From: Theodora HamerThis analysis is based on a trusted source (thank you!). Attached is a ZIP file containing a malicious script, downloading from:
Date: 25 May 2016 at 12:17
Subject: Operational Expense
Operational Expense of 7,350,80 USD has been credited from your account. For more details please refer to the report that can be found down below
This drops what is apparently Locky ransomware, with a detection rate of 3/56. This phones home to:
18.104.22.168 (OVH, France)
22.214.171.124 (Digital Ocean, US)
This Hybrid Analysis shows the Locky ransomware in action.