Phishing Attacks 4_12_2021

 


If you wanna learn how to detect phishing emails  only by your eye , you can check my udemy course here .

My udemy course


(1)

Sender ip

31.24.158.28

From

"Barry Deasy <[email protected]>"

Subject

"Re: Purchase Order PO20211027STK"

Attachment

"Purchase Order PO20211027STK.z"

MD5

6c24b895b5e54e8a7ef3d11f4f18c381

SHA256

3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150

Family

GuLoader

 

(2)

Sender ip

38.103.244.107

From

"HR-Manager johnlay.ch <[email protected]>"

Subject

"YOUR EMPLOYMENT STATUS"

Attachment

"SALARY_RECEIPT.iso"

MD5

696526b7ca61198e1304656929396d79

SHA256

0ca257181b3bca58c10339a0009b6373a88ff5faef9b07f1ac5c6b15fb85e605

Family

Formbook

 

(3)

 

Sender ip

2.56.59.78

From

"[email protected]"

Subject

"DHL Shipping Document"

Attachment

"Shipping Document.jpg.ace"

MD5

de0db7d0abd74d617dc815e13a41388b

SHA256

65a8197891e366a49f8577460a9aaa89ca583cfbec7aac0847d9ccbf75842b1a

Family

Loki

 

 

(4)

 

Sender ip

45.137.22.189

From

"Rohan" <[email protected]>"

Subject

"Fwd: payment copy"

Attachment

"print_01.rar"

MD5

fb0fcfe1c1dd1230b7638168bb611148

SHA256

64c77b664168d14cdf8e6f496dfb85843c1d5b24ffc7c6b5a7756a0872f6673b

Family

SnakeKeylogger

 

(5)

Sender ip

185.222.58.155

From

"funami-int <[email protected]>"

Subject

"Over Due proforma invoice for payment"

Attachment

"proforma invoice packing list.7z"

MD5

fc17d1c66efb0295841b8c3e98e43585

SHA256

e53e055f73bf831b81bdfbfebd66fa4168a637322af475e226d1d591cf49127c

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

 (6)

Sender ip

45.87.62.168

From

"Jocelyn Tousignant <[email protected]>"

Subject

"Re: PG4636 - Confirmed"

Attachment

"PG4636 - Confirmed .xls.zip"

MD5

be067ef8a7a292aad57ce40ea68fc580

SHA256

afa5a92d8aacd7771dcb1c0a3e9151b5d3639e5b5d6661a0583ea9d93b967db8

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

(7)

Sender ip

185.222.57.209

From

"[email protected]"

Subject

"Re:fwd: URGENT REQUEST"

Attachment

"TRANSFER SLIP.zip"

MD5

89f87c6aa7d7ccdc49b335e44359afa7

SHA256

aa48a588430e423effde1f2e227c787514e3a072801fc2944ae258e00e2ec59f

Family

AgentTesla

 

(8)

Sender ip

212.192.246.122

From

"[email protected]"

Subject

"payment copy"

Attachment

"payment copy.zip"

MD5

51d3f014595c2b04f5ee5f0e6a6b6736

SHA256

69f3fe2cb60ac42ef8c40632555435044fac763f32f16dc3834fcaa0b9c1ee8f

Family

Loki

 

(9)

Sender ip

185.222.58.106

From

"Vijay" <[email protected]>"

Subject

"New order dated 1-12-2021"

Attachment

"No.1089765423012021_inquiry.zip"

MD5

62e913bfe9400696bf0cefb4d6e5e745

SHA256

7b2b019833000669a61ff58756311596663a48775af9426765d45a5ea397f27d

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

(10)

Sender ip

194.85.248.110

From

"Bosoni Lorella<[email protected]>"

Subject

"RE: Re: REQUEST FOR INVOICE BL. AWSMUNDAR3606-21"

Attachment

"BL. AWSMUNDAR3606-21.zip"

MD5

b4be89227289f2785ea2ddf6007d1b67

SHA256

5ba269a524a386908df78d49c779eb701d3eca1bf15f6dca223aa1f9988d8631

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.    

(11)

Sender ip

103.167.93.76

From

"Eric Ye" < [email protected]>"

Subject

"URGENT REQUEST FOR SPECIFICATION"

Attachment

"REQUEST FOR SPECIFICATION_JPG IMAGE.uu"

MD5

62e55328189c53381575d6cbda316b86

SHA256

a61a1b250c1091d1068778d166e75c02246130043a03026e34b2a3d35b793db0

Family

Formbook

 (12)

Sender ip

103.167.93.76

From

"Eric Ye" < [email protected]>"

Subject

"URGENT REQUEST FOR SPECIFICATION"

Attachment

"RFQ_83636736893_JPG IMAGE.7z"

MD5

cd29a6ac678cc6100264c8b934048e7d

SHA256

79bf76f7e85b0e55d7c16a58a90c41e281d37b8c806d78653dc16d319bf89f01

Family

FormBook

 

(13)

Sender ip

183.111.126.148

From

"Alerts <[email protected]>"

Subject

"Holydays highlights: Want to plan ahead?"

Attachment

"lifehacks_6582318243.docx"

MD5

0b25f074b1a7ee7e3a553bdaeb43d11b

SHA256

0aadc47fb5644a461486c1c46ac4139f7db57df540dbc80faa0a1501bedff956

Family

Dridex

 

(14)

Sender ip

185.144.29.141

From

"A Thomas Petersen <[email protected]>"

Subject

"Ref Gulfood 2021 Purchase order "

Attachment

"Gulfood 2021 Purchase order 403 urgent spec.tar.gz"

MD5

7b31bd3c88f283ba078f6917b444c711

SHA256

7ae7d148ef1f7ce42b9d4ef546c7b34c4c1e9f501d48d7358cb3995cd5150c23

Family

AveMariaRAT

(15)

Sender ip

185.222.58.105

From

"David" <[email protected]>"

Subject

"INVOICE CONFIRMATION TO PROCEED WITH PAYMENT"

Attachment

"INVOICE.zip"

MD5

15399ee8f9c1c99806ea7e155b1dd720

SHA256

e309a432d780486b1bad1716e2aee617acad9aac62cdbebb9615689373978ff4

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(16)

Sender ip

199.10.31.237

From

"Emma Downey" <[email protected]>"

Subject

"RE: Proforma Invoice-EB01122021"

Attachment

"PI#EB01122021.rar"

MD5

c96d95b605deb2a37903efedefd2ddde

SHA256

d863ac93c86fe3294e12cc5c5d41c233568854922a94e4213a79c405850b9c5a

Family

RemcosRAT

(17)

Sender ip

194.85.248.110

From

"MAERSK SHIPPING<[email protected]>"

Subject

"Re: Shipping Advice - ETD 11DEC. 2021"

Attachment

"SHIPPING ADVICE ASEAN.zip"

MD5

7535f1abc6ca54d6296b84f64e54202c

SHA256

0cf41981215a5ff601b361de4829764dd7b0ca81193fe3a7d291968da6ced314

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(18)

Sender ip

79.141.165.201

From

"andygong <[email protected]>"

Subject

"Swift copy"

Attachment

"Swift copy.7z"

MD5

9fce80c4ac594f4686fa7e114decd0f6

SHA256

b0ebcb139acedfb47ff77eb189aca21e2bd5de158be0c8615b434df9e264b1f6

Family

Formbook

(19)

Sender ip

103.28.70.63

From

"=?UTF-8?B?5byg5Li95pWP?= <[email protected]>"

Subject

"=?UTF-8?B?5Zue5aSNOiBSRVFVRVNUIEZPUiBCQUxBTkNFIFBBWU1FTlQgT1JFRjogNjg1MC4xMS4yMQ==?="

Attachment

"swift 02.12.21.xlsx"

MD5

ca21ae1c13784a8b5c7c3f684dc12414

SHA256

3ff533b427c96584e26d5d5634a03d31c5b582d077a2891222b70b0b44cec7eb

Family

Formbook

(20)

Sender ip

207.210.201.159

From

"Accounting <[email protected]>"

Subject

"Your subscription plan TERMINATED"

Attachment

"new offers885111832.docx"

MD5

0aaa6f0186a7804c407c268651ddf512

SHA256

116f0f9b74f5a9b47bf1e1023249c678e2931e7b5d3dd14a56e6bb2fa6676b00

Family

Dridex

(21)

Sender ip

202.55.135.222

From

"Kai Kim" <[email protected]>"

Subject

"Purchase order confirmation."

Attachment

"New order documents. pdf....................gz"

MD5

ebbfc8df39e32fe0b39efa48d741d44c

SHA256

b9430da874e58b6c0ad8e30f39cd57a8ffcb863eedc4aaa75ecb4d7ab2d3d8a5

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(22)

Sender ip

104.223.42.165

From

"[email protected]"

Subject

"RE:_Reply:_RE_:_RFQ_No.Order 8200004038_DAIDO-2021-QPE-Q63440093-0001_//_A-5555-1239_&_A-5004-0808"

Attachment

"No.Order 8200004038.rar"

MD5

29abb3040e010e2600fadc73675c0491

SHA256

9f22091e006aab35e3021487b1a7a3bd2584cb38bdf737fe5cfcfb7a58f5fccf

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(23)

Sender ip

45.137.22.93

From

"Broucek, Lukas <[email protected]>"

Subject

"Rechnung 3199900-331"

Attachment

"Rechnung 3199900-331_pdf.img"

MD5

5049d02483f1a153852025f16bea9261

SHA256

bccfde7df8d659a4bb697a1bc7bc9c9d9b4585cce8d3744e1847f7fb634084a5

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(24)

Sender ip

202.55.135.222

From

"Robert Chen" <[email protected]>"

Subject

"Purchase order"

Attachment

"Po docs. pdf...............................r16"

MD5

520491b040ed3fdea7a877acee2f9ca1

SHA256

625d77dfe7f5dd78fa40accd4e84a12cb5387e6de68f771d0f138e97a18a2959

Family

AgentTesla

If you wanna know how to analysis AgentTesla Malware you can      check my analysis in YouTube  AgentTesla.   

(25)

Sender ip

206.189.129.162

From

"Purchase3 <[email protected]>"

Subject

"PO & TT 02D12M2021Y"

Attachment

"PO & TT 02D12M2021Y.zip"

MD5

0ab0b8f624d5d47da0066e8da428c8a7

SHA256

964975c386f2de7ed9f03bb51a3f1d167f2feb93c04a97ca7c01c8ddc427eef8

Family

Unknown

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥  

YouTube channel 

          https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA  


Article Link: Phishing Attacks 4_12_2021