(1)
Sender ip | 185.222.58.149 |
From | "Ms. Joyce Ji"<[email protected]>" |
Subject | "=?UTF-8?B?UmU6IHVwZGF0ZWQgU09BIGFzIG9mIHRvZGF5wqA=?=" |
Attachment | "SOA.zip" |
MD5 | 48f052905ecb341dd62327b8a1e5bdfb |
SHA256 | c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(2)
Sender ip | 45.137.22.37 |
From | "Mahsa Ghanbari<[email protected]>" |
Subject | "=?UTF-8?B?5Zue5aSNOnBheW1lbnQ=?=" |
Attachment | "Payment.lzh" |
MD5 | ff9a0d5f14e8e7e2047598bd9a5c31e8 |
SHA256 | 14ac5b878eb9921c7b5c7254942d6ab0710cefb854903ccd9fc2eeabfabe3ced |
Family | Formbook |
(3)
Sender ip | 199.10.31.237 |
From | |
Subject | "Please Treat As Urgent. RFQ: Request For Price List and FOB To Lebanon." |
Attachment | "RFQ PRICE LIST FOR LEABANON 8938920993.gz" |
MD5 | 77cb24d370aa5ba444145475e54c18e1 |
SHA256 | c707123e3beed92fe4a4634c4226ec1311655e9b17130d5c68c1b2957408eb32 |
Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
Sender ip | 45.137.22.37 |
From | "Abdelmajid IJRHA<[email protected]>" |
Subject | "Purchase Order 0060/2021" |
Attachment | "Purchase Order.lzh" |
MD5 | 2dd3723b9fabd34ceb136238aef1ae61 |
SHA256 | 049674fef8d2f0a5c42b8372d3ebf8a1dc5986a0a4376890882b32e3dbf58ead |
Family | Formbook |
(5)
Sender ip | 185.222.58.149 |
From | "baylee.zhan<[email protected]>" |
Subject | "=?UTF-8?B?UkU6IEFTUMSwTMSwQyAtIExJTkNPIFNQQVJFIFBBUlRTIE9GRkVSIC0gQVdBIFRvcmJlbiBBLiAtIDIwMDc3MTYy?=" |
Attachment | "QUOTATION 062021.zip" |
MD5 | 0ee9dcafb7793c4b51e10c99daca3a3e |
SHA256 | 3457fde676690634562161d4ef48c07156196d72090b2f6f0a1ca7420991cf51 |
Family | Unknown |
(6)
Sender ip | 194.163.137.85 |
From | "Dhl Customer Support <[email protected]>" |
Subject | "Delivery Failed" |
Attachment | "Attachment.iso" |
MD5 | 1c5b945e98ccce2afda3a151177b32fd |
SHA256 | c6c2b5aa2eccb88adec7b239804cab89a7c81b432b6e9a2d74cbfc8626869247 |
Family | RemcosRAT |
(7)
Sender ip | 185.222.58.153 |
From | "Interplex<[email protected]>" |
Subject | "RE: INVOICE SC1289" |
Attachment | "INVOICE SC1289.zip" |
MD5 | 081c7f0993e65adeb2b72ce5fe878db0 |
SHA256 | 3c3e4ab4c7f951f407783c91146c7233446440d28f6c6834a533b667178c4b3c |
Family | SnakeKeylogger |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 5_6_2021