New Locky distribution sites - 28/06/2016 continue

*Email sample*

_Subject_: Updated

_Body_:

Dear [NAME],

Attached please find the documents you requested..


King regards
Kaitlin Walton
Financial Director - Multinational Group
Mon, 27 Jun 2016 20:16:52 -0200


In attachment a zip archive with a javascript file.

Javascript sample - MD5: 37897ae64a236238d7eaf00021b78849
VT: 4/55 - https://www.virustotal.com/it/file/e52bcee840a8e6270a25d6e9a93984409e29a9e84970f105e99960ce9d2910d7/analysis/

*Compromised domains (47)*:

933666.net/ 7q4e3lyp
addonworks.com/ ncwx0b
allchannel.net/ nk5jbh
aloprint.com/ f216w5
apotekroxy.com/ slc93v1
asliaypak.com/ 355ip
bani-shehr.org/ fzvog
cnn-generics.com/ k0m9wru
cond.gribochechki.ru/ 3sh2zhp
easysupport.us/ i62i9r
ecomuseedelau-dela.net/ w2mb4
empiredeckandfence.com/ x0xio
fitmag.org/ sts28g
fpg.com.my/ t5dsdw
fuji-mig.com/ drl01
futuretech-iq.net/ n9x1p2b4
handicraftmag.com/ sriu1n1f
hrlpk.com/ soaoxmo8
hudebiah.net/ ibmw1psh
hyip-all.com/ b42yt4a
iminlife.com/ ggu0m1s
infocuscreative.net/ i1paaw59
ingstroymash.ru/ al8z1
innatesynergy.com/ sjkxwu
innogenap.com/ tyob8uor
livecamstrippers.com/ 4y98s3ha
olgastudio.ro/ zw0g38
pakar.com.my/ waohxzq
passagegoldtravel.com/ ffi5dton
potolok-profit.ru/ maill2sw
pub-voiture.com/ hvik6d
racedayworld.com/ 86ks8fhf
sevvalsenturk.com/ 41l8xj
srilaktours.com/ 3sh2zhp
subang.go.id/ ui64jy0
summasolution.net/ t12u2h
systemalu.com/ he9g1
techproconsult.com/ m2q3u
titaniumequities.com/ t44df6bl
totalsportnetwork.com/ niohzxc
u-flats.com/ 3q55hs7c
vantagenetsvc.com/ bbeleqj9
vinabuhmwoo.com/ 9w9pgdi
wbksis.com/ 5r167if
webcam-newzealand.info/ 7ikowb
williamsbreak.com/ vvekuwj
yourworshipspace.com/ aj33f

*Sampled downloaded and decoded*:

File Name: u9U6k2s20gNVR.exe
MD5: 24729418d1cc26644c2aac3144946857
VT 15/56 - https://www.virustotal.com/it/file/927045894644c63d2df702ca6121fd6d3464fd5efd661d91726d6e3e662e9a49/analysis/