General
-
Target
20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js
-
Size
13KB
-
Sample
211118-raenfaddek
-
MD5
66693ade1d8d86923589f23cc90adb67
-
SHA1
6627d10d4eff4c466c18c30a3698074d030e5bff
-
SHA256
d487739b5dae62175cba687c888773d3085b6003810ee9c3e7ebaccfee4c6dba
-
SHA512
2201e4d1c7e5eaf7e061174413963e30f9e8590daa9131fa7f1aca70e1a74a68fcef0d19a1522586be15364c15420141d144e2ea8eee94d898a0163ed468446f
Malware Config
Targets
-
-
Target
20161205_f7243bcc0d762f1d582d88f5ac30a3f1.js
-
Size
13KB
-
MD5
66693ade1d8d86923589f23cc90adb67
-
SHA1
6627d10d4eff4c466c18c30a3698074d030e5bff
-
SHA256
d487739b5dae62175cba687c888773d3085b6003810ee9c3e7ebaccfee4c6dba
-
SHA512
2201e4d1c7e5eaf7e061174413963e30f9e8590daa9131fa7f1aca70e1a74a68fcef0d19a1522586be15364c15420141d144e2ea8eee94d898a0163ed468446f
Score10/10-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
-
suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-