General

  • Target

    20161205_100008bbc736af07046b2402686345ab.js

  • Size

    12KB

  • Sample

    211117-nsdmbahcbn

  • MD5

    b58572a8058a0b867d43ebfa00f357df

  • SHA1

    4d6e8ac1afee83f07c60e18aff413778b5a9ee40

  • SHA256

    8a1d1c5e75724f1ddc46071f3bb38d6ddd9713adfd0b5bf05df4598f410a1331

  • SHA512

    a3e2e4bf1da37a26db6ea8263f7604f52387f5841f50a8a8f6e950932dff664443f0b24de204d9040d89ff76b65e906de03b40ef99307fb324afc163c1aae195

Malware Config

Targets

    • Target

      20161205_100008bbc736af07046b2402686345ab.js

    • Size

      12KB

    • MD5

      b58572a8058a0b867d43ebfa00f357df

    • SHA1

      4d6e8ac1afee83f07c60e18aff413778b5a9ee40

    • SHA256

      8a1d1c5e75724f1ddc46071f3bb38d6ddd9713adfd0b5bf05df4598f410a1331

    • SHA512

      a3e2e4bf1da37a26db6ea8263f7604f52387f5841f50a8a8f6e950932dff664443f0b24de204d9040d89ff76b65e906de03b40ef99307fb324afc163c1aae195

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

      suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Impact

Defacement

1
T1491

Tasks