Tuesday, November 28, 2017

Anko Ship / export inquiry (Virus)

Dear sir/Madam

Thank you for doing business with us in the past. My name is Tonia and i am representing Anko Ship & Export. Please find attached our updated company profile with required technical details and contract terms for attached inquiry.

Please review the contract and also quote your best quote and payment terms.

Thanks and kind regards.

Mrs Tonia

Anko inquiry 1511855105.jar
ANKO DOC.rar

File analysis (Virus) :

Anko inquiry 1511855105.jar

Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak

ANKO DOC.rar :

Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
Sophos AV : Mal/DrodZp-A

Email analysis :

NOTE : import@bondagency.com
NOTE : User-Agent : Roundcube Webmail/1.2.7
NOTE : Received : from pleskbusinessweb.if1.housing.ehiweb.it
NOTE : (pleskbusinessweb.if2.housing.ehiweb.it [79.98.45.57])

In accordance to my religious persuasion

Hello my dear,

In accordance to my religious persuasion, I felt expedient to write and inform you on the wicked conspiracy hatched by the duo of (Mr.Anthony and Mr. Hassan ) from Ministry Of Finance to divert your funds to their designated account in Cayman Island but unfortunately, they begin to find it difficult to divert the funds due to their inability to provide an adequate identity of the funds, they now moved the funds down to Africa and hide it in a security company in other to buy time to enable them embezzle the funds at their own convenient time, but God stopped them.

From my position as a lowly clerk in this office, Miami Finance Department (444 SW 2nd Ave, Miami, FL 33130, USA), I discovered that the duo criminals moved the fund from United States to China, and then moved it again to Banco Italiano in ITALY. Yesterday, I found out through the Central computer database that they are about to reroute the funds to a security company in Republique Du Benin where they will be able to maneuver the strict IMF money laundering regulatory orders. With this, I felt that it is important for me to alert you on this development. They are still using your name and contract/inheritance identification number as the beneficiary but they have changed the account co-ordinate and this is the reason why they are frustrating you by delaying the transfer of your funds to you, so in order to buy time pending on when they will transfer your funds to their designated account.

I have the reference number of the transaction and also I have the number of the official who is directly in charge at the SECURITY COMPANY. Your payment is supposed to go through the Euro-Asia Credit Control Financial Clearing Department before final Lodgement into the security company. All the data/information about your funds file are within my reach. I do not need gratification from you either in cash or kind. I can never be a part of evil because the bible said YE SHALL KNOW THE TRUTH AND THE TRUTH SHALL SET YOU FREE.

Please respect my discretion in this matter! I will send you the reference number, the name and contact information of the officials of the security company were they kept your funds in Republique Du Benin when I receive your response. I repeat, please do not expose my person, it is not easy to get employment around here and I cannot contend with these powerful individuals because they can eliminate me.

You are advice to reply me immediately at (mollyvariantofmary@aol.com) as I access this e-mail more often.

God bless you,
Molly Variant Of Mary

Email analysis :

NOTE : mollyvariantofmary@yahoo.com
NOTE : mollyvariantofmary@aol.com
NOTE : client-ip=74.6.130.125;

TR :Rappel (Tentative de Phishing Société Générale)

Phishing Société Générale

Email analysis :

NOTE : crommentuijn@home.nl
NOTE : Received : from [212.54.34.114] (helo=smtp6.mnd.mail.iss.as9143.net)
NOTE : by smtpq4.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
NOTE : (envelope-from < crommentuijn@home.nl >)
NOTE : X-Sourceip : 195.88.51.10

Phishing analysis :

CLICK : IMG
OPEN : http://flygplats.sjoboflyg.se/temp/
SCREENSHOT :

*@* - recibo de pago según lo acordado!

Hola.

Como habíamos conversado el día 21/11/2017 Se ha efectuado la transferencia a su cuenta sobre la anulación de la compra, Por favor verifique.

Nota: Usted puede imprimir el recibo Clicando Aquí

B&F - Abogados Asociados - CL

Email analysis :

NOTE : abogados82734.com@live.com
NOTE : root@live.com
NOTE : root@live.com does not designate 173.255.211.90 as permitted sender


Phishing analysis :

CLICK : Clicando Aquí
STUDY LINK : https://bit.do/dUvpv?*@*.com
REMOVE EMAIL : https://bit.do/dUvpv
ADD - : https://bit.do/dUvpv-
SCREENSHOT :


DOWNLOAD : http://inmisrad.org/Comprobante.zip
FILE : VIRUS

Virus :

Cyren : JS/Downldr.ES2!Eldorado
DrWeb : VBS.Psyme.126
ESET-NOD32 : JS/TrojanDownloader.Banload.RM
F-Prot : JS/Downldr.ES2!Eldorado
Ikarus : Win32.Outbreak
Kaspersky : HEUR:Trojan.Script.Agent.gen
NANO-Antivirus : Trojan.Script.Heuristic-js.iacgm
Qihoo-360 : virus.js.qexvmc.1080
Rising : Downloader.Banload!8.15B (TOPIS:acBkcffG9cJ)
Symantec : JS.Downloader!gen40
ZoneAlarm : HEUR:Trojan.Script.Agent.gen

Paste :

PASTE : https://pastebin.com/upZWkBFT