locky | cfc9a840db2ea814739f220bdaa2edc18f2fdcb350a40646bdc144ea7b559b9f | Triage

Submit
Reports

Overview

overview

Static

static

20161205_e...115.js

windows7_x64

20161205_e...115.js

windows10_x64

Sharing

General

Target

20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js
Size

13KB
Sample

211117-nqnz9shbgj
MD5

cf7844b89cfa63d28152f4706ab1fc74
SHA1

ce46ff282bfe3162aec806b92672e0299aa09588
SHA256

cfc9a840db2ea814739f220bdaa2edc18f2fdcb350a40646bdc144ea7b559b9f
SHA512

58672ec8b6440321d4394e838e911927e2c03217a6ff39357f4c85d3428aef0ed4868e4848d6db3fc27d196d553aaee836a961f76ab4e669f9453e81f631b469

Score

10^/10

locky locky_osiris ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js

Resource

win7-en-20211104

locky locky_osiris ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_e4a80fe1dcf0f7e3a9cb5ebfd027c115.js
- Size
  
  13KB
- MD5
  
  cf7844b89cfa63d28152f4706ab1fc74
- SHA1
  
  ce46ff282bfe3162aec806b92672e0299aa09588
- SHA256
  
  cfc9a840db2ea814739f220bdaa2edc18f2fdcb350a40646bdc144ea7b559b9f
- SHA512
  
  58672ec8b6440321d4394e838e911927e2c03217a6ff39357f4c85d3428aef0ed4868e4848d6db3fc27d196d553aaee836a961f76ab4e669f9453e81f631b469
Score

10^/10

locky locky_osiris ransomware suricata
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomwaresuricata

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy