD5 | 7e05385a7f581bd4aa51c70e216a2ef0 |
SHA256 | 797d9b18dcc820b02e9a22a8ed6e65bc944e5f097509335853237ac733f339d6 |
Family | Formbook |
(3)
Sender ip | 5.206.227.95 |
From | "Carmen Torres<[email protected]>"s |
Subject | "Fw: 4th Hire Payment" |
Attachment | "invoice.z" |
MD5 | 6087be7f37cba2960a9777150c6e9d15 |
SHA256 | 000fe45623053414c6c7ef7d53693f485d4e3e27e2e0fe4e003d118e7016501f |
Family | Unknwon |
(4)
Sender ip | 45.137.22.53 |
From | "HSBC Advising Service <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[GB1690364901] " |
Attachment | "Payment Advice.rar" |
MD5 | 5e4bd71725fff39ac8a6bcc472d64c0e |
SHA256 | e22c8e63a85b05a5902a9eb7e8934c48ffa09fd4dac5365da68189771d4296b3 |
Family | Unknown |
(5)
Sender ip | 45.137.22.61 |
From | |
Subject | "FW: URGENT ORDER_NO.238275-ENQUIRY" |
Attachment | "Swift copy.r15" |
MD5 | e814f48455988959d5345f7ce3fbe78c |
SHA256 | b4bd228ebad545f0f152f8c37baa338aa76eac7749f55d5c496954834a782d07 |
Family | Unknown |
(6)
Sender ip | 110.4.42.27 |
From | "Ksenia Ryapolova" <[email protected]>" |
Subject | "=?utf-8?B?4Y6hZTog4Y6hZTogRtGhZDogQXR0YWNoZWQtUGF5bWVudCBE?= =?utf-8?B?b25lIFRvZGF5?=" |
Attachment | "Attached-Payment Done Today" |
MD5 | d2e2cdd6fa6b98ec2ce195bfc0079835 |
SHA256 | d45bd3cd9838ab93a42cfbacf31527272ea2862f18577a4fa5465d5c47f2b726 |
Family | Formbook |
(7)
Sender ip | 91.247.145.78 |
From | "NRB Commercial Bank <[email protected]>" |
Subject | "Wrong Payment details" |
Attachment | "Bank Details pdf.z" |
MD5 | fc57f298e10adcf52da5459bef2f6009 |
SHA256 | f5047237825cb59540fbd413acf1ddb83fd6122b5675506141461033c2ea0965 |
Family | Unknown |
(8)
Sender ip | 45.137.22.156 |
From | "Valcris Group<[email protected]>" |
Subject | "Re: Enquiry" |
Attachment | "SHIPPING ADVICE.zip" |
MD5 | f20714420113afb1b16f1dfe4a701c42 |
SHA256 | 95898595f6352aeb430b9b0ea8ecc363a057f8224ed81f69611db0dcab0fb969 |
Family | Unknwon |
(9)
Sender ip | 45.137.22.53 |
From | "Eric Fontes" <[email protected]>" |
Subject | "PO - RFQ # 0976028391 NEW ORDER" |
Attachment | "RFQ # 097602839 NEW ORDER.rar" |
MD5 | 520b9fe031b979ac19f5e624754bd5a0 |
SHA256 | a5073840fbd28637bc8537e99e533728d1274c402c2aa22b4550e5a647e97b07 |
Family | Unknwon |
(10)
Sender ip | 45.9.168.102 |
From | "Maria Humberts - Accounts Payables Dept <[email protected]>" |
Subject | "fwd: Payment Advice Note from 26.10.2021" |
Attachment | "USD54,884.56_202110260056MT103_0034D.ace" |
MD5 | 0cf0b292ece4583c5ce710c2ca81243b |
SHA256 | 4d6d12e951585311015e623e5ec2f97f9b8ab1249d729961a8acd4b5ebc751d6 |
Family | Unknown |
(11)
Sender ip | 37.0.10.6 |
From | |
Subject | "Urgent: PO//Inquiry Order//RFQ" |
Attachment | "New_Order_PO#960780_MT_Quote.gz" |
MD5 | eda9597e4908dbdc5a2c7a4ca4cb3925 |
SHA256 | 026a4841afc0a27a36f74e4de837e02e64853be2a67f70506ad9933116a9f669 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip | 103.167.85.70 |
From | |
Subject | "Purchase order 2900517+2906627" |
Attachment | "purchase order 2900517+2906627 pdf.7z" |
MD5 | 9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 | 3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip | 199.10.31.238 |
From | "Shruti Bhoyar <[email protected]>" |
Subject | "Quote For October 2021" |
Attachment | "OS-QTN-0320-21-Rev1.rar" |
MD5 | e98b3b25eb0f4f6e14a8b09ba517e340 |
SHA256 | 55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912 |
Family | Formbook |
(14)
Sender ip | 45.137.22.61 |
From | |
Subject | "RE : NEW ORDER" |
Attachment | "Lebanon Khayat Trading Company.r15" |
MD5 | f8f556291f188343fb61560420999421 |
SHA256 | 6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(15)
Sender ip | 167.172.91.230 |
From | "Manoj Pillai (DHL) <[email protected]>" |
Subject | "FW: DHL Express Courier Onhold for invalid Clearance and delivery" |
Attachment | "AWB D2101002050-292.zip" |
MD5 | 2705ca9846114cc34fd8e3909292b128 |
SHA256 | 6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(16)
Sender ip | 103.167.85.70 |
From | |
Subject | "Purchase order 2900517+2906627" |
Attachment | "purchase order 2900517+2906627 pdf.7z" |
MD5 | 9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 | 3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(17)
Sender ip | 103.167.85.70 |
From | |
Subject | "Purchase order 2900517+2906627" |
Attachment | "purchase order 2900517+2906627 pdf.7z" |
MD5 | 9f57c3ad7d81f07720ca6fa4405ae4a0 |
SHA256 | 3020625bf9647d6eae6fbdc414eb60bf710750a4184deaa03daba17565eccbd8 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(18)
Sender ip | 199.10.31.238 |
From | "Shruti Bhoyar <[email protected]>" |
Subject | "Quote For October 2021" |
Attachment | "OS-QTN-0320-21-Rev1.rar" |
MD5 | e98b3b25eb0f4f6e14a8b09ba517e340 |
SHA256 | 55f6c8498be7ffc9b2b17673cb0033a75ee242d78b8bb36e13e849648ad2e912 |
Family | Formbook |
(19)
Sender ip | 45.137.22.61 |
From | |
Subject | "RE : NEW ORDER" |
Attachment | "Lebanon Khayat Trading Company.r15" |
MD5 | f8f556291f188343fb61560420999421 |
SHA256 | 6be7eafa1607a79407e43bdfa79164b18f4e9ab3c95684b7d54e7395e74407b3 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(20)
Sender ip | 167.172.91.230 |
From | "Manoj Pillai (DHL) <[email protected]>" |
Subject | "FW: DHL Express Courier Onhold for invalid Clearance and delivery" |
Attachment | "AWB D2101002050-292.zip" |
MD5 | 2705ca9846114cc34fd8e3909292b128 |
SHA256 | 833b7028bbc8e154e3f45fd0a700f022847208bf6706389ef61620f8d242e49a |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 26_10_2021