General

  • Target

    20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js

  • Size

    13KB

  • Sample

    211117-nqnz9shbgj

  • MD5

    cf7844b89cfa63d28152f4706ab1fc74

  • SHA1

    ce46ff282bfe3162aec806b92672e0299aa09588

  • SHA256

    cfc9a840db2ea814739f220bdaa2edc18f2fdcb350a40646bdc144ea7b559b9f

  • SHA512

    58672ec8b6440321d4394e838e911927e2c03217a6ff39357f4c85d3428aef0ed4868e4848d6db3fc27d196d553aaee836a961f76ab4e669f9453e81f631b469

Malware Config

Targets

    • Target

      20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js

    • Size

      13KB

    • MD5

      cf7844b89cfa63d28152f4706ab1fc74

    • SHA1

      ce46ff282bfe3162aec806b92672e0299aa09588

    • SHA256

      cfc9a840db2ea814739f220bdaa2edc18f2fdcb350a40646bdc144ea7b559b9f

    • SHA512

      58672ec8b6440321d4394e838e911927e2c03217a6ff39357f4c85d3428aef0ed4868e4848d6db3fc27d196d553aaee836a961f76ab4e669f9453e81f631b469

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

      suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Impact

Defacement

1
T1491

Tasks