Overview

overview

10

Static

static

20161205_9...694.js

windows7_x64

10

20161205_9...694.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20161205_94392b41886882eae567704071328694.js

  • Size

    12KB

  • Sample

    211117-nmst2scbd4

  • MD5

    606a681823a1378212c3eb66e9f4b2f0

  • SHA1

    7f60d8ad61224419a77e43626c81f5c7c2510533

  • SHA256

    8758f8414e002568ca5872b1677f26a238ef8dd7e10840c9b23b296c86ff9f13

  • SHA512

    d4366b90d827fa32f1dd5454a0bc6d4776073867bfbbf4c5ae9cb94bac1a328823b62691361d324e941d7b9a73aa9e65f538878fd7ab8a325d15e50e7769d1a5

Score
10/10
lockylocky_osirisransomware

Malware Config

Targets

    • Target

      20161205_94392b41886882eae567704071328694.js

    • Size

      12KB

    • MD5

      606a681823a1378212c3eb66e9f4b2f0

    • SHA1

      7f60d8ad61224419a77e43626c81f5c7c2510533

    • SHA256

      8758f8414e002568ca5872b1677f26a238ef8dd7e10840c9b23b296c86ff9f13

    • SHA512

      d4366b90d827fa32f1dd5454a0bc6d4776073867bfbbf4c5ae9cb94bac1a328823b62691361d324e941d7b9a73aa9e65f538878fd7ab8a325d15e50e7769d1a5

    Score
    10/10
    lockylocky_osirisransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

      ransomwarelocky_osiris

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks