Phishing Attacks 29_7_2021

MalBot · July 29, 2021, 4:45pm

If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .

(1)

Sender ip	192.236.161.198
From	"Gary Miles<[email protected]>"
Subject	"Fw: TNT E-invoice No: TNTMX9853 Consignment Notification"
Attachment	"TNT Einvoice No TNTMX9853 Consignment Notification Delivery_pdf.rar"
MD5	d52f0a712c20e318261cc0f8721d4195
SHA256	858e998c45ccea10426ec99047ccf24f9689057574a102f81cabf15ad663f7ac
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(2)

Sender ip	185.222.57.135
From	"Ms.Ratira<[email protected]>"
Subject	"Re: New Order EF56446"
Attachment	"New Order EF56446.r00"
MD5	471d0946334187943f3c21f48782585b
SHA256	1b4ea4b952c900c367d633a1cd94cd0a158e40f91e82cf6efd3593d4c655df6f
Family	SnakeKeylogger

(3)

Sender ip	95.142.44.80
From	"J P" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_12702453.zip"
MD5	4b344c93d63236a4995c8e7046ea566b
SHA256	90733a8befdaa677a0fe2aa9a31e335ad3888ebc912864b1cc5afcad780e64f7
Family	TrickBot

(4)

Sender ip	95.142.44.93
From	"L E" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_8394453.zip"
MD5	ca5f7cdbb1c77854601e2cf7d6a0106c
SHA256	c820c9b3a65ce631f0026073ce08b943f34f57d4468cc15b117f1b0ebb562160
Family	TrickBot

(5)

Sender ip	95.142.44.103
From	"N Z" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_33816453.zip"
MD5	e783a63cb7c6f51762675bb948c84daa
SHA256	60fc32faa410562cb420a182abccbcb625f2e3b70754fba851ab5c9e28967f65
Family	TrickBot

(6)

Sender ip	95.142.39.120
From	"Y L" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_12408453.zip"
MD5	ca4e92d05af2d0270fc6a9e1367782a5
SHA256	e217fb9c7807c9d2dab8065aedc4f5fb375840377ea8ff493b26e4db92f2f94a
Family	TrickBot

(7)

Sender ip	95.142.39.96
From	"W U" <[email protected]>"
Subject	"RECONFIRM BANK DETAILS FOR PAYMENT"
Attachment	"paperwork"
MD5	d418c8d973ee5ec4abc0ebbc660a135c
SHA256	0f1d3fc163f73faa8c0331342efd9aac2d23810303bd3ab03cf4efebf2d0c316
Family	TrickBot

(8)

Sender ip	66.94.96.60
From	"Dhl Customer Support <[email protected]>"
Subject	"[email protected]"
Attachment	"Attachment.img"
MD5	839c6e5e3093c733112b6c6a0e921045
SHA256	d50b0c8adb2ffb4d3a4b64b2f44ab11be28ad028650f17f0d9c083374cbc02ef
Family	RemcosRAT

(9)

Sender ip	95.142.40.133
From	"J I" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_86826453.zip"
MD5	f12119a61710f460b889d71fec8f4217
SHA256	0c40462e298ec3b262498d1db189d4e2915bf07c80e40981fc43914a0bc7266a
Family	TrickBot

(10)

Sender ip	95.142.44.144
From	"F L" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_18972453.zip"
MD5	f18f89e590eb4d7c5975793cf58c9acc
SHA256	b03a32e277661e838eaf2d175bbd21b20a2e66b9f9ec31f21185ec6e8515a5bf
Family	TrickBot

(11)

Sender ip	95.142.44.123
From	"C Z" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_28998453.zip"
MD5	1c98aae4605ce7fd63f29f9cd85cf407
SHA256	a60d2cc35cdd5d58b2e32b09a463ebca4a7d6690d6e8de92f4f01123f9797505
Family	TrickBot

(12)

Sender ip	95.142.44.144
From	"D M" <[email protected]>"
Subject	"written documents"
Attachment	"2021APT-28_43734453.zip"
MD5	8d63b09a656a130f22a86ecb89da26de
SHA256	b9756669acc0124718dcd8eeda936ee8639a26a4bf1c8c2b302c60cbdc1e1df6
Family	TrickBot

(13)

Sender ip	95.142.44.103
From	"C D" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_84042453.zip"
MD5	0ce2eb7ad1d012de3fd857bd86709dd3
SHA256	c5ab412eea44d50d146a80dff50e5d993f982f9222078d126dcebd1933fd650d
Family	TrickBot

(14)

Sender ip	95.142.44.108
From	"K I" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_53538453.zip"
MD5	0131c23460e863053145a172823a7284
SHA256	5e5215d626adef53796224f8c040ec3329aa4ac28ea7001108055ff94d63656a
Family	TrickBot

(15)

Sender ip	95.142.44.108
From	"W N" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_59874453.zip"
MD5	3f88397854c6f3316808cbbda9bb50b2
SHA256	61fe215873621f4b7a465a48f1189a9b51ec59a553dd3426a2dfad37e53952e1
Family	TrickBot

(16)

Sender ip	95.142.44.144
From	"A G" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_73170453.zip"
MD5	c08f2e2c909a77dead8d94d44fcbf03a
SHA256	071e2829b90e92202f1fdd8fcba3d7c8f6bd2fceab7ede345ded4dcebd50e8ab
Family	TrickBot

(17)

Sender ip	95.142.44.144
From	"C U" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_12834453.zip"
MD5	d7261d0ae1f04f3117702bc85e7d3afc
SHA256	6771fb1fac731e98451db055d7acfcda68a079e0c0c1e0bd999a70dd01e9868d
Family	TrickBot

(18)

Sender ip	95.142.44.103
From	"W U" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_16272453.zip"
MD5	218db3570d91948e0d8bff2434a26535
SHA256	94634447e43ebfd981683c39395307f7485db318a7047a9fc155d0e02b7e4378
Family	TrickBot

(19)

Sender ip	95.142.44.103
From	"Z M" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_33480453.zip"
MD5	21d48f9e1b53b5f209cc8e26425ea90e
SHA256	980fda231d5804103428c7840e220963a97e848ec21351e4e76eeed6add80dde
Family	TrickBot

(20)

Sender ip	95.142.44.103
From	"Z M" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_33480453.zip"
MD5	21d48f9e1b53b5f209cc8e26425ea90e
SHA256	980fda231d5804103428c7840e220963a97e848ec21351e4e76eeed6add80dde
Family	TrickBot

(21)

Sender ip	95.142.44.93
From	"A N" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_76992453.zip"
MD5	cb2821f2f5e33ba5c067204466578d2c
SHA256	af226be294f2b3d68170f805a46b55a8cebb285c039bb35c002d9d9a5a5205bd
Family	TrickBot

(22)

Sender ip	95.142.44.103
From	"O F" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_56052453.zip"
MD5	cc5a0bda7202f363c9c22fd6dc0ffa6a
SHA256	3275cbad6b27caf7650e454cec43e3aead3806df41ed706d96da7961dc5e5b69
Family	TrickBot

(23)

Sender ip	95.142.44.93
From	"U S" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_43326453.zip"
MD5	180d13dbb0bfdd92bb09d9455c1d489e
SHA256	a6cd8cee95d2a69dec4206e46d5fd45a0621d7d13a5c3c5e06d0ebf738b9cf2f
Family	TrickBot

(24)

Sender ip	95.142.44.108
From	"V C" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_79422453.zip"
MD5	76bf2494ac3927e8d023d8c2d3a841b7
SHA256	94c8357b7a776ea24317043ba275f48f3d43760d3ac7cfe0c676d68e6172ac12
Family	TrickBot

(25)

Sender ip	95.142.44.108
From	"F D" <[email protected]>"
Subject	"written documents"
Attachment	"2021APT-28_2346453.zip"
MD5	a6e26137cf593b18c553569d9e4ca7f4
SHA256	62e03138c52c9f1b2d79d371fb0c630a0528b347d3dc2ee1c6b16a701d28747c
Family	TrickBot

(26)

Sender ip	95.142.44.108
From	"B B" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_2346453.zip"
MD5	71824aa899df5d2f908be4e773b5c5eb
SHA256	50b294330afb8a97173573d0005ab7a65bd19e50f9fb9509f3afa0c188e7a4a2
Family	TrickBot

(27)

Sender ip	95.142.39.220
From	"M W" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_55776453.zip"
MD5	92d0c12abeb300f190b96ebca09391d0
SHA256	d9dad9af7238f83de0559e86ed777a3198356211e75638550e32c127764f2701
Family	TrickBot

(28)

Sender ip	95.142.44.108
From	"Y H" <[email protected]>"
Subject	"written documents"
Attachment	"2021APT-28_12042453.zip"
MD5	396232832c561ea732eff4a7d5206d90
SHA256	0e13e640ab9888c076f142cd4da8bd7c87015562216605f0bd4497cd9303ebce
Family	TrickBot

(29)

Sender ip	95.142.44.103
From	"U R" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_13128453.zip"
MD5	2cb1272429c830b5ccdda07a125b8fc0
SHA256	f09e58c715accf7898a9cdfcc46fafa5ef78c4a27ec19a531682d982ef1efd1c
Family	TrickBot

(30)

Sender ip	103.114.106.156
From	"DHL EXPRESS <[email protected]>"
Subject	"YOUR SHIPMENT HAS ARRIVED!"
Attachment	"DHL-PARCEL_PDF.001"
MD5	32c2a0d57a0e455a7cf758681ffc389c
SHA256	6a085e9c88499b7474d976c5803e30b2fd5535f832a0fe876ad09452ae78387f
Family	Unknown

(31)

Sender ip	185.222.57.156
From	"[email protected]"
Subject	"RE: Advance Payment"
Attachment	"copy.r15"
MD5	682da0d0e30f7a6b63823a8f00d766d2
SHA256	3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f
Family	Unknown

(32)

Sender ip	103.139.44.91
From	"[email protected]"
Subject	"RFQ: 26374, 724900Forging drawing"
Attachment	"Drawing 427351_pdf.gz"
MD5	c01780ae2a1bf9d2f55b81e243fbc266
SHA256	7dad1f099279bbb3c3c62fded12c958293698dc9d2f593a97f3d61c112729373
Family	AgentTesla

(33)

Sender ip	37.49.225.138
From	"[email protected]"
Subject	"PO 24000110582 (for RFQ NO 14000141314 + 14000140746)"
Attachment	"PO24315.doc"
MD5	49bc562e26dfc9dddfaa85255849fd5f
SHA256	93ecb5160fffdd4027631e7edc0034fefda7e541e646f26efa063ed973a66715
Family	AgentTesla

(34)

Sender ip	103.167.91.104
From	"TNT EXPRESS INC <[email protected]>"
Subject	"TNT Express //Arrival Notice // AWB #9078013580 07/28/2021."
Attachment	"AWB & Shipping Tracking Details pdf.tar"
MD5	73b2297816d781be59b08d9beb6feb11
SHA256	fdf3a76b0ceb57085c3440ecc0f9ad8c22dba1c13782e6e0c84ffc29176e169b
Family	Formbook

(35)

Sender ip	95.142.40.181
From	"E U" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_90354453.zip"
MD5	6f377c34b6d040e62d006d74b5afe3eb
SHA256	7b166fc8650debf8a17862c652b68248edd33185d185880b2cf00ea446bfc57d
Family	TrickBot

(36)

Sender ip	95.142.39.98
From	"Z W" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_34704453.zip"
MD5	e7ed0c47014f4bb3b45caa04660d215a
SHA256	281287919dc45f77d2674003df411b0f2804d23bbd9efbb33ec85e3a2c0eaf74
Family	TrickBot

(37)

Sender ip	95.142.44.148
From	"V F" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_4770453.zip"
MD5	acaf5a08659624bc8c68441c9769809d
SHA256	7f1e5d9a68e7cbc45804186bcbc5353cfc7adb4cb8a1c550f7b6903d2d1eeadd
Family	TrickBot

(38)

Sender ip	95.142.40.86
From	"K K" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_60240453.zip"
MD5	0e8c6c64585721dc451efd99941dfd75
SHA256	60e1a4b121ab80fd61b5b3a6d839daa31ff731401c72ea675fccfb17a1686cd9
Family	TrickBot

(39)

Sender ip	95.142.44.80
From	"X R" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_60060453.zip"
MD5	452349e3d8d59371d687f4ed4a25b8be
SHA256	88ae767c9a7db23a6ef6edcc979534252edfe50daa9ce63f56cf929a0817176d
Family	TrickBot

(40)

Sender ip	95.142.44.80
From	"Z J" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_47334453.zip"
MD5	b71755801d39224ff3dd69d7a5e8935d
SHA256	7768c4734702cdda636b1acf862f1b80a00886c8c6df954711e124b430512dc7
Family	TrickBot

(41)

Sender ip	95.142.44.80
From	"U C" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_58968453.zip"
MD5	72fa5e15de02c4fe391a6d633106c22b
SHA256	655c274f1e8bb9ca730c6ea3b4f84552f2d82a0c0bcb7e4acd499eb3b6f6d2bb
Family	TrickBot

(42)

Sender ip	95.142.44.80
From	"J X" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_23856453.zip"
MD5	305ef7621e4f8111d72695e48f64b092
SHA256	38e77159a2f37015485371e8c00573b06c79d14c1b89a9c4cbbd5606b9d7f992
Family	TrickBot

(43)

Sender ip	95.142.44.80
From	"Y N" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_71700453.zip"
MD5	5baa5dca1583315a7add9e550dde40fc
SHA256	0b82619071f194db8381fe5253b0c11d3f0eb951c85f944d679faed1b249a112
Family	TrickBot

(44)

Sender ip	95.142.40.36
From	"X K" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_75912453.zip"
MD5	0b924018cf8b6eb1f1bb7b2b7e4ec330
SHA256	61ab623bd589024bfe62a915679ce996afa523217bca7e814ceb61bc77250f3c
Family	TrickBot

(45)

Sender ip	95.142.39.98
From	"D W" <[email protected]>"
Subject	"files"
Attachment	"2021APT-28_74484453.zip"
MD5	958cc28548b829034291abb5b06a2ce8
SHA256	548c7d4cafde33fa6766da36371a4dd062421ea43e8337c1b61aa33e0f600dd7
Family	TrickBot

(46)

Sender ip	95.142.39.43
From	"K B" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_36090453.zip"
MD5	2b1f27eaf1041f4ef85d0694afb9c1e8
SHA256	064fbaf7a03740cb01d6ed9e173c834ac64eb659198b8dd000414fc88657a757
Family	TrickBot

(47)

Sender ip	95.142.44.123
From	"W W" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_65976453.zip"
MD5	317fabc5c9abf575ca1f690500e1c2f7
SHA256	d7ffa227a5a9f9569a387cadcb3b55d6ff79968a6cb9e86889e59bcdff205bd9
Family	TrickBot

(48)

Sender ip	95.142.44.123
From	"U Y" <[email protected]>"
Subject	"papers"
Attachment	"2021APT-28_44382453.zip"
MD5	59f9fe0c4435e859d9b8643f8e52af27
SHA256	f2ee4a9b3d60d62d484fdf9af0b325214d3a4de574b7832e9cd9b2b896c27909
Family	TrickBot

(49)

Sender ip	95.142.40.133
From	"T G" <[email protected]>"
Subject	"files"
Attachment	"2021APT-28_48630453.zip"
MD5	ced46f1ffe2fa7d75f603bcd1668e642
SHA256	46f61998e537ab7d039447132b1233c9952282c8288d43da4067df1de2a42e4c
Family	TrickBot

(50)

Sender ip	95.142.39.241
From	"F O" <[email protected]>"
Subject	"docs"
Attachment	"2021APT-28_38796453.zip"
MD5	0d34899039eec4fc21a4749e13c9f7f7
SHA256	2ea1909d1044343a1027d299f3cb3969d3c2553571c4f2360e1ae3b125615882
Family	TrickBot

(51)

Sender ip	95.142.39.120
From	"T A" <[email protected]>"
Subject	"written documents"
Attachment	"2021APT-28_62940453.zip"
MD5	3d64d044bfdddd6bc5566fcff9091f3a
SHA256	5083007a8427ece75d8ccebc61129d9da144c797fdf03e80036ce162b3380615
Family	TrickBot

(52)

Sender ip	95.142.39.120
From	"U C" <[email protected]>"
Subject	"paperwork"
Attachment	"2021APT-28_51438453.zip"
MD5	4a60c11dcd4c45ecd725801f5a23c8c2
SHA256	5a471de75bb84abcd588704d1e70c6d4515eb893a9e2bbbd751eeac8c1670467
Family	TrickBot

(53)

Sender ip	95.142.44.108
From	"N K" <[email protected]>"
Subject	"documents"
Attachment	"2021APT-28_65052453.zip"
MD5	4e231ee349971cf3c638f474523d65d8
SHA256	5350ee0827fb44e4db46b119210406e4a674a5d950485195db0d01d2a7b9cc80
Family	TrickBot

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Article Link: https://menshaway.blogspot.com/2021/07/phishing-attacks-2972021.html