2017-10-24 - PHISHING EMAIL, SUBJECT: BAHL INTERNET BANKING - UPDATE

ASSOCIATED FILES:

  • 2017-10-24-banking-phish-traffic.pcap   (81,615 bytes)
  • 2017-10-24-phishing-email-0651-UTC.eml   (3,999 bytes)
  • bankalhabib.zip   (1,690,437 bytes)

 

PHISHTANK LINKS FOR THE ASSOCIATED URLS:

 

EMAIL


Shown above:  Screenshot from the email.

 

EMAIL INFO:

 

TRAFFIC


Shown above:  Traffic filtered in Wireshark.

 


Shown above:  Traffic filtered in Fiddler.

 

ASSOCIATED TRAFFIC:

 

FILE HASHES

PHISHING KIT:

 

IMAGES


Shown above:  Screenshot of the fake banking page.

 


Shown above:  Fake banking page asks for further info.

 


Shown above:  Open directory where I found the phishing kit.

 


Shown above:  Email addresses the captured credentials are sent to.

 

FINAL NOTES

Once again, here are the associated files:

Zip and saz files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.