Lisez votre message! (Phishing Hello bank)

sur un seul site.

Votre actu des

Bonjours Cher(e) Client(e) ,

Un nouveau message est disponible sur votre messagerieo
Pour consulter, Veuiller cliquez sur le lien ce-dessous :

Accèdez à votre boite

Nous vous remercions de votre confiance.
Hello-Bankª

Ce courriel vous a été envoyé par un système automatique d'émission de messages. L'adresse d'émission n'est pas une adresse de courriel classique. Si vous écrivez à cette adresse, votre message ne sera pas pris en compte

Screenshot of the email :

Email analysis :

NOTE : servicehelloban@decathlon.fr
NOTE : www-data@decathlon.fr
NOTE : X-Php-Originating-Script : 0:noi.php
NOTE : Received : by decathlon.fr (Postfix, from userid 33)
NOTE : Received : from decathlon.fr ([139.59.145.95])

NOTE : Decathlon servers were used to relay this phishing.

Tyler Butler sent you "Scanned Documents.zip"

Tyler Butler a file with you on Dropbox

The updated agreement with BDO

Scanned Documents.zip

Download

© 2016 Dropbox

Screenshot of the email :

Email analysis :

NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : americanexpress@welcome.aexp.com
NOTE : 14.174.35.53

NOTE : Received : from static.vnpt.vn (unknown [14.174.35.53])

File analysis :

CLICK : Download
OPEN :

https://www.cubbyusercontent.com/pl/Scanned+Documents.zip/_08fa4c28262f424b970037c786caf840

DOWNLOAD : Scanned Documents.zip
RESULT : Scanned Documents.zip is a virus.

Virus analysis :

FILENAME : Scanned Documents.zip
SHA256 : 27d79850e1bae0d14a689e1d019ef6217d805189b04e486e3d54ed8a363d3689

====================================
Ad-Aware : Trojan.GenericKD.3363605
AegisLab : Troj.Generickd!c
Arcabit : Trojan.Generic.D335315
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3363605
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AGS
Emsisoft : Trojan.GenericKD.3363605 (B)
F-Secure : Trojan.GenericKD.3363605
Fortinet : JS/Nemucod.1509!tr
GData : Trojan.GenericKD.3363605
Ikarus : Trojan.Script
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Trojan-Downloader.Script.Generic
McAfee : JS/Nemucod.la
McAfee-GW-Edition : JS/Nemucod.la
eScan : Trojan.GenericKD.3363605
Microsoft : TrojanDownloader:JS/Nemucod.EW
Sophos : Troj/JSDldr-PH
====================================

Extraction of the zip : 3 files extracted.
Result : Scan001.js, Scan002.js, Scan003.js

File Scan001.js
File Scan002.js
File Scan003.js

CONGRATULATIONS!!! YOU HAVE WON NATIONAL LOTTERY

UK ONLINE NOTIFICATION DESK
BRITISH GOVERNMENT ACCREDITED LICENSED!
UK NATIONAL LOTTERY
REGISTERED UNDER THE DATA PROTECTION,
(Registration No. Z720633X).

UK NATIONAL LOTTERY
TOLPITS LANE, WATFORD, HERTS WD18 9RN,
UNITED KINGDOM

(Customer Service)
Tel: 44 (0) 192 342 5000

Ref: UK/9420X2/683
Batch: 074/05/ZY369

Dear Lucky Winner,

We happily announce to you the draw (#966) of the UK NATIONAL LOTTERY online Sweepstakes International program held on 20th June, 2016. Your e-mail address attached to ticket number : 96475645 188 with Serial number 5368/02, drew the lucky numbers: 30, 3, 5, 44, 14 and 22, bonus number: 10.

CONGRATULATIONS!!!!

Due to mix up of some numbers and names, we instruct you to keep your winning information confidential until your claims has been completely processed and your winning fund is being claimed. This is part of our security protocols to avoid double claiming and unwarranted abuse of this program by some participants. You have therefore been approved to claim a total sum of GBP1,000,000 (One Million Great British Pounds Sterling Only) cash prize,credited to a file No.: KTU/9023118308/16. This is from a total cash prize of GBP10,000,000(Ten Million Great British Pounds) shared among the first Ten(10) lucky winners in this category i.e. Match 5 plus bonus. All participants for the online version were selected randomly from World Wide Websites through our computer ballot draw system extracts from over 500,000 unions, associations and corporate bodies that are listed online.This promotion takes place weekly until the end of the year 2016. In order to redeem your prize, you are expected to present your winning details :(I)Winning Numbers, (ii)Ticket Number, (iv)The File Ref. Number to the agent for verification and confirmation together with the Serial Number.

CLAIM REQUIREMENTS:

1. FULL NAME:
2. DATE OF BIRTH:
3. SEX:
4. OCCUPATION:
5. CONTACT ADDRESS:
6. TELEPHONE NUMBER:

********************************************************
UK NATIONAL LOTTERY CLAIM MANAGER
Name: Mr. Andrew M. Fernandes
Email: nationalfiduciary_claimagent@consultant.com
Tel: 44 (0) 745 218 5251
Fiduciary Agent, UK National Lottery,
********************************************************

CONGRATULATIONS FROM THE MEMBERS AND STAFF OF UK NATIONAL LOTTERY.

Yours faithfully,
Mrs. Courtney Cervantes.
Online coordinator for UK NATIONAL LOTTERY Sweepstakes International Program
NATIONAL LOTTERY.

BELOW ARE THE SPONSORS OF THIS PROGRAM

Executives:

Dr. P. Swier (CEO), Mr. Gerald Goodman (Manager Foreign Operations), Mr. Franklyn Van Der Weijden (Manager Domestic Banking Operations), Dr. James Williams (Director International Credit Department), Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer). Mrs. Lonni K. Anderson (Legal Representative), Mrs. Lyudmyla Marchukova (Regional Manager), Mr. Stephen Boer (Chairman), Mr. Chris Moritz(International Relation Officer).

Email analysis :

NOTE : uknationallotto@post.com
NOTE : uknationallotto@national-lottery.co.uk
NOTE : Received : (from vu2004@localhost)
NOTE : by hosting.datacenter.loc (8.13.8/8.13.8/Submit)
NOTE : 190.66.7.136

Partnership request...

Hello,

I want to come and establish in your country with some money but I need someone to partner with.

Could you please respond for more details?

Thanks.

Jewel.

Email analysis :

NOTE : jewelgoodness@outlook.com
NOTE : amsiwmmw@aol.com
NOTE : Received : from ADMIN-PC (unknown [108.163.240.14])

Good day

Dear Friend,Good day,i am contacting you in respect to my late husband's money ,Once i receive your positive response, i will give you more details.

Mrs Recheal Nana Essien

Email analysis :

NOTE : Good day
NOTE : mrsrnesien@live.fr
NOTE : recheal_essien@aol.com
NOTE : Received : from MICROTIQUE-PC (unknown [85.13.253.153])

NOTE : by mtaout-mbe01.mx.aol.com (MUA/Third Party Client Interface)

Abu Dhabi Fund for Development (ADFD)

Dear Sir,

We are seeking the attention of investors, project owners and general business facilitators for possible collaboration through project development and the actualization of viable investment initiatives globally.

Abu Dhabi Fund for Development (ADFD) focuses on number of areas in which it has developed significant competitive advantage, including acquisitions, aerospace/aviation, telecommunication, technology, energy, industry, health care, infrastructure, real estate, hospitality and service ventures. Abu Dhabi Fund for Development (ADFD) is a catalyst for the economic diversification of Abu Dhabi; established and owned by the Government of Abu Dhabi, the organization's strategy is built on the management of Long-term, capital-intensive investments that deliver strong financial returns and tangible social benefits for the Emirate. ADFD brings together and manages a multi-billion dollar portfolio of the government of Abu Dhabi which we wish to re-invest in project financing and investments in viable ventures on a 2.5% interest rate loan per annum on long term investment projects that can generate up to 10% ROI within the period of the sanctioned loan.

We invite all interested project owners and investors - UAE or non- UAE to contact the undersigned for further information on procedures for consideration.

Kind regards,

Fares Mansour
Director for Global Investment Initiative
Abu Dhabi Fund for Development (ADFD)
Al Bahar Towers, King Abdullah bin Abdulaziz Al Saud Street
P .O. Box 814, Abu Dhabi, U.A.E

Email analysis :

NOTE : khalifamohammeduae@hotmail.com
NOTE : Received : from SNT148-W56 ([65.55.90.9])

NOTE : client-ip=65.55.90.29;
NOTE : Mime-Version : 1.0