20210204_PHISHING_SCAM_1

1. This malware laced e-mail contains a file called Video.zip:
2. https://www.virustotal.com/gui/file/4a4af0c317db9027a4461ea42fbd799d53f1330c572bd69518bc45e77b7fde1d/detection
3.  
4. Watch the attached video of your so called friend saying horrible things about you. After this you should mind who you trust and what you say around people.
5.  
6. if you want more details dont hesitate to write me . take heart.
7.  
8. you can call me Henry.
9.  
10.  
11.  
12.  
13.  
14.  
15. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
16. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
17. id 15.0.1497.2 via Mailbox Transport; Thu, 4 Feb 2021 11:18:22 -0600
18. Received: from MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) by
19. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
20. id 15.0.1497.2; Thu, 4 Feb 2021 11:18:22 -0600
21. Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by
22. MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) with Microsoft SMTP Server (TLS)
23. id 15.0.1497.2 via Frontend Transport; Thu, 4 Feb 2021 11:18:22 -0600
24. Return-Path: <[email protected]>
25. X-Spam-Threshold: 95
26. X-Spam-Score: 0
27. X-Spam-Flag: NO
28. X-Virus-Scanned: OK
29. X-Orig-To:
30. X-Originating-Ip: [207.194.236.18]
31. Authentication-Results: smtp18.gate.ord1c.rsapps.net; iprev=pass policy.iprev="207.194.236.18"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mail.mottelectric.com"; dkim=none (message not signed) header.d=none; dmarc=pass (p=none; dis=none) header.from=mottelectric.com
32. X-Suspicious-Flag: NO
33. X-Classification-ID: fb469658-670c-11eb-aef7-bc305bf00c68-1-1
34. Received: from [207.194.236.18] ([207.194.236.18:4485] helo=mail.mottelectric.com)
35. by smtp18.gate.ord1c.rsapps.net (envelope-from <[email protected]>)
36. (ecelerity 4.2.38.62370 r(:)) with ESMTP
37. id F8/F4-12733-D5C2C106; Thu, 04 Feb 2021 12:18:22 -0500
38. Received: from MOTTMAIL03.mott.local (192.168.0.77) by MOTTMAIL03.mott.local
39. (192.168.0.77) with Microsoft SMTP Server (version=TLS1_2,
40. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.529.5; Thu, 4 Feb 2021
41. 09:18:20 -0800
42. Received: from MOTTMAIL03.mott.local ([fe80::acc7:9f5d:e56f:c535]) by
43. MOTTMAIL03.mott.local ([fe80::acc7:9f5d:e56f:c535%11]) with mapi id
44. 15.02.0529.008; Thu, 4 Feb 2021 09:18:20 -0800
45. From: Henry Siemens <[email protected]>
46. To: "[email protected]" <[email protected]>
47. Subject: video
48. Thread-Topic: video
49. Thread-Index: AQHW+xin1M/OXJY8nEa1jidfGudiRQ==
50. Date: Thu, 4 Feb 2021 17:10:35 +0000
51. Message-ID: <[email protected]>
52. Accept-Language: en-US, en-CA
53. Content-Language: en-US
54. X-MS-Has-Attach: yes
55. X-MS-TNEF-Correlator:
56. MIME-Version: 1.0
57. X-MS-Exchange-Organization-Network-Message-Id: fff99643-fb7f-4296-28ea-08d8c930dfe2
58. X-MS-Exchange-Organization-AuthSource: MBX03C-ORD1.mex08.mlsrvr.com
59. X-MS-Exchange-Organization-AuthAs: Anonymous
60. Content-type: multipart/mixed;
61. boundary="B_3695447588_803671167"
62.  
63. > This message is in MIME format. Since your mail reader does not understand
64. this format, some or all of this message may not be legible.
65.  
66. --B_3695447588_803671167
67. Content-type: multipart/alternative;
68. boundary="B_3695447588_843012626"
69.  
70.  
71. --B_3695447588_843012626
72. Content-type: text/plain;
73. charset="UTF-8"
74. Content-transfer-encoding: 7bit