Tuesday, November 22, 2016

Your LogMein.com subscription has expired! (Virus)

Dear client,

You are receiving this message because your subscription for LogMeIn Central has expired.
We were not able to charge you with the due amount because your credit card was declined.

You can download the bill directly from the LogMeIn website:
https://accounts.logme.in/billing.aspx?clusterid=0724&view_bill_id=3716 4647&file_type=doc

Please use another credit card or payment method in order to avoid complete service interruption.

Event type: Credit Card Declined
Account email: *.*
At: 21/11/2016

If you need more help, visit LogMeIn Support at:
http://solutions.logmein. com/SalesContactUs

Important Security Notice:
LogMeIn will never for your password or other sensitive information by email.

(Please don't reply to this email, as it's sent from an address that's not monitored.)

© LogMeIn Inc

Virus analysis :

CLICK : https://accounts.logme.in/billing.aspx?clusterid=0724&view_bill_id=3716 4647&file_type=doc
OPEN : https://reg.vn/en/view_bill.php?id=d2VibWFzdGVyQHJiY2FmZS5jb20=
DOWNLOAD : lgm_bill89831.doc
lgm_bill89831.doc : VIRUS


lgm_bill89831.doc analysis :

SHA256 : fc1f1845e47d4494a02407c524eb0e94b6484045adb783e90406367ae20a83ac
FILE : lgm_bill89831.doc
ALYac : Trojan.Downloader.W97M.Gen
Ad-Aware : W97M.Downloader.ESE
AegisLab : Troj.Downloader.Msword.Agent!c
Arcabit : W97M.Downloader.ESE
BitDefender : W97M.Downloader.ESE
Cyren : W97M/Nastjencro
ESET-NOD32 : VBA/Kryptik.T
Emsisoft : W97M.Downloader.ESE (B)
F-Prot : New or modified W97M/Nastjencro
F-Secure : Trojan:W97M/Nastjencro.A
GData : W97M.Downloader.ESE
Ikarus : Trojan-Downloader.VBA.Agent 20161121
Kaspersky : Trojan-Downloader.MSWord.Agent.auz
McAfee : W97M/Dropper.cu
McAfee-GW-Edition : W97M/Dropper.cu
eScan : W97M.Downloader.ESE
Microsoft : TrojanDownloader:O97M/Donoff!map
Sophos : Troj/DocDl-FQK
Symantec : W97M.Downloader
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : W2KM_HANCITOR.AUSTT
TrendMicro-HouseCall : W2KM_HANCITOR.AUSTT

Email analysis :

NOTE : billing@secure-lgm.com
NOTE : Received : from wsip-70-165-74-172.hr.hr.cox.net
NOTE : (HELO secure-lgm.com) (70.165.74.172)