Phishing Attacks 5_8_2021

MalBot · August 5, 2021, 3:15pm

If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here .

(1)

Sender ip	213.142.132.19
From	"Nuria Cabo <[email protected]>"
Subject	"IMPORTE 347 Y FACTURA PENDIENTE DE PAGO"
Attachment	"21.08.0260.rar"
MD5	f2041a9ab4cb5317a7a563b711463a94
SHA256	17b5d1c0ba36bc24ac297279e0388d57b8bf5e5cbdbf408e7592627af8f0bf6f
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(2)

Sender ip	203.159.80.109
From	"Ludwig Reiner <[email protected]>"
Subject	"CAN YOU SUPPLY IN A REQUIREMENTS ORDER CONTRACT?"
Attachment	"P.O Contract #007676.r01"
MD5	8c093f5b8a7931a73a9cb03245990d80
SHA256	69fb385f09b26bb2d7a720f53cd4491bc4406860b0889bc8ad25c3ff37f983c1
Family	Formbook

(3)

Sender ip	136.144.41.60
From	"Celine Meier"<[email protected]>"
Subject	"MV Evaluna // port enquiry"
Attachment	"Evaluna description.zip"
MD5	497cad6bb8a5a173d1de40158d17e880
SHA256	2a94b70b3e30d5bb002f48cb8ae7855d060f71c0d79ad4be4117f3024810ef12
Family	SnakeKeylogger

(4)

Sender ip	139.59.44.121
From	"<[email protected]>"
Subject	"Fw: Swift Payment Advise [email protected] - Ref: [Eu39174QX01U6] "
Attachment	"Swift Payment.zip"
MD5	369e1851186d2e818147b765ff6a1cea
SHA256	b4c614bf403f35f5b360c419580bd6595783c8d75d5b16daa4824a7787596b3c
Family	Formbook

(5)

Sender ip	45.137.22.144
From	"[email protected]"
Subject	"RE: NEW ORDER"
Attachment	"70654 SSEBACT.r15"
MD5	3794526627f434412799c1c770df18a0
SHA256	47240e06964716275c84e0afc9379c7bf1e253da8c1cf28c8ead8d5185814cb6
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(6)

Sender ip	202.55.132.5
From	"Mike Jansen" <[email protected]>"
Subject	"RE: Re: [Top Urgent] [Top] New Order for P/O: 2070121/SN-WS for Urgent Shipment"
Attachment	"Purchase Order 2070121 SN-WS.Pdf.iso"
MD5	a92f2000f313179189819fa74c20064e
SHA256	0dc3ebc01a431373c4587f2222879eb61b2255c8355bee94e2e62e90483f17cb
Family	Formbook

(7)

Sender ip	37.0.8.149
From	"Jane Shao Zhen Liu" <[email protected]>"
Subject	"=?UTF-8?B?UkU6IFVuaWRlbnRpZmllZCBwYXltZW50IC0g6K+35qOA5p+l44CC?="
Attachment	"Payment_check.pdf.iso"
MD5	890b7c0f09c0bb7f8d539698bb1643d6
SHA256	b911f32ff4fe71ffdabcaefac949d37b087fc16faaa2cf450b56b2f3f9c14a8d
Family	NanoCore

If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore..

(8)

Sender ip	185.222.57.75
From	"Yasser Gamal<[email protected]>"
Subject	"Re: Re: Fw: Download the attachment file to confirm outstanding amount."
Attachment	"Outstanding Amount.r00"
MD5	20c91fe068e8c73ac194398c87118b59
SHA256	757e30d7a402856bd55c4a8f84cab25fcc1e01f3b7365cce3e91a7775322987c
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

(9)

Sender ip	81.21.70.244
From	"DHL Express <[email protected]>"
Subject	"=?UTF-8?Q?DHL=E5=8D=95=E5=8F=B7__SHIPMENT_NOTIFICATION_FOR_INCOM?= =?UTF-8?Q?ING__AIR_WAYBILL?="
Attachment	"RECEIPT_pdf.rar"
MD5	312062576b8c6ce5e204e37f5745bd52
SHA256	c881770186468637dd024971988c9147593f437833e767e6ca252be27b7ca82b
Family	AZORult

(10)

Sender ip	185.222.57.68
From	"HIEN" <[email protected]>"
Subject	"New order from Milan Hien"
Attachment	"SALES ORDER.zip"
MD5	599dfa297a7933c72569f0a715a94e5a
SHA256	0c8b4552d5808ddc4dac11749b00e950fc815824500944ed75a32ca46281e105
Family	Unknown

(11)

Sender ip	155.94.142.140
From	"=?UTF-8?B?T3LDp3VuIFZhcm9sc3Vu?=<[email protected]"
Subject	"210803 RFQ of New Project(Akimmetal W452-001)_Rev2"
Attachment	"W452-001.zip"
MD5	1aa098f1192085265284be05137384f3
SHA256	61ff536f01689f4b04f0ab41d3f6e217391f255191893f1faedd6334a72faa36
Family	AgentTesla

If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.

If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥

YouTube channel

Article Link: Phishing Attacks 5_8_2021