locky | 44fec9388c02bdfb1773aa095b8c3a084526c38d012c7650a5796cd3fca9687e | Triage

Submit
Reports

Overview

overview

Static

static

20161205_3...e9b.js

windows7_x64

20161205_3...e9b.js

windows10_x64

Sharing

General

Target

20161205_3030a6970348cbb57d00e985c8437e9b.js
Size

13KB
Sample

211118-ra2g7sgdf7
MD5

5c7c2fb5b45e4534e3a777fa8c7d2b45
SHA1

69172e14243d51c1ee3509a4b2dcbd585ac1a235
SHA256

44fec9388c02bdfb1773aa095b8c3a084526c38d012c7650a5796cd3fca9687e
SHA512

4d074cd7c859aa4b299b14834e938ed63aaea0f5680f2956587949df7eb64df97d3f249334df79bd23a0a7a83247b54b26294a270106cce75c949500be44b543

Score

10^/10

locky locky_osiris ransomware

Static task

static1

Behavioral task

behavioral1

Sample

20161205_3030a6970348cbb57d00e985c8437e9b.js

Resource

win7-en-20211104

locky locky_osiris ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_3030a6970348cbb57d00e985c8437e9b.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_3030a6970348cbb57d00e985c8437e9b.js
- Size
  
  13KB
- MD5
  
  5c7c2fb5b45e4534e3a777fa8c7d2b45
- SHA1
  
  69172e14243d51c1ee3509a4b2dcbd585ac1a235
- SHA256
  
  44fec9388c02bdfb1773aa095b8c3a084526c38d012c7650a5796cd3fca9687e
- SHA512
  
  4d074cd7c859aa4b299b14834e938ed63aaea0f5680f2956587949df7eb64df97d3f249334df79bd23a0a7a83247b54b26294a270106cce75c949500be44b543
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy