If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip | 185.222.57.237 |
From | "Anthony" <[email protected]>" |
Subject | "Unpaid Due Invoice For Export Order_noref S10SMG00318021" |
Attachment | "TT_SWIFT_Export Order_noref S10SMG00318021.Z" |
MD5 | c58d5e2b828ecaed0e6688d65e6961e9 |
SHA256 | 11128ecb20c21ca6dd1bc29409c2a33de2aa5f6db4483bd1062085821d3b4186 |
Family | Formbook |
(2)
Sender ip | 45.137.22.156 |
From | "=?UTF-8?B?TWFyaW8gw4FuZ2VsIFDDqXJleiBDYXJiYWphbA==?= <[email protected]>" |
Subject | "Factura correspondiente a noviembre" |
Attachment | "Factura.r00" |
MD5 | ae7e9f9f1c5bb6eb02a9d257ff99b90d |
SHA256 | 29bf36c6b6fd6fdc200e39fb811768cd413ba4ae7dd85ca0479a17047ecfe49c |
Family | Unknown |
(3)
Sender ip | 103.167.93.76 |
From | "Hashim Abdulla" <[email protected]>" |
Subject | "REQUEST FOR URGENT QUOTATION _{RFQ}" |
Attachment | "PO_467889999087746346_PDF_.uu" |
MD5 | e74f27f6976becd6ec54a2be39583b0b |
SHA256 | ad437e05c9fe33a7b9a0368f65a663f7449a96c583a53483f85a88a95b815d1d |
Family | Formbook |
(4)
Sender ip | 209.85.222.54 |
From | "FCB UK." <[email protected]>" |
Subject | "Payment Notification." |
Attachment | "FCB Payment Approval Letter..doc" |
MD5 | a8a00d83c5f3e11044176691a42fb780 |
SHA256 | ed888c5440254e0626c897c2add0df6444821a1000f209f577e6f9e835130d61 |
Family | Unknown |
(5)
Sender ip | 193.56.29.188 |
From | |
Subject | "FW: REQUEST FOR THE QUOTE 180030876" |
Attachment | "RFQ- PO 180030876.xlsx" |
MD5 | be0f492d15478f27be7e79f07a901a2b |
SHA256 | e624803aab79b18716fc0ba9b78e37b8a340cc129dfc47a3eaad2b17d091dae4 |
Family | Formbook |
(6)
Sender ip | 199.10.31.238 |
From | "DHL Express <[email protected]>" |
Subject | "On Demand Delivery" |
Attachment | "attach-file.img" |
MD5 | e04d958c16df00046fe516e6ea187321 |
SHA256 | 00d0dcc155b889107ad32e90f8172490dc32280cc62e762bfa5e7deecea1099d |
Family | RemcosRAT |
(7)
Sender ip | 198.23.165.240 |
From | "Dario Villamarin Munoz<[email protected]>" |
Subject | "RE: PERFORMA INVOICE FOR SUPPLIED ITEMS" |
Attachment | "CDCB-PKG04-2573-2021 -TRANSGLOBAL.docx" |
MD5 | b2d2d9115bd393babe0f8b177b0d45fd |
SHA256 | 2244a4685966cfd237ab4abba59f80b8c2eabd52ccf3ea5ddc0ef431ef458991 |
Family | Unknown |
(8)
Sender ip | 185.222.57.209 |
From | |
Subject | "RE:Payment is completed" |
Attachment | "TRANSFER SLIP.zip" |
MD5 | 1140fe7e4671de14bc4e93b7833388d2 |
SHA256 | 439c1ca11be7919835e6a3524baa7f86355d493963aadba4fe661c3ac878553e |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
Sender ip | 45.137.22.187 |
From | "=?UTF-8?B?VElFTkRBIFZBTFBBUkHDjVNPIExBRA==?= <[email protected]>" |
Subject | "=?UTF-8?B?UmU6IENvdGl6YWNpw7NuIFJGUQ==?=" |
Attachment | "Cotizaci�n RFQ.r00" |
MD5 | 3e8705370c9d62dd3bd1b4db16163b87 |
SHA256 | de1fc9c68764558d6a62d45d6b165f97f912edb095327274d41997e8b10d5541 |
Family | Unknown |
(10)
Sender ip | 185.222.57.237 |
From | "International Contracting Company" <[email protected]>" |
Subject | "Reconfirm payment Information" |
Attachment | "Reconfirm payment_details.rar" |
MD5 | fc12df534d811b1795367d0ae29f03ff |
SHA256 | 1f52d3796cf118e643b744438f397d3a4321e44f6bf90df2b69e6cee7fdd815b |
Family | Unknown |
(11)
Sender ip | 185.222.57.209 |
From | |
Subject | "RE: payment made to your account today on behalf of our banking customer" |
Attachment | "TRANSFER SLIP (3).zip" |
MD5 | 4f4f779139b34d29b831687014a8c3d3 |
SHA256 | 305d5d000b62973f16324d78f8ae38a81f1e358d599bbc26bc4745123f78f45f |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(12)
Sender ip | 185.222.57.209 |
From | |
Subject | "RE:Payment is completed" |
Attachment | "TRANSFER SLIP.zip" |
MD5 | 953bb3f3e78ad51aa164849fdabf8cc6 |
SHA256 | eb317d5ea6169fd6359fd184a91c7948cce6a662a92405df636592952f1f20c0 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(13)
Sender ip | 210.56.11.43 |
From | "HSBC Advising Service" <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[GLVA21251547] / Priority payment / Customer Ref:[SSNSB TO #838476" |
Attachment | "Document7000.xlsx" |
MD5 | 607bac1d2dfb0d8a6859d5a67b812b5c |
SHA256 | 4b19a3abba880de5f9fbb4dd9331add29b5ab61a5cdd7bff3c6c1933fa86146a |
Family | Formbook |
(14)
Sender ip | 45.137.22.168 |
From | "Tina Wu <[email protected]>" |
Subject | "ORDER INQUIRY-PVP-SP-2021-54 F.W.G-Symbiosis" |
Attachment | "ORDER INQUIRY-PVP-SP-2021-59.zip" |
MD5 | 10791efbf3a5edd898dea687f99ce49d |
SHA256 | e6382f39e59a7a9ee50266d28cd9ff170879d6afe9c4a7d955905c34a860af38 |
Family | SnakeKeylogger |
(15)
Sender ip | 185.222.58.155 |
From | "=?UTF-8?B?ZW5kZXIgZ8O2esO8bW/En2x1?= <[email protected]>" |
Subject | "RE: Re: Proforma-Invoice AB22-00178" |
Attachment | "Emailing Swift.r00" |
MD5 | b8b4d09e7110f216879e21de187e5ec0 |
SHA256 | 5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Article Link: Phishing Attacks 27_11_2021