General

  • Target

    20161205_9ce2d7bf1b9cf61897a960de3e0481d0.js

  • Size

    13KB

  • Sample

    211117-n2dzfaced2

  • MD5

    558d1d1e23ddd0847e8a5f2d5ed4f930

  • SHA1

    9c59224dff0787058da1a8b2c1c6182a1a6dd9d5

  • SHA256

    fad379ba7f9d1b7e2d8efd4f92e622e386e56e4a05499d4a0c80e05072a5d355

  • SHA512

    ad98ec378d4ae717dc93e94fbc672907345e78e85e1d1a0fa3677a517362a6e61ba1322c0a35743ab93d00e4a7968ef603c854e721365a62e9f08b8ad3fc1beb

Malware Config

Targets

    • Target

      20161205_9ce2d7bf1b9cf61897a960de3e0481d0.js

    • Size

      13KB

    • MD5

      558d1d1e23ddd0847e8a5f2d5ed4f930

    • SHA1

      9c59224dff0787058da1a8b2c1c6182a1a6dd9d5

    • SHA256

      fad379ba7f9d1b7e2d8efd4f92e622e386e56e4a05499d4a0c80e05072a5d355

    • SHA512

      ad98ec378d4ae717dc93e94fbc672907345e78e85e1d1a0fa3677a517362a6e61ba1322c0a35743ab93d00e4a7968ef603c854e721365a62e9f08b8ad3fc1beb

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks