Tuesday, November 29, 2016

PayPal & Bank - haccking Transfer (+10.000 usd daily)

Western Union, Bank, Paypal transfer - Haacking and Caarding transfer. Maximum 9.999$ daily.

More details on our underground market:

Email analysis :

NOTE : X-Msmail-Priority : Normal
NOTE : Return-Path : < admin@black-hack.su >
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V15.4.3538.513
NOTE : X-Remote : (keevan.fire2wire.com)
NOTE : Organization : DarkMarket
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Windows Live Mail 15.4.3538.513
NOTE : Received : from keevan.fire2wire.com (

NOTE : Received : from [] (helo=

NOTE : by keevan.fire2wire.com with esmtpsa (TLSv1:AES256-SHA:256)
NOTE : (Exim 4.69) (envelope-from < admin@black-hack.su >)
NOTE : PayPal & Bank - haccking Transfer (+10.000 usd daily)

New incoming Fax from 908.8325722

You Have a new Fax message
From: 908.8145483
Receiving date: November 28, 2016
Pages: 3

You can view your message on our website:
https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802

Thank you for using RingCentral.

Link analysis :

CLICK : https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802
OPEN : http://787.vn/wp-content/themes/tourpackage-v1-02/backup/get.php?id=dGVzdEB0ZXN0LmNvbQ==
DOWNLOAD : fax_test.doc

File analysis :

OPEN : fax_test.doc
SHA256 : c0b3934b594a23dd88a42c0e96ccbbf7f88c633a19d82833d6d9bbf47630a0c1
RESULT : fax_test.doc is a virus

Virus analysis :

Avast : VBA:Downloader-DSL [Trj]
ClamAV : Doc.Dropper.Agent-1847249
Kaspersky : Trojan-Downloader.MSWord.Agent.avj
Qihoo-360 : virus.office.gen.70
Sophos : Troj/DocDl-FTZ
Symantec : W97M.Downloader

Email analysis :

NOTE : ringcentral@faxmessage.com
NOTE : (rrcs-74-143-65-242.central.biz.rr.com)

NOTE : Mime-Version : 1.0

Compensation Payment,

Attn: Beneficiary

I wish to inform you were among the scam victims listed to be released their overdue funds by the UNITED NATIONS in conjunction with the International Monetary Fund (IMF) after the last encounter we held concerning your funds. As directed by UN secretary General Ban Ki-Moon in collaborations with the IRS, I wish to state categorically that a transfer of $10,500,000.00 will be made to your bank account as almost 99% cost associated with the transfer of your funds has been prepaid by the U.S. Government. The only fee you will pay is the cost of processing a "Fund Clearance Certificate" by the paying bank. The "Fund Clearance Certificate" is required in accordance with the U.S. Monetary Transfer or deposit Policy and it is the only fee you will have to pay before your funds can be transferred to your account. After you have paid for the above mentioned certificate, the paying bank will process it and send a copy of it to you for your perusal.

Note once again that your overdue payment will be credited into your account you will furnish with the Bank without any delay as approved by United Nations, International Monetary Fund, World Bank, and United States Government.

However, this is to inform you that we have been mandated by the United Nations Compensation Commission (UNCC) department through the Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasury to release your overdue funds directly from the United Nations Compensation Fund Account via Telegraphic Transfer into your designated bank account. Note that the above sum is the payment of compensation awarded to you for losses and trauma resulting directly from scam committed against you in line with the Resolution 1483 (2012) adopted by the United Nations Security Council Headquarters in New York following series of complaints by the victims of scam.

Urgently respond with your full name, full address, copy of identification and direct phone number so that I will furnish you with the contact information of the paying bank. Remember, they will instruct you on how to send the money to them as soon as you contact them.

Yours Sincerely,

Ms. Heidi Mendoza
Head Of United Nations Under-Secretary- General
For Internal Oversight Services.

Email analysis :

NOTE : office1001967@gmail.com
NOTE : mra0@un.org
NOTE : Received : from User (host-185-13-247-42.razorblue.net.uk [])

NOTE : by mx-out-b.razorblue.net.uk (Postfix)