20210208_PHISHING_SCAM_1

1. Attaches a file called: voicemail.zip that packs a punch:
2. https://www.virustotal.com/gui/file/0fb82d5e1c01fa65b116b115a33854cc0e974099fd8eda6e36ab5bce8ed464ae/detection
3.  
4. IP Information:
5. https://www.abuseipdb.com/report?ip=66.96.206.232
6.  
7. MALWARE E-MAIL CONTENT:
8.  
9. This letter is from a trusted source [email protected]
10.  
11.  
12.  
13. You have a voicemail from 1 of your contact
14.  
15.  
16.  
17. voicemail will be deleted after 02-12-2021.
18. This letter with ID: 9e12C8 was sent from a Rackspace Representative .
19.  
20. Rahul Sutar
21.  
22.  
23.  
24.  
25. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
26. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
27. id 15.0.1497.2 via Mailbox Transport; Mon, 8 Feb 2021 11:13:07 -0600
28. Received: from MBX07C-ORD1.mex08.mlsrvr.com (172.29.9.29) by
29. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
30. id 15.0.1497.2; Mon, 8 Feb 2021 11:13:06 -0600
31. Received: from gate.forward.smtp.iad3a.emailsrvr.com (204.232.172.40) by
32. MBX07C-ORD1.mex08.mlsrvr.com (172.29.9.29) with Microsoft SMTP Server (TLS)
33. id 15.0.1497.2 via Frontend Transport; Mon, 8 Feb 2021 11:13:06 -0600
34. Return-Path: <[email protected]>
35. X-Spam-Threshold: 95
36. X-Spam-Score: 0
37. X-Spam-Flag: NO
38. Authentication-Results: smtp9.gate.iad3a.rsapps.net x-tls.subject="/C=SG/ST=SG/L=Singapore/O=Product Development Solution Pte Ltd/OU=SG/CN=mail.pdsol.com"; auth=fail (cipher=AES256-GCM-SHA384)
39. X-Virus-Scanned: OK
40. X-Orig-To:
41. X-Originating-Ip: [66.96.206.232]
42. Authentication-Results: smtp9.gate.iad3a.rsapps.net; iprev=pass policy.iprev="66.96.206.232"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mail.pdsol.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=pdsol.com
43. X-Suspicious-Flag: NO
44. X-Classification-ID: e79fbbb2-6a30-11eb-9503-52540097fc8c-1-1
45. Received: from [66.96.206.232] ([66.96.206.232:25238] helo=mail.pdsol.com)
46. by smtp9.gate.iad3a.rsapps.net (envelope-from <[email protected]>)
47. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=AES256-GCM-SHA384
48. subject="/C=SG/ST=SG/L=Singapore/O=Product Development Solution Pte Ltd/OU=SG/CN=mail.pdsol.com")
49. id 90/C2-04210-12171206; Mon, 08 Feb 2021 12:13:06 -0500
50. Received: from PDSSGSINEX001.pds.local (192.168.0.27) by
51. PDSSGSINEX001.pds.local (192.168.0.27) with Microsoft SMTP Server
52. (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
53. 15.1.2106.2; Tue, 9 Feb 2021 01:13:00 +0800
54. Received: from PDSSGSINEX001.pds.local ([::1]) by PDSSGSINEX001.pds.local
55. ([::1]) with mapi id 15.01.2106.002; Tue, 9 Feb 2021 01:12:59 +0800
56. From: Rahul Sutar <[email protected]>
57. To: "[email protected]" <[email protected]>
58. Subject: 1 Voicemail Recieved
59. Thread-Topic: 1 Voicemail Recieved
60. Thread-Index: AQHW/j2b7UryMbavIk6AcOonWhjYnQ==
61. Date: Mon, 8 Feb 2021 17:12:41 +0000
62. Message-ID: <[email protected]>
63. Accept-Language: en-US, en-SG
64. Content-Language: en-US
65. X-MS-Has-Attach: yes
66. X-MS-TNEF-Correlator:
67. MIME-Version: 1.0
68. X-MS-Exchange-Organization-Network-Message-Id: 2e76602e-ac21-403c-d48e-08d8cc54cd79
69. X-MS-Exchange-Organization-AuthSource: MBX07C-ORD1.mex08.mlsrvr.com
70. X-MS-Exchange-Organization-AuthAs: Anonymous
71. Content-type: multipart/mixed;
72. boundary="B_3695637674_1891044706"
73.  
74. > This message is in MIME format. Since your mail reader does not understand
75. this format, some or all of this message may not be legible.
76.  
77. --B_3695637674_1891044706
78. Content-type: multipart/alternative;
79. boundary="B_3695637674_1781793316"
80.  
81.  
82. --B_3695637674_1781793316
83. Content-type: text/plain;
84. charset="UTF-8"
85. Content-transfer-encoding: 7bit