locky | 765748dc0f5b0a5ca9e98302794c92a962528a66935f68b2836b877e96f6353e | Triage

Submit
Reports

Overview

overview

Static

static

20161205_8...4d0.js

windows7_x64

20161205_8...4d0.js

windows10_x64

Sharing

General

Target

20161205_81d78d08e4ef7f5416d25833f8f394d0.js
Size

13KB
Sample

211118-rdwq5adehk
MD5

cf259e151da4827954a95bc7b35aa1d2
SHA1

5bc1ddc79099cc8a197305a1272e6211470ae8fc
SHA256

765748dc0f5b0a5ca9e98302794c92a962528a66935f68b2836b877e96f6353e
SHA512

3eb6914e890540d297d3872c2126006088b16be72cfe83e71cfe49e9c9c4fa0287c9c01e7dac40d813761c06762bd97c1ecff6bd952d36d258224ae70e19db9a

Score

10^/10

locky locky_osiris ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

20161205_81d78d08e4ef7f5416d25833f8f394d0.js

Resource

win7-en-20211104

locky locky_osiris ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20161205_81d78d08e4ef7f5416d25833f8f394d0.js

Resource

win10-en-20211104

locky locky_osiris ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20161205_81d78d08e4ef7f5416d25833f8f394d0.js
- Size
  
  13KB
- MD5
  
  cf259e151da4827954a95bc7b35aa1d2
- SHA1
  
  5bc1ddc79099cc8a197305a1272e6211470ae8fc
- SHA256
  
  765748dc0f5b0a5ca9e98302794c92a962528a66935f68b2836b877e96f6353e
- SHA512
  
  3eb6914e890540d297d3872c2126006088b16be72cfe83e71cfe49e9c9c4fa0287c9c01e7dac40d813761c06762bd97c1ecff6bd952d36d258224ae70e19db9a
Score

10^/10

locky locky_osiris ransomware suricata
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata: ET MALWARE Nemucod JS Downloader Aug 01 2017
  suricata
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomwaresuricata

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy