(1)
| Sender ip | 198.244.135.246 |
| From | "China DHL Express <[email protected]" |
| Subject | "=?UTF-8?B?44CQ5Lit5aSW6L+QLeaVpuixquOAkeeUteWtkOWPkeelqCjlj5Hnpajlj7c6NzQ3MjU3OTQ=?=" |
| Attachment | "DHL_document11022020680908911.doc.zip" |
| MD5 | 88c83af974071b0ceddd87f41a5a3c2a |
| SHA256 | ac565d2abad42c40e8f622677fd68246d28aeb39a3c1c2c24caa2853b7f7b5af |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(2)
| Sender ip | 37.49.225.172 |
| From | |
| Subject | "RE: PAYMENT ADVICE" |
| Attachment | "Payment Advice.ace.zip" |
| MD5 | de51ebfcac7ee6e6c56799e68d77a350 |
| SHA256 | b4e9f765030310d800c7d2efb75837130770ddb5788c699d40648558d50f8288 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(3)
| Sender ip | 194.49.78.216 |
| From | "Info Cordoba <[email protected]>" |
| Subject | "Re: Payment" |
| Attachment | "Payment Advise.7z" |
| MD5 | 09d54756c5654318ef0a1f5d526a1fb3 |
| SHA256 | 3c6d138f6873dc416fb3ef2b3a57ed0afa41022c37fdd98a609d730bd0c684e7 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(4)
| Sender ip | 45.143.147.194 |
| From | "Engr. Gao Qing<[email protected]>" |
| Subject | "RE:NEW ORDER CTPO18542#" |
| Attachment | "attachments.zip" |
| MD5 | 7b1069c13e708747013c54f5e5fb169d |
| SHA256 | 04cbfb054ba2e12e1804dae485ae854ba1baec7b11a834ce407aa86920306ad9 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(5)
| Sender ip | 72.249.68.195 |
| From | "HALIM KHATER <[email protected]>" |
| Subject | "RE:Proforma Invoice" |
| Attachment | "PROFORMA INVOICE210505133444.xlsx" |
| MD5 | f1564a3a6e6a3227169d136c2652eaf2 |
| SHA256 | 195f8028bfd632ee22ff9c3e25de3b118f0847fb21fbe91ba722ecbbfa5f2869 |
| Family | Formbook |
(6)
| Sender ip | 31.210.20.71 |
| From | |
| Subject | "MV GENCO RESOLUTE/ DISPORT AGENCY NOMINATION/" |
| Attachment | "MV GENCO RESOLUTE VOY 1 DESCRIPTION.zip" |
| MD5 | c5998c37bb12bff5907a843e108890eb |
| SHA256 | a6556b7eed95166b68b090b32ae7a802a924f22b0fc3e5bc9ed7ee77183ef392 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(7)
| Sender ip | 31.210.21.118 |
| From | |
| Subject | "RE: RFQ - Shipment #61417" |
| Attachment | "Pre Shipment Doc..rar" |
| MD5 | b8b48f2c320b197144c9df81e5f6f84a |
| SHA256 | a981422143bfa19a5c5f715cae64c88919092a17cd2c3982ece0bbe7350621bc |
| Family | SnakeKeylogger |
(8)
| Sender ip | 159.89.162.212 |
| From | "Rowland Sales <[email protected]>" |
| Subject | "FW: Reminder this is the Revised Purchase Order for invoice #87726" |
| Attachment | "PO Revised #87726.xlsx" |
| MD5 | 2fba2aea6cde2c0ed216396f9a4b9a90 |
| SHA256 | 017701bd35ed869f05270d7751c0c436008abc9ed68257d3045064d55c8e1fd0 |
| Family | NanoCore |
If you wanna know how to analysis NanoCore Malware you can check my analysis in YouTube NanoCore
(9)
| Sender ip | 45.137.22.149 |
| From | |
| Subject | "RE:Balance Payment" |
| Attachment | "proforma invoice.r00" |
| MD5 | 68c616d41b682e6858274540d81b2aac |
| SHA256 | 63b1cd3b4bd84bc36bd121bfd7640f5ed1c6eff5faa8bf797b349cfcd7fee23e |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(10)
| Sender ip | 103.139.44.91 |
| From | "KIM HON <[email protected]>" |
| Subject | "PROFORMA INVOICE" |
| Attachment | "PROFORMA INVOICE.rar" |
| MD5 | 625f88d5ddd8a19d6f28d748c6643c26 |
| SHA256 | bb6626743742717768ceedefffbf11e322e680bb1646a30e724fa691cb04d586 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(11)
| Sender ip | 31.210.20.250 |
| From | "Sohaib Muzaffar <[email protected]>" |
| Subject | "=?UTF-8?B?UmVxdWVzdCBmb3IgUHJvcG9zYWwg4oCTIEJ5Y28gIHByb2plY3QuIChSZWYgIyA1MTAwMDEwMDQwKQ==?=" |
| Attachment | "Request for Proposal � Byco project. (Ref # 5100010040).zip" |
| MD5 | 5986d226b10c441caa648aa0b8221253 |
| SHA256 | c4fb42df0a30f4d84ee0a444f343754738747afcebefbdcb33428109327f4625 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(12)
| Sender ip | 45.95.168.182 |
| From | "MSC import service <[email protected]>" |
| Subject | "MSC Arrival Notification Vessel: MSC EMMA/Voyage: IS116R ETA:6-MAY-21" |
| Attachment | "Original BL_cargo arrival notice_pdf.gz" |
| MD5 | 9ab93ee5d5c33f5d2e24d7da3d7c0548 |
| SHA256 | 92fa3ff0d5172b171d48e6a2b6ea7f9a64acf8a1da47da598666067ad8bfa000 |
| Family | Loki |
(13)
| Sender ip | 194.49.78.216 |
| From | "Account Dept. <[email protected]>" |
| Subject | "Re: Outgoing SWIFT COPY " |
| Attachment | "OUTGOING SWIFT.7z" |
| MD5 | 24778468ba622dda56135ad34490e34e |
| SHA256 | d5912aec05ecea868637f1e96ebd705a15ba0f2cae7eb8cd5aa149d8dcc64060 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(14)
| Sender ip | 64.150.160.67 |
| From | "=?UTF-8?Q?DHL_Global_Mail_Inc_=C2=A9?= <[email protected]>" |
| Subject | "DHL Shipment Notification Status: AWB811470484778" |
| Attachment | "DHL Shipment Notification Status AWB81147048477820212906-pdf.gz" |
| MD5 | f68cb2cbcaa1b0fafd01abe0266ee377 |
| SHA256 | bde8c4b7d07982a0fc2f3ee6a5e3b5f3d0868b9ec89c57b86953088bd87e5eb0 |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(15)
| Sender ip | 103.139.44.91 |
| From | |
| Subject | "RFQ_ANCHOR E280" |
| Attachment | "TJ190001-P-IW-DP-GA-2047-pdf.gz" |
| MD5 | 654d4c7b05ae70c261902a67491dad6e |
| SHA256 | 1e1345d2a58358d921cc27865cd7c972b53a9b8718c9ab23428ad3c687f9ffca |
| Family | AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla
(16)
| Sender ip | 5.39.86.24 |
| From | ""Joeane Hiap" <@petronas.com.ml" |
| Subject | "RE:RE:PETRONAS SOA FOR APRIL 2021" |
| Attachment | "SOA FOR APRIL.cab" |
| MD5 | 120cdb51978f2b4f035cbc8cbe3368a4 |
| SHA256 | 1c90e49314b25bd25286a00d7144d2785f1b6bf3d34c96d021025ad26b209cfa |
| Family | Loki |
(17)
| Sender ip | 40.92.90.77 |
| From | "Fabulous Reward. <[email protected]>" |
| Subject | "Quest Recognition." |
| Attachment | "ENCORE.docx" |
| MD5 | 340cbe45fc0a00576f478ab8d647a6ce |
| SHA256 | cd738e08b99aa563dde5793df51c3a5a8945c97ff067823b4090ebb1874dfd80 |
| Family | unknown |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Article Link: Phishing Attacks 6_5_2021