General
-
Target
20161205_03476173ef9fdec7e5270dc7d87933f0.js
-
Size
13KB
-
Sample
211117-nms5tahbam
-
MD5
57198c88a70079fdecbdcdaf3fca251f
-
SHA1
f9eec46611e7eb0d78e550a22e1975a896314032
-
SHA256
b89fdbbe855d6491565249508472f2eff89733cf370f49725228a13ac2e69d61
-
SHA512
0374dfbb69762b749b45e19063cb7f2f6ed261f89160b333ab2f50710c965e5cdccee2cdb3ff4d22a2be079f8f6b5ae95b32fe442e1ebbc576c8bbe61abe4274
Static task
static1
Behavioral task
behavioral1
Sample
20161205_03476173ef9fdec7e5270dc7d87933f0.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
20161205_03476173ef9fdec7e5270dc7d87933f0.js
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
20161205_03476173ef9fdec7e5270dc7d87933f0.js
-
Size
13KB
-
MD5
57198c88a70079fdecbdcdaf3fca251f
-
SHA1
f9eec46611e7eb0d78e550a22e1975a896314032
-
SHA256
b89fdbbe855d6491565249508472f2eff89733cf370f49725228a13ac2e69d61
-
SHA512
0374dfbb69762b749b45e19063cb7f2f6ed261f89160b333ab2f50710c965e5cdccee2cdb3ff4d22a2be079f8f6b5ae95b32fe442e1ebbc576c8bbe61abe4274
Score10/10-
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
-
suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-