Attention To This Urgent Message!

UNITED NATIONS / WORLD BANK ORGANIZATION / FBI
UNITED NATIONS HOUSE, 617/618.
BA ZENTRAL BANK, OAK-HILL HOUSE,
130 TON-BRIDGE ROAD, HILDENBOROUGH, TONBRIDGE, KENT TN11 9DZ

Our Ref: YBNGWB/UN/2016.

Attention: Dear Beneficiary,

APPROVED COMPENSATION PAYMENT AWARD OF US$1.5M.

This is to inform you that a Debit Cash Card Number 7876310003001420 Valued at US$1.5 Million United States Dollars has been accredited in your favour.Be aware that you were listed among many who have had various transactions by Republic Du Benin Cotonou banks stalled due to the inability of the corruption riddled past government. Details of the cleared proceedings were erased in a bid to loot funds. As a measure to resolve and correct these mishaps, the present government of the Federal Republic Du Benin Cotonou has approved your bank transaction and certified you to receive the money without hitch. Please contact Barrister.Gilbert Jean, an expertriate mandated by United Nations to cover all outstanding claims due to foreigners since 2014 till date. Contact him via Email:(barrister.gilbert.j.esq.org@gmail.com) with the following information to facilitate your claims as the FBI, WORLD BANK and UNITED NATIONS AUTHORITIES has made every necessary provision to ensure that payment goes to you as the beneficiary:.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,

Sir. Mike Dave.
CIV NAVSUBTORPFAC YORK.
UN ASSIGNED AGENT.

-----------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This message may contain any discussion of legal matters, hence should be taken as an authoritative interpretation of the law.
-----------------------------------------------------------------------------------------------------------------------

Email analysis :

NOTE : barrister.gilbert.j.esq.org@gmail.com
NOTE : comautomotor@speedy.com.ar
NOTE : Received : from localhost (1n1.terra.com [208.84.242.167])

NOTE : (authenticated user comautomotor!speedylm)

Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Dear valued clients,

Our company is a professional manufacturer for Bluetooth earphone,Bluetooth hearing protection earphone, Bluetooth noise cancellation headphone etc., products section, We have been a pioneer for Bluetooth earphone, hearing protection earphone, Active noise cancellation headphone etc., since 2006.

Trust our 10 years of manufacturing experience and strong R & D capability, our professional and powerful 8 members in house R & D team will make your OEM/ODM orders happen!

Contact us today for more our products information and prices lists, look forward receiving your feedback!

Warmest regards,
Frank Young,

Email analysis :

NOTE : huixinsoft41@foxmail.com
NOTE : Return-Path : < tzvseqjkp@wlrl.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : base64
NOTE : Sender : Frank
NOTE : Received : from unknown (HELO wlrl.com) (60.167.133.108)

NOTE : Received : from PC-20150903UGRM ([127.0.0.1])
NOTE : Bluetooth earphone, Bluetooth hearing protection earphone, Bluetooth active noise cancellation headphone

Good Day How are you doing.

Good Day,

My name is Miss Ayeisha Nafisa Muhammad a 22 years old girl from Syria, and my father is late Hafez Amin Muhammad who was killed on August 2015 by the Islamic State Terrorist.

I saw your email profile on Google search and I become interested to know you more. I will be very happy to know more about you because I have some thing very important to tell you.

Attachment here is my photo; please reply me so that we can know each other and exchange pleasantries and more photos

Regards
Ayeisha Nafisa Muhammad.

my photo1.jpg

File analysis :

File seems clean : my photo1.jpg
Transmission Reference : UXta1tuzNqKzviXdJnfx
IPTC Digest : b634d4e5e8b221057ad73dd3236c03a6

Instructions :

FBMD01000abf030000e6080000ab100000b6110000ed120000f11700000522000017230000882400001e26000063370000

Special Instructions :

%14%13%03%d3]4%d1%a6%df%d3}4%d3G%ba%d3%cd4%d3F%9b%d7M4%d3F%fa%d7]4%d3G%9d%d7m4%d3G%f5%d7%bd4%d3M9%dbm4%d3M{%db}4%d3O<%db%8d4%d3M^%db%ad4%d3N%b7%df%bd4%d3

Email analysis :

NOTE : ayeishanafisa@yahoo.com
NOTE : Return-Path : < ayeishanafisa@yahoo.com >
NOTE : Mime-Version : 1.0
NOTE : X-Yahoo-Newman-Property : ymail-3

Disposition à prסpos de la ligne mobile (Phishing Free)

Bon jour

CFR

( Centre

Francais de

Recouvrement )

Screenshot of the email :

Email analysis :

NOTE : infos@titowape.com
NOTE : Content-Type : text/html; charset=UTF-8
NOTE : Content-Type : application/xhtml+xml
NOTE : Content-Disposition : inline
NOTE : Return-Path : < prefet@paroles-musique.com >
NOTE : Content-Transfer-Encoding : base64
NOTE : Received : from paroles-musique.com ([104.36.17.205])
NOTE : Disposition à prסpos de la ligne mobile

Phishing analysis :

CLICK : Se connecter
OPEN : http://dakarp.com/jame*.asp
RESULT : Phishing was removed
RESULT : Phishing attempt...

Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Iazalde.Ludwig@alpestour.com
sent you some files
The updated agreement with RTS Consulting

Download

Files (6.24 MB total)
SageAccts 2016-06-29.zip
Will be deleted on
30 June, 2016

Get more out of WeTransfer, get Plus

About WeTransfer Contact Legal Powered by Amazon Web Services To make sure you can receive our emails, please add noreply@wetransfer.com to your trusted contacts

Link analysis :

CLICK : Download
OPEN : https://www.cubbyusercontent.com/pl/SageAccts+2016-06-29.zip/_24cfcb038b1b4223ae0b4d0cc41ecdbe
DOWNLOAD FILE : SageAccts 2016-06-29.zip

File analysis :

FILE : SageAccts 2016-06-29.zip
SHA256 : b50fe4e0b2bfa1e8157c306e7293fb9d097a91b99bf34621a3246211bb5368e2

FILE IS A TROJAN !!!

Avira (no cloud) : HEUR/Suspar.Gen
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*@alpestour.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : 1.161.133.80;

NOTE : Iazalde.Ludwig@alpestour.com has sent you a file via WeTransfer

Kindly respond for more details

Am Captain Kelvin Ken Miller currently I need you assistant to move some funds out of Iraq

Email analysis :

NOTE : genjohnwnicholson@ighomail.com
NOTE : abruant@virgilio.it
NOTE : Received : from User (unknown [105.227.180.214])

NOTE : by neptune.exsilia.net (Postfix)