If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
| Sender ip | 180.214.237.130 |
| From | |
| Subject | "Re: Re: statement of account as at 31.10.2021" |
| Attachment | "SOA pdf.rar" |
| MD5 | 57ad831188dfa3a0d56c1106664fe2e2 |
| SHA256 | ab38d722d9245dd7ebf9ae77a65249da3a4c00d61ccb98b2cc98c4d846f28814 |
| Family | AgentTesla |
(2)
| Sender ip | 103.171.1.178 |
| From | |
| Subject | "RE : Payment reminder" |
| Attachment | "DN and invoice.rar" |
| MD5 | ab0ec343c58a6e9670633b222545bd54 |
| SHA256 | b6d56dd8967f13e075b60eaa7895e49b384f295edc7bb631f45ffe128b76fbb9 |
| Family | AgentTesla |
(3)
| Sender ip | 45.137.22.152 |
| From | "MAERSK SHIPPING<[email protected]>" |
| Subject | "Re: Shipping Advice - ETD 11NOV. 2021" |
| Attachment | "shipping adv#yang.zip" |
| MD5 | e393b17c2cdb37013beea918a1b91a66 |
| SHA256 | 714b902b71b40517a390520306b735763e49c9016af3d89c2c09b46cae193233 |
| Family | AgentTesla |
(4)
| Sender ip | 104.168.201.158 |
| From | |
| Subject | "PO for November" |
| Attachment | "OrderList.pdf.rar" |
| MD5 | 19d20e0eb8505e449167c02263effda7 |
| SHA256 | d998aec2578fa42d851c05a31f4d304ea293435999d8870b8d79260fb140f6f7 |
| Family | AgentTesla |
(5)
| Sender ip | 103.232.53.21 |
| From | "Huijuan Tan <[email protected]>" |
| Subject | "=?UTF-8?B?UkUgUkU65Zue5aSNOiDlm57lpI06IOaNt+aZrjEw5pyI5a+55pWw6KGo?=" |
| Attachment | "TFT00093473 XLS.rar" |
| MD5 | 0114cfa2a1e6b0ad918fd425b79178e1 |
| SHA256 | b45ac1c33494aeae59530142ac6ec67df8b8b23494978dd72a7f8e15aab73411 |
| Family | AgentTesla |
(6)
| Sender ip | 103.232.53.21 |
| From | |
| Subject | "RE RE : bill 202109 from Yineng in Oct 13th 2021" |
| Attachment | "bill 202109 from Yineng updated in Nov 2nd 2021.rar" |
| MD5 | ef198ed20c588628699b53b2ddfa3398 |
| SHA256 | 780573243277799b60dd5b928d8d90d06ac4518b3ea95d0c187326fa8ae180de |
| Family | AgentTesla |
(7)
| Sender ip | 185.222.57.209 |
| From | |
| Subject | "RE: payment made to your account today on behalf of our banking customer" |
| Attachment | "TRANSFER SLIP.zip" |
| MD5 | 48ae05ddd817347c628db490959c64b5 |
| SHA256 | ef4698e025e48a4e52780b9dd460c40d7564fda266a93ac9a9aa7fe67abe492b |
| Family | AgentTesla |
(8)
| Sender ip | 45.137.22.114 |
| From | "Purchase" <[email protected]>" |
| Subject | "ENQUIRY" |
| Attachment | "doc02928320211103133851.BZ2" |
| MD5 | 6b9f8f9b59d4147ba993ee3fbe68c961 |
| SHA256 | 68d897a1ee40eec616467255572ec03243068279a7a19f6142a4d68cfc2376c1 |
| Family | Unknwon |
(9)
| Sender ip | 103.133.110.241 |
| From | "Elza-Dostuzade<[email protected]>" |
| Subject | "NEW BUSINESS ORDER" |
| Attachment | "PO 1230011.r01" |
| MD5 | bbbb320ee9551df294b1d9bf5d17584c |
| SHA256 | 44e01cd9485e08316f925614e4221afe15d3ad78d13665629e6c81b085784175 |
| Family | Unknown |
(10)
| Sender ip | 45.137.22.61 |
| From | |
| Subject | "RE: PURCHASE ORDER" |
| Attachment | "ORDER.zip" |
| MD5 | a00e2630aa40a79d5dfe0084415d12e4 |
| SHA256 | 30a7f860f45db81ddfe67e4e34d7ade34a6a873971cc1b6ffe43aad9bbcc02da |
| Family | Unknown |
(11)
| Sender ip | 45.137.22.49 |
| From | |
| Subject | "Confirm Of Bank Details.." |
| Attachment | "Details OF Payment.zip" |
| MD5 | fabce25b81e85abbe33d7ae862428350 |
| SHA256 | bb0e5989fc215005b121faf3978bc2b81a004ad7e2aa4d4bbaf495d740bedf1f |
| Family | Unknown |
(12)
| Sender ip | 185.222.58.155 |
| From | "Purchase (SalesFever GmbH) <[email protected]>" |
| Subject | "Re: Fw: Revised TT Transmitted Copy TRV/TT/21/43539" |
| Attachment | "Revised TRVTT214359 SWIFT MT103.img" |
| MD5 | 920e2239fa5cfe63bd0c89014e4686be |
| SHA256 | a5e8492fa98bc3cf28d9e9ad4d39b995ff3e70d8ec7b994f76c6c4a01908c012 |
| Family | AgentTesla |
13)
| Sender ip | 185.222.58.155 |
| From | "Purchase (SalesFever GmbH) <[email protected]>" |
| Subject | "Re: Fw: Revised TT Transmitted Copy TRV/TT/21/43539" |
| Attachment | "Revised TRVTT214359 SWIFT MT103.rar" |
| MD5 | 084ccb1e21063c1979fee470a9a63160 |
| SHA256 | 83470490f425ce9d777613a68541eb0a64b1c4a285da180729a280f8f966934e |
| Family | AgentTesla |
(14)
| Sender ip | 185.222.57.150 |
| From | |
| Subject | "Purchase Order" |
| Attachment | "NGrHvPohjPoDlcM.zip" |
| MD5 | d9cf0202311ae0bd69c808d008003c20 |
| SHA256 | 884a29e4c1672bd5aa300ecddb3bb095696c3ca5ebf597fa7d2348841be91ca9 |
| Family | Unknown |
(15)
| Sender ip | 45.72.78.40 |
| From | "=?UTF-8?B?QW5hdGhvbHkgRC4gQnJlZ2HDsWE=?= <[email protected]>" |
| Subject | "Purchase Order" |
| Attachment | "Purchase order.rar" |
| MD5 | 13707fddeb2358cd632f39dae36b1be8 |
| SHA256 | 02cacd03f4caada2e81f48549c59d692b008c35e49d259388b51cf00f71ce01c |
| Family | AgentTesla |
(16)
| Sender ip | 45.137.22.152 |
| From | "MAERSK SHIPPING<[email protected]> |
| Subject | "Re: Shipping Advice - ETD 11NOV. 2021" |
| Attachment | "BL-INVOICE SHIPPING DOCS.zip" |
| MD5 | a619b05ae7ea1e16ac79999ae16f3081 |
| SHA256 | 0d9c5f380a10bf115c5978171dbfb8ff98e8c3dc796177185fc8f9abc5e89653 |
| Family | Unknown |
(17)
| Sender ip | 37.49.225.158 |
| From | "Deena Sarala < [email protected]>" |
| Subject | "REQUEST FOR QUOTATION Ref. # IRQ/21/07798" |
| Attachment | "New Order 543672890.zip" |
| MD5 | a20bcbcf3677608e76bccd6f94ebbe8a |
| SHA256 | 9cb4136876f7810c8ae16b1fff6ba6c35a87b3e3c09889259895e75356bde974 |
| Family | SnakeKeylogger |
(18)
| Sender ip | 103.232.53.21 |
| From | |
| Subject | "=?UTF-8?B?UkUgUkUgOiAxMS81IOWHuui0p+i1hOaWmQ==?=" |
| Attachment | "2021193746437. XLS.rar" |
| MD5 | 7dda6a4541d87d71cb6a9bb87bba146f |
| SHA256 | cb2c507160a370b869a23826666011dcfcdbbde7f0f22d39deb8e9c4f4a8af60 |
| Family | AgentTesla |
(19)
| Sender ip | 185.222.57.150 |
| From | |
| Subject | "payment copy" |
| Attachment | "DwVoLe6Yw3B60WI.r00" |
| MD5 | 36c7366fac380f0c8af442ebc9d9a6bc |
| SHA256 | 21f411cd6d2001b4da264cba54fa81eae79aefb6743a4cbbe5dd1e9ad983fb5e |
| Family | AgentTesla |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 6_11_2021