Phishing Attacks 27_11_2021

 




If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here .

My udemy course


(1)

Sender ip

185.222.57.237

From

"Anthony" <[email protected]>"

Subject

"Unpaid Due Invoice For Export Order_noref S10SMG00318021"

Attachment

"TT_SWIFT_Export Order_noref S10SMG00318021.Z"

MD5

c58d5e2b828ecaed0e6688d65e6961e9

SHA256

11128ecb20c21ca6dd1bc29409c2a33de2aa5f6db4483bd1062085821d3b4186

Family

Formbook

 

(2)

Sender ip

45.137.22.156

From

"=?UTF-8?B?TWFyaW8gw4FuZ2VsIFDDqXJleiBDYXJiYWphbA==?= <[email protected]>"

Subject

"Factura correspondiente a noviembre"

Attachment

"Factura.r00"

MD5

ae7e9f9f1c5bb6eb02a9d257ff99b90d

SHA256

29bf36c6b6fd6fdc200e39fb811768cd413ba4ae7dd85ca0479a17047ecfe49c

Family

Unknown

 

(3)

 

Sender ip

103.167.93.76

From

"Hashim Abdulla" <[email protected]>"

Subject

"REQUEST FOR URGENT QUOTATION _{RFQ}"

Attachment

"PO_467889999087746346_PDF_.uu"

MD5

e74f27f6976becd6ec54a2be39583b0b

SHA256

ad437e05c9fe33a7b9a0368f65a663f7449a96c583a53483f85a88a95b815d1d

Family

Formbook

 

 

(4)

 

Sender ip

209.85.222.54

From

"FCB UK." <[email protected]>"

Subject

"Payment Notification."

Attachment

"FCB Payment Approval Letter..doc"

MD5

a8a00d83c5f3e11044176691a42fb780

SHA256

ed888c5440254e0626c897c2add0df6444821a1000f209f577e6f9e835130d61

Family

Unknown

 

(5)

Sender ip

193.56.29.188

From

"[email protected]"

Subject

"FW: REQUEST FOR THE QUOTE 180030876"

Attachment

"RFQ- PO 180030876.xlsx"

MD5

be0f492d15478f27be7e79f07a901a2b

SHA256

e624803aab79b18716fc0ba9b78e37b8a340cc129dfc47a3eaad2b17d091dae4

Family

Formbook

 

 (6)

Sender ip

199.10.31.238

From

"DHL Express <[email protected]>"

Subject

"On Demand Delivery"

Attachment

"attach-file.img"

MD5

e04d958c16df00046fe516e6ea187321

SHA256

00d0dcc155b889107ad32e90f8172490dc32280cc62e762bfa5e7deecea1099d

Family

RemcosRAT

 

(7)

Sender ip

198.23.165.240

From

"Dario Villamarin Munoz<[email protected]>"

Subject

"RE: PERFORMA INVOICE FOR SUPPLIED ITEMS"

Attachment

"CDCB-PKG04-2573-2021 -TRANSGLOBAL.docx"

MD5

b2d2d9115bd393babe0f8b177b0d45fd

SHA256

2244a4685966cfd237ab4abba59f80b8c2eabd52ccf3ea5ddc0ef431ef458991

Family

Unknown

 

(8)

Sender ip

185.222.57.209

From

"[email protected]"

Subject

"RE:Payment is completed"

Attachment

"TRANSFER SLIP.zip"

MD5

1140fe7e4671de14bc4e93b7833388d2

SHA256

439c1ca11be7919835e6a3524baa7f86355d493963aadba4fe661c3ac878553e

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(9)

Sender ip

45.137.22.187

From

"=?UTF-8?B?VElFTkRBIFZBTFBBUkHDjVNPIExBRA==?= <[email protected]>"

Subject

"=?UTF-8?B?UmU6IENvdGl6YWNpw7NuIFJGUQ==?="

Attachment

"Cotizaci�n RFQ.r00"

MD5

3e8705370c9d62dd3bd1b4db16163b87

SHA256

de1fc9c68764558d6a62d45d6b165f97f912edb095327274d41997e8b10d5541

Family

Unknown

 

(10)

Sender ip

185.222.57.237

From

"International Contracting Company" <[email protected]>"

Subject

"Reconfirm payment Information"

Attachment

"Reconfirm payment_details.rar"

MD5

fc12df534d811b1795367d0ae29f03ff

SHA256

1f52d3796cf118e643b744438f397d3a4321e44f6bf90df2b69e6cee7fdd815b

Family

Unknown

 

(11)

Sender ip

185.222.57.209

From

"[email protected]"

Subject

"RE: payment made to your account today on behalf of our banking customer"

Attachment

"TRANSFER SLIP (3).zip"

MD5

4f4f779139b34d29b831687014a8c3d3

SHA256

305d5d000b62973f16324d78f8ae38a81f1e358d599bbc26bc4745123f78f45f

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla

 (12)

Sender ip

185.222.57.209

From

"[email protected]"

Subject

"RE:Payment is completed"

Attachment

"TRANSFER SLIP.zip"

MD5

953bb3f3e78ad51aa164849fdabf8cc6

SHA256

eb317d5ea6169fd6359fd184a91c7948cce6a662a92405df636592952f1f20c0

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

(13)

Sender ip

210.56.11.43

From

"HSBC Advising Service" <[email protected]>"

Subject

"Payment Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer

Ref:[SSNSB TO #838476"

Attachment

"Document7000.xlsx"

MD5

607bac1d2dfb0d8a6859d5a67b812b5c

SHA256

4b19a3abba880de5f9fbb4dd9331add29b5ab61a5cdd7bff3c6c1933fa86146a

Family

Formbook


(14)

Sender ip

45.137.22.168

From

"Tina Wu <[email protected]>"

Subject

"ORDER INQUIRY-PVP-SP-2021-54 F.W.G-Symbiosis"

Attachment

"ORDER INQUIRY-PVP-SP-2021-59.zip"

MD5

10791efbf3a5edd898dea687f99ce49d

SHA256

e6382f39e59a7a9ee50266d28cd9ff170879d6afe9c4a7d955905c34a860af38

Family

SnakeKeylogger

(15)

Sender ip

185.222.58.155

From

"=?UTF-8?B?ZW5kZXIgZ8O2esO8bW/En2x1?= <[email protected]>"

Subject

"RE: Re: Proforma-Invoice AB22-00178"

Attachment

"Emailing Swift.r00"

MD5

b8b4d09e7110f216879e21de187e5ec0

SHA256

5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.  

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA 

Article Link: Phishing Attacks 27_11_2021