New Javascript malware: Unpaid Invoice #xxxxxx

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “”Unpaid Invoice #xxxxxx”

This email is send from various spoofed addresses and has the following body:

Dear Valued Customer,

Please make sure you send payment for your parcel to avoid any inconvenience. Open the attached file to review the confirmation listing.


Elena Mullen
Sales Manager

The attached file contains the 8 large file letter.078656871.js.

The malware is detected as JS/Locky.C!Camelot by 1 of the 54 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 9876370d2f4ffb51cebb719ac1fe8ef69d6eaec732c0523fa3cb24810aad2f0b