General

  • Target

    20161205_a38d222d87d068cd555bef1566154f8f.js

  • Size

    13KB

  • Sample

    211117-ntjjysccg3

  • MD5

    c93c2a9784dcf7765664e55657062f2d

  • SHA1

    066aed6450e5b774944fa730bcb76d79ce36f993

  • SHA256

    d6c8847eda04815d8be74d3bc462de2c08c653fe712639edc5144eb523cc205f

  • SHA512

    b26c93fd6524cb50e575d0cfb8ab7a0957dac214f28b2949cb312b45d1de0591d1e160c75b54337c668ef0209b64b4bb2bc1620013032342d42ccfc79b55f501

Malware Config

Targets

    • Target

      20161205_a38d222d87d068cd555bef1566154f8f.js

    • Size

      13KB

    • MD5

      c93c2a9784dcf7765664e55657062f2d

    • SHA1

      066aed6450e5b774944fa730bcb76d79ce36f993

    • SHA256

      d6c8847eda04815d8be74d3bc462de2c08c653fe712639edc5144eb523cc205f

    • SHA512

      b26c93fd6524cb50e575d0cfb8ab7a0957dac214f28b2949cb312b45d1de0591d1e160c75b54337c668ef0209b64b4bb2bc1620013032342d42ccfc79b55f501

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Impact

Defacement

1
T1491

Tasks