locky | a53f9d5213aea33f49e7f679fb5c436da2890430c0c3a4611638d3a64154784d | Triage

Submit
Reports

Overview

overview

Static

static

20161205_6...632.js

windows7_x64

20161205_6...632.js

windows10_x64

Sharing

General

Target

20161205_68bb06732c39ba6463f32b8bcca60632.js
Size

13KB
Sample

211117-nwbxwscdc2
MD5

a8c790a74fc4e6393c2e313850ade203
SHA1

bf379612245b298ed742fbbf3634f8557781f098
SHA256

a53f9d5213aea33f49e7f679fb5c436da2890430c0c3a4611638d3a64154784d
SHA512

f1de9ab8c9b39643c8c66602a9de6185ff3dc1ebbe4bdfd9b5678f5e8f3cac43ae57c5a51cf55bf7357eda28bb04dacead7f7222077917eade83f1a40690add5

Score

10^/10

locky locky_osiris ransomware

Static task

static1

Behavioral task

behavioral1

Sample

20161205_68bb06732c39ba6463f32b8bcca60632.js

Resource

win7-en-20211104

locky locky_osiris ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_68bb06732c39ba6463f32b8bcca60632.js

Resource

win10-en-20211014

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_68bb06732c39ba6463f32b8bcca60632.js
- Size
  
  13KB
- MD5
  
  a8c790a74fc4e6393c2e313850ade203
- SHA1
  
  bf379612245b298ed742fbbf3634f8557781f098
- SHA256
  
  a53f9d5213aea33f49e7f679fb5c436da2890430c0c3a4611638d3a64154784d
- SHA512
  
  f1de9ab8c9b39643c8c66602a9de6185ff3dc1ebbe4bdfd9b5678f5e8f3cac43ae57c5a51cf55bf7357eda28bb04dacead7f7222077917eade83f1a40690add5
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy