General

  • Target

    20161205_c7a9b42aed084c6015e3a51ca465871b.js

  • Size

    13KB

  • Sample

    211117-nnezkscbe5

  • MD5

    0b25736a16fcd565e231c2f5171659b7

  • SHA1

    a6cf56ec5e72e3a08afa7a85146bf144a0168005

  • SHA256

    c7f63ace7a572d2aa7d1c59fb429d701d9ef726c193814c195ccae9154a2c555

  • SHA512

    08ea748d632c8bb8b83de73ca538cca5b6cc9704b1fac749bcfde22df31cfbf4b6c7db9da4b908141de5cb559a7bfa3e95e98affe4725cbcf1d07ea487be6f62

Malware Config

Targets

    • Target

      20161205_c7a9b42aed084c6015e3a51ca465871b.js

    • Size

      13KB

    • MD5

      0b25736a16fcd565e231c2f5171659b7

    • SHA1

      a6cf56ec5e72e3a08afa7a85146bf144a0168005

    • SHA256

      c7f63ace7a572d2aa7d1c59fb429d701d9ef726c193814c195ccae9154a2c555

    • SHA512

      08ea748d632c8bb8b83de73ca538cca5b6cc9704b1fac749bcfde22df31cfbf4b6c7db9da4b908141de5cb559a7bfa3e95e98affe4725cbcf1d07ea487be6f62

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Impact

Defacement

1
T1491

Tasks