General

  • Target

    20161205_eb2df1e72525f9d332e3179c4d432c70.js

  • Size

    13KB

  • Sample

    211118-rda5esdefm

  • MD5

    4962f8c69418e2a963a2efcf37718d8d

  • SHA1

    aeab75634c68d8505e9f64dcabb1e415e9f53840

  • SHA256

    0881cd733dd584863daaf87341e4d0c38815a5aa62a9dc7f2608af2a3f1dc3e8

  • SHA512

    c2cfc24d90cc8bee452f8cf10d87b038221c9b0c7a5ea5733ccd2ce7ea74b829f15116695f0315f6765adf9aa1922653ecbda249f66aaef9e9b3fa98e2664cd8

Malware Config

Targets

    • Target

      20161205_eb2df1e72525f9d332e3179c4d432c70.js

    • Size

      13KB

    • MD5

      4962f8c69418e2a963a2efcf37718d8d

    • SHA1

      aeab75634c68d8505e9f64dcabb1e415e9f53840

    • SHA256

      0881cd733dd584863daaf87341e4d0c38815a5aa62a9dc7f2608af2a3f1dc3e8

    • SHA512

      c2cfc24d90cc8bee452f8cf10d87b038221c9b0c7a5ea5733ccd2ce7ea74b829f15116695f0315f6765adf9aa1922653ecbda249f66aaef9e9b3fa98e2664cd8

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

      suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks