locky | d6c8847eda04815d8be74d3bc462de2c08c653fe712639edc5144eb523cc205f | Triage

Submit
Reports

Overview

overview

Static

static

20161205_a...f8f.js

windows7_x64

20161205_a...f8f.js

windows10_x64

Sharing

General

Target

20161205_a38d222d87d068cd555bef1566154f8f.js
Size

13KB
Sample

211117-ntjjysccg3
MD5

c93c2a9784dcf7765664e55657062f2d
SHA1

066aed6450e5b774944fa730bcb76d79ce36f993
SHA256

d6c8847eda04815d8be74d3bc462de2c08c653fe712639edc5144eb523cc205f
SHA512

b26c93fd6524cb50e575d0cfb8ab7a0957dac214f28b2949cb312b45d1de0591d1e160c75b54337c668ef0209b64b4bb2bc1620013032342d42ccfc79b55f501

Score

10^/10

locky locky_osiris ransomware

Static task

static1

Behavioral task

behavioral1

Sample

20161205_a38d222d87d068cd555bef1566154f8f.js

Resource

win7-en-20211104

locky locky_osiris ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_a38d222d87d068cd555bef1566154f8f.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_a38d222d87d068cd555bef1566154f8f.js
- Size
  
  13KB
- MD5
  
  c93c2a9784dcf7765664e55657062f2d
- SHA1
  
  066aed6450e5b774944fa730bcb76d79ce36f993
- SHA256
  
  d6c8847eda04815d8be74d3bc462de2c08c653fe712639edc5144eb523cc205f
- SHA512
  
  b26c93fd6524cb50e575d0cfb8ab7a0957dac214f28b2949cb312b45d1de0591d1e160c75b54337c668ef0209b64b4bb2bc1620013032342d42ccfc79b55f501
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy