New malware in email “Corrected report”

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Corrected report”.

This email is send from the spoofed addresses and has the following body:

Dear secretaris,

Please review the attached corrected annual report.

Yours faithfully
Isabel Alston

The attached file contains the file annual report -AED86089-.wsf which is a Windows Script File. the file will start with the name annual report followed by a mix of letters and numbers. This file may download Locky ransmware from one of the following locations. – hash

The malware is detected by 3/54 AV engines at Virus Total and the analysis is available on Malwr.

The downloaded binary, in our case named bg58a, but filename will change all the time, will try to contact: