Overview

overview

10

Static

static

20161205_e...701.js

windows7_x64

10

20161205_e...701.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20161205_e6efa392712fe75ba2f4d68341a6a701.js

  • Size

    12KB

  • Sample

    211117-nxdswacdd5

  • MD5

    486080aee39682d5c32041351f49f90b

  • SHA1

    8692f7c1cbbaad11e1b00468e75cf1bae17fbd7a

  • SHA256

    0c2470ec5c4f4cf7bd8aa004cd97a48d92c41f6ec9fe6799f82a31723b5b1b33

  • SHA512

    3e02bc3b3cc141a680c05215be3c43236ef63dd9f3383fdda794a45bcf6da917775d354b7c66946783f23442bbd504fa6a734c6817ee0715f5465855db89a294

Score
10/10
lockylocky_osirisransomware

Malware Config

Targets

    • Target

      20161205_e6efa392712fe75ba2f4d68341a6a701.js

    • Size

      12KB

    • MD5

      486080aee39682d5c32041351f49f90b

    • SHA1

      8692f7c1cbbaad11e1b00468e75cf1bae17fbd7a

    • SHA256

      0c2470ec5c4f4cf7bd8aa004cd97a48d92c41f6ec9fe6799f82a31723b5b1b33

    • SHA512

      3e02bc3b3cc141a680c05215be3c43236ef63dd9f3383fdda794a45bcf6da917775d354b7c66946783f23442bbd504fa6a734c6817ee0715f5465855db89a294

    Score
    10/10
    lockylocky_osirisransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

      ransomwarelocky_osiris

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks