General

  • Target

    20161205_e6efa392712fe75ba2f4d68341a6a701.js

  • Size

    12KB

  • Sample

    211117-nxdswacdd5

  • MD5

    486080aee39682d5c32041351f49f90b

  • SHA1

    8692f7c1cbbaad11e1b00468e75cf1bae17fbd7a

  • SHA256

    0c2470ec5c4f4cf7bd8aa004cd97a48d92c41f6ec9fe6799f82a31723b5b1b33

  • SHA512

    3e02bc3b3cc141a680c05215be3c43236ef63dd9f3383fdda794a45bcf6da917775d354b7c66946783f23442bbd504fa6a734c6817ee0715f5465855db89a294

Malware Config

Targets

    • Target

      20161205_e6efa392712fe75ba2f4d68341a6a701.js

    • Size

      12KB

    • MD5

      486080aee39682d5c32041351f49f90b

    • SHA1

      8692f7c1cbbaad11e1b00468e75cf1bae17fbd7a

    • SHA256

      0c2470ec5c4f4cf7bd8aa004cd97a48d92c41f6ec9fe6799f82a31723b5b1b33

    • SHA512

      3e02bc3b3cc141a680c05215be3c43236ef63dd9f3383fdda794a45bcf6da917775d354b7c66946783f23442bbd504fa6a734c6817ee0715f5465855db89a294

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Impact

Defacement

1
T1491

Tasks