General

  • Target

    20161205_0a3057963564d1fbe7c4c961ad8c2816.js

  • Size

    13KB

  • Sample

    211117-nn7dtshbdm

  • MD5

    874e785cda72eb99593ce097ab739b71

  • SHA1

    a8b8d3ed05173b8a33d3f03d525ea440e593848c

  • SHA256

    10fc625dc1859a1f88b9cae2aae55e4268c027a65eff039d0266e855c75b6ca5

  • SHA512

    c984bfc1dc0ea684c466530bba8d8a83ad61da413e23cd6f2bd98301b5560c5f5acc6d7ced6c5035fd9954239a7a3ab8284120d8c07d568bb579eb454f398cab

Malware Config

Targets

    • Target

      20161205_0a3057963564d1fbe7c4c961ad8c2816.js

    • Size

      13KB

    • MD5

      874e785cda72eb99593ce097ab739b71

    • SHA1

      a8b8d3ed05173b8a33d3f03d525ea440e593848c

    • SHA256

      10fc625dc1859a1f88b9cae2aae55e4268c027a65eff039d0266e855c75b6ca5

    • SHA512

      c984bfc1dc0ea684c466530bba8d8a83ad61da413e23cd6f2bd98301b5560c5f5acc6d7ced6c5035fd9954239a7a3ab8284120d8c07d568bb579eb454f398cab

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

      suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Impact

Defacement

1
T1491

Tasks