Your LogMein.com subscription has expired! (Virus)

Dear client,

You are receiving this message because your subscription for LogMeIn Central has expired.
We were not able to charge you with the due amount because your credit card was declined.

You can download the bill directly from the LogMeIn website:
https://accounts.logme.in/billing.aspx?clusterid=0724&view_bill_id=3716 4647&file_type=doc

Please use another credit card or payment method in order to avoid complete service interruption.

Event type: Credit Card Declined
Account email: *.*
At: 21/11/2016

If you need more help, visit LogMeIn Support at:
http://solutions.logmein. com/SalesContactUs

Important Security Notice:
LogMeIn will never for your password or other sensitive information by email.

(Please don't reply to this email, as it's sent from an address that's not monitored.)

© LogMeIn Inc

Virus analysis :

CLICK : https://accounts.logme.in/billing.aspx?clusterid=0724&view_bill_id=3716 4647&file_type=doc
OPEN : https://reg.vn/en/view_bill.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
DOWNLOAD : lgm_bill89831.doc
lgm_bill89831.doc : VIRUS

lgm_bill89831.doc analysis :

SHA256 : fc1f1845e47d4494a02407c524eb0e94b6484045adb783e90406367ae20a83ac
FILE : lgm_bill89831.doc
ALYac : Trojan.Downloader.W97M.Gen
Ad-Aware : W97M.Downloader.ESE
AegisLab : Troj.Downloader.Msword.Agent!c
Arcabit : W97M.Downloader.ESE
BitDefender : W97M.Downloader.ESE
Cyren : W97M/Nastjencro
ESET-NOD32 : VBA/Kryptik.T
Emsisoft : W97M.Downloader.ESE (B)
F-Prot : New or modified W97M/Nastjencro
F-Secure : Trojan:W97M/Nastjencro.A
GData : W97M.Downloader.ESE
Ikarus : Trojan-Downloader.VBA.Agent 20161121
Kaspersky : Trojan-Downloader.MSWord.Agent.auz
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
eScan : W97M.Downloader.ESE
Microsoft : TrojanDownloader:O97M/Donoff!map
Sophos : Troj/DocDl-FQK
Symantec : W97M.Downloader
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : W2KM_HANCITOR.AUSTT
TrendMicro-HouseCall : W2KM_HANCITOR.AUSTT

Email analysis :

NOTE : billing@secure-lgm.com
NOTE : Received : from wsip-70-165-74-172.hr.hr.cox.net
NOTE : (HELO secure-lgm.com) (70.165.74.172)

Update your mobile phone (LogMeIn Phishing)

LogMeIn

Update your mobile phone

Get started with two-step verification

Two-step verification adds a second layer of protection to your account. Just like cash machine that protects your money by requiring a card and a PIN.

How it will protect you

After entering your LogMeIn ID and password, you will also be required to enter a one-time code that you get from a mobile authenticator app or via email or sms.

Get Started

Note: Getting two-step verification enabled is now mandatory to continue using your account, if any account is fails to subscribe two-step verification will be blocked without any further notice.

Replies to this email are not monitored.
Email intended for ***

© LogMeIn Inc, 320 Summer St., Boston MA, 02210

Message ID - ***

***

Phishing analysis :

CLICK : Get Started

OPEN : http://www.infolex.lt/ta/Redirect.aspx?Url=http://accounts.logme.in.login.aspx.clusterid.bioder.com.tr/images/.x/logme/index.php

REDIRECT : http://accounts.logme.in.login.aspx.clusterid.bioder.com.tr/images/.x/logme/index.php

SCREENSHOT :

CLICK : LOG IN

SCREENSHOT :

SCREENSHOT :

Email analysis :

NOTE : test@mg-bielefeld.de
NOTE : client-ip=94.205.155.2;

NOTE : Received : from static.130.139.9.176.clients.your-server.de
NOTE : ([176.9.139.130] helo=[127.0.0.1])

NOTE : by arbfinancial.com
NOTE : Content-Type : multipart/alternative; boundary="--_com.android.email_***