If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .
(1)
Sender ip | 194.31.98.47 |
From | "Mr. Daniel Zhao<[email protected]>" |
Subject | "Proforma invoice payment" |
Attachment | "Payment Copy.zip" |
MD5 | bb4dde2a2433bedfd2c6bedab19a8c12 |
SHA256 | 6da35e1f392e0a4b0235cc81cf68b39970aafda21030d2fea6af7bcc74e40045 |
Family | Formbook |
(2)
Sender ip | 45.58.34.21 |
From | "account <[email protected]>" |
Subject | "Re: Proforma Invoice 2796 / confirmation for Payment" |
Attachment | "Proforma Invoice_2796_xlsx.arj" |
MD5 | 83ba6d0051c75780ba34f08cb02333b1 |
SHA256 | 6dbb568a27ba00004d455a2bd66439c2fca1f9948fc6f4c19371862ea2d8c25e |
Family | Formbook |
(3)
Sender ip | 185.222.57.233 |
From | "Benjamin Martinez Bonilla <[email protected]>" |
Subject | "Re: Pago" |
Attachment | "Pago.001" |
MD5 | 8179e8d9b30b978278500bcf4c30ab1e |
SHA256 | 67b86d0361a567e04ddaf54753ecb70e5fcdf894caa5e051cbf615121326c8c0 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip | 185.102.170.181 |
From | "HSBC Advising Service" <[email protected]>" |
Subject | "Payment Advice - Advice Ref:[A1NtIO94cfao] / ACHcredits / Customer Ref:[1015676834] / Second Party Ref:[2002028205] |
Attachment | "Payment Advice - Advice Ref[A1NtIO94cfao].gz" |
MD5 | 213e50ff19cba2a393149aedc41103ed |
SHA256 | bda2bc4dc57a7c748348cdb4756349af46c3bee0943bec60afc4d48ad23594eb |
Family | Unknown |
(5)
Sender ip | 37.49.225.131 |
From | "Gauri .G <[email protected]>" |
Subject | "RFQ - CP22037 // Quotation for Materials #BSST-CP22670A-1" |
Attachment | "RFQ - CP22037 Quotation for Materials #BSST-CP22670A-1.pdf.arj" |
MD5 | d6e36bb85d98e9fcc7800cc2499ba2cd |
SHA256 | edca8a81cf317bfee1b549f6b3ece655d3a3595d179b253ae11bb8e96436bd05 |
Family | Formbook |
(6)
Sender ip | 185.222.57.188 |
From | "Ahmet AYDIN <[email protected]>" |
Subject | "RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC" |
Attachment | "pipe & valve BOQ.pdf.xz" |
MD5 | 9f0ef6ac989f1f3b430b6e8c0d4d854f |
SHA256 | 08a828eacfad53f42ac7cbb2184690202db0a2eb2c82a9b548e35b6e277d45dc |
Family | SnakeKeylogger |
(7)
Sender ip | 185.222.57.188 |
From | "Ahmet AYDIN <[email protected]>" |
Subject | "RFQ: YKL GLOBAL METAL SERVICE - TR / flange request from NPSC" |
Attachment | "Generic Pipe Master SDRL Rev 2.pdf.xz" |
MD5 | f797aded8037bd22c90db56ddb7cd89f |
SHA256 | 811143cbf29068b4248600a57441ce0a2a1cf5194473a287c2ac9eab05552927 |
Family | SnakeKeylogger |
(8)
Sender ip | 178.62.41.228 |
From | "Andrzej Budziak <[email protected]>" |
Subject | "SKM_2872106104863364 CONTRACT 2022" |
Attachment | "Contract.gz" |
MD5 | 0edb0ac46978ea19cd8a7d1593603dc3 |
SHA256 | b732982c4bcbf62d6fbab3b1e1ddd3764a8f99a17d1e8f679632f891b65c03ce |
Family | RemcosRAT |
(9)
Sender ip | 185.222.57.233 |
From | "Sales <[email protected]>" |
Subject | "Re: Quote" |
Attachment | "Quote.r11" |
MD5 | 210512f01ddf3ea6f59026054820cae8 |
SHA256 | cd9d8ce9ca80265854e70ba9148f9e22ab4d7018eecea466618098ec8f8f74be |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(10)
Sender ip | 193.56.29.132 |
From | |
Subject | "RFQ - inquiry no. WPS- 3602-2022" |
Attachment | "RFQ-WPS-3602.xlsx" |
MD5 | 0181ddead2fc2a2a1eba3819d7f6237a |
SHA256 | a6d67eac3f8ec8b8b72469dc712fa468da42451215ac27bd81e394e55aab4e15 |
Family | Formbook |
(11)
Sender ip | 2.58.149.14 |
From | |
Subject | "Quote order#098799" |
Attachment | "5092134.zip" |
MD5 | ef3ca757554e2b0359aa8d1b7d5bac28 |
SHA256 | dd97a028f4656cf793b963960e8eb1b27243cf135a39ec796470e0328c59fb2f |
Family | Formbook |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Article Link: Phishing Attacks 5_4_2022