Vous avez reçu (1) message (Phishing Crédit Agricole)

Bonjour

Nouvelle information disponible sur votre messagerie
Consultez vos mails en cliquant ci-dessous:

ACCÉDER À MES COMPTE

Nous vous remercions de votre confiance.

Cordialement
Directeur de la relation clients

Reproduction dûment autorisée depuis www.pcmag.com. © 2016 Ziff Davis, LLC. All rights reserved.
Pour être sûr de recevoir nos emails, ajoutez l’adresse mail@info.adobesystems.com à votre carnet d’adresses, vos contacts ou votre liste d’expéditeurs approuvés.

Screenshot of the email :

Email analysis :

NOTE : _CREDIT.AGRlCOLE_@zizsoft.com
NOTE : Content-Type : text/html; charset=iso-8859-1
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < "mailto:er"@zizsoft.com >
NOTE : Received : from zizsoft.com ([84.39.48.88])

NOTE : Received : by zizsoft.com (Postfix, from userid 33)
NOTE : X-Php-Originating-Script : 0:wp-config.php
NOTE : Message-Id : < 20160701061216.E73852173F@zizsoft.com >
NOTE : Vous avez reçu (1) message

Phishing analysis :

CLICK : ACCÉDER À MES COMPTE
OPEN : http://www.cap911.com/classe
RESULT : Phishing was removed...

Lisez votre message! (Phishing Hello bank)

sur un seul site.

Votre actu des

Bonjours Cher(e) Client(e) ,

Un nouveau message est disponible sur votre messagerieo
Pour consulter, Veuiller cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello-Bankª

Ce courriel vous a été envoyé par un système automatique d'émission de messages. L'adresse d'émission n'est pas une adresse de courriel classique. Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Screenshot of the email :

Email analysis :

NOTE : servicehelloban@decathlon.fr
NOTE : www-data@decathlon.fr
NOTE : X-Php-Originating-Script : 0:noi.php
NOTE : Received : by decathlon.fr (Postfix, from userid 33)
NOTE : Received : from decathlon.fr ([139.59.145.95])

NOTE : Decathlon servers were used to relay this phishing.

Tyler Butler sent you "Scanned Documents.zip"

Tyler Butler a file with you on Dropbox

The updated agreement with BDO

Scanned Documents.zip

Download

© 2016 Dropbox

Screenshot of the email :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : americanexpress@welcome.aexp.com
NOTE : 14.174.35.53

NOTE : Received : from static.vnpt.vn (unknown [14.174.35.53])

File analysis :

CLICK : Download
OPEN :

https://www.cubbyusercontent.com/pl/Scanned+Documents.zip/_08fa4c28262f424b970037c786caf840

DOWNLOAD : Scanned Documents.zip
RESULT : Scanned Documents.zip is a virus.

Virus analysis :

FILENAME : Scanned Documents.zip
SHA256 : 27d79850e1bae0d14a689e1d019ef6217d805189b04e486e3d54ed8a363d3689

====================================
Ad-Aware : Trojan.GenericKD.3363605
AegisLab : Troj.Generickd!c
Arcabit : Trojan.Generic.D335315
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3363605
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AGS
Emsisoft : Trojan.GenericKD.3363605 (B)
F-Secure : Trojan.GenericKD.3363605
Fortinet : JS/Nemucod.1509!tr
GData : Trojan.GenericKD.3363605
Ikarus : Trojan.Script
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic
McAfee : JS/Nemucod.la
McAfee-GW-Edition : JS/Nemucod.la
eScan : Trojan.GenericKD.3363605
Microsoft : TrojanDownloader:JS/Nemucod.EW
Sophos : Troj/JSDldr-PH
====================================

Extraction of the zip : 3 files extracted.
Result : Scan001.js, Scan002.js, Scan003.js

File Scan001.js
File Scan002.js
File Scan003.js

CONGRATULATIONS!!! YOU HAVE WON NATIONAL LOTTERY

UK ONLINE NOTIFICATION DESK
BRITISH GOVERNMENT ACCREDITED LICENSED!
UK NATIONAL LOTTERY
REGISTERED UNDER THE DATA PROTECTION,
(Registration No. Z720633X).

UK NATIONAL LOTTERY
TOLPITS LANE, WATFORD, HERTS WD18 9RN,
UNITED KINGDOM

(Customer Service)
Tel: 44 (0) 192 342 5000

Ref: UK/9420X2/683
Batch: 074/05/ZY369

Dear Lucky Winner,

We happily announce to you the draw (#966) of the UK NATIONAL LOTTERY online Sweepstakes International program held on 20th June, 2016. Your e-mail address attached to ticket number : 96475645 188 with Serial number 5368/02, drew the lucky numbers: 30, 3, 5, 44, 14 and 22, bonus number: 10.

CONGRATULATIONS!!!!

Due to mix up of some numbers and names, we instruct you to keep your winning information confidential until your claims has been completely processed and your winning fund is being claimed. This is part of our security protocols to avoid double claiming and unwarranted abuse of this program by some participants. You have therefore been approved to claim a total sum of GBP1,000,000 (One Million Great British Pounds Sterling Only) cash prize,credited to a file No.: KTU/9023118308/16. This is from a total cash prize of GBP10,000,000(Ten Million Great British Pounds) shared among the first Ten(10) lucky winners in this category i.e. Match 5 plus bonus. All participants for the online version were selected randomly from World Wide Websites through our computer ballot draw system extracts from over 500,000 unions, associations and corporate bodies that are listed online.This promotion takes place weekly until the end of the year 2016. In order to redeem your prize, you are expected to present your winning details :(I)Winning Numbers, (ii)Ticket Number, (iv)The File Ref. Number to the agent for verification and confirmation together with the Serial Number.

CLAIM REQUIREMENTS:

1. FULL NAME:
2. DATE OF BIRTH:
3. SEX:
4. OCCUPATION:
5. CONTACT ADDRESS:
6. TELEPHONE NUMBER:

********************************************************
UK NATIONAL LOTTERY CLAIM MANAGER
Name: Mr. Andrew M. Fernandes
Email: nationalfiduciary_claimagent@consultant.com
Tel: 44 (0) 745 218 5251
Fiduciary Agent, UK National Lottery,
********************************************************

CONGRATULATIONS FROM THE MEMBERS AND STAFF OF UK NATIONAL LOTTERY.

Yours faithfully,
Mrs. Courtney Cervantes.
Online coordinator for UK NATIONAL LOTTERY Sweepstakes International Program
NATIONAL LOTTERY.

BELOW ARE THE SPONSORS OF THIS PROGRAM

Executives:

Dr. P. Swier (CEO), Mr. Gerald Goodman (Manager Foreign Operations), Mr. Franklyn Van Der Weijden (Manager Domestic Banking Operations), Dr. James Williams (Director International Credit Department), Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer). Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer).

Email analysis :

NOTE : uknationallotto@post.com
NOTE : uknationallotto@national-lottery.co.uk
NOTE : Received : (from vu2004@localhost)
NOTE : by hosting.datacenter.loc (8.13.8/8.13.8/Submit)
NOTE : 190.66.7.136

Partnership request...

Hello,

I want to come and establish in your country with some money but I need someone to partner with.

Could you please respond for more details?

Thanks.

Jewel.

Email analysis :

NOTE : jewelgoodness@outlook.com
NOTE : amsiwmmw@aol.com
NOTE : Received : from ADMIN-PC (unknown [108.163.240.14])

Good day

Dear Friend,Good day,i am contacting you in respect to my late husband's money ,Once i receive your positive response, i will give you more details.

Mrs Recheal Nana Essien

Email analysis :

NOTE : Good day
NOTE : mrsrnesien@live.fr
NOTE : recheal_essien@aol.com
NOTE : Received : from MICROTIQUE-PC (unknown [85.13.253.153])

NOTE : by mtaout-mbe01.mx.aol.com (MUA/Third Party Client Interface)