New WSF malware: Message from “CUKPR0669361” – Locky ransomware


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Message from “CUKPR0669361″”.

This email is send from the spoofed address in the format scanner@domainname_recipient and has the following body:

This E-mail was sent from “CUKPR0329001” (Aficio MP C305).

Scan Date: 17.11.2015 09:08:40 (+0000)
Queries to: <scanner@selexion.be

The attached file 201608120908.zip contains the file Untitled(356)-12082016.wsf. The WSF file is a Windows Script File.

The malware is detected by 6/53 AV engines at Virus Total. Hybrid-Analysis shows that the payload in the Locky ransomware.

One thought on “New WSF malware: Message from “CUKPR0669361” – Locky ransomware

  1. We received multiple emails identical to this. Our Barracuda missed it but thankfully our Watchguard firewall stripped out all the bad stuff and let us know.
    Thanks for the information.

Comments are closed.