locky | c4370948896e4b1d2fded7d0a85127f5c2e1564e41ecbc47c810ae76b1473ac4 | Triage

Submit
Reports

Overview

overview

Static

static

20161205_3...bbf.js

windows7_x64

20161205_3...bbf.js

windows10_x64

Sharing

General

Target

20161205_3f1d7664595d2ff885b9fa3bf8a96bbf.js
Size

13KB
Sample

211117-nyj2aahdcq
MD5

181a0ef665583fb02134e9effa90f86f
SHA1

815bd5e80fb2ba833514548c70a5e35014a993b1
SHA256

c4370948896e4b1d2fded7d0a85127f5c2e1564e41ecbc47c810ae76b1473ac4
SHA512

650b1f77700ea60e0c8bfca25b364a35722a1f6b26ed2358d553adb0ae100ececffb11fa1af873ecf2318e3002e115fb2ce5d7b98f5e16c6428baae18e2d0a10

Score

10^/10

locky locky_osiris ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

20161205_3f1d7664595d2ff885b9fa3bf8a96bbf.js

Resource

win7-en-20211104

locky locky_osiris ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_3f1d7664595d2ff885b9fa3bf8a96bbf.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_3f1d7664595d2ff885b9fa3bf8a96bbf.js
- Size
  
  13KB
- MD5
  
  181a0ef665583fb02134e9effa90f86f
- SHA1
  
  815bd5e80fb2ba833514548c70a5e35014a993b1
- SHA256
  
  c4370948896e4b1d2fded7d0a85127f5c2e1564e41ecbc47c810ae76b1473ac4
- SHA512
  
  650b1f77700ea60e0c8bfca25b364a35722a1f6b26ed2358d553adb0ae100ececffb11fa1af873ecf2318e3002e115fb2ce5d7b98f5e16c6428baae18e2d0a10
Score

10^/10

locky locky_osiris ransomware suricata
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomwaresuricata

behavioral2

lockylocky_osirisransomware

© 2018-2025

Terms | Privacy