locky | d487739b5dae62175cba687c888773d3085b6003810ee9c3e7ebaccfee4c6dba | Triage

Submit
Reports

Overview

overview

Static

static

20161205_f...3f1.js

windows7_x64

20161205_f...3f1.js

windows10_x64

Sharing

General

Target

20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js
Size

13KB
Sample

211118-raenfaddek
MD5

66693ade1d8d86923589f23cc90adb67
SHA1

6627d10d4eff4c466c18c30a3698074d030e5bff
SHA256

d487739b5dae62175cba687c888773d3085b6003810ee9c3e7ebaccfee4c6dba
SHA512

2201e4d1c7e5eaf7e061174413963e30f9e8590daa9131fa7f1aca70e1a74a68fcef0d19a1522586be15364c15420141d144e2ea8eee94d898a0163ed468446f

Score

10^/10

locky locky_osiris ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js

Resource

win7-en-20211014

locky locky_osiris ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js
- Size
  
  13KB
- MD5
  
  66693ade1d8d86923589f23cc90adb67
- SHA1
  
  6627d10d4eff4c466c18c30a3698074d030e5bff
- SHA256
  
  d487739b5dae62175cba687c888773d3085b6003810ee9c3e7ebaccfee4c6dba
- SHA512
  
  2201e4d1c7e5eaf7e061174413963e30f9e8590daa9131fa7f1aca70e1a74a68fcef0d19a1522586be15364c15420141d144e2ea8eee94d898a0163ed468446f
Score

10^/10

locky locky_osiris ransomware suricata
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomwaresuricata

behavioral2

lockylocky_osirisransomware

© 2018-2025

Terms | Privacy