Tag: javascript
Locky Dropper Now Comes Embedded in the Loader
Published 5 years ago
We have noticed a change of behaviour in the latest spam email campaigns used by Locky. Since its first release Locky took advantage of compromised domains to download the dropper binary, while recently Locky dropper is being delivered embedded into the loader code itself. By tracking these campaigns we have also noticed that Locky’s authors have made …
Continue reading “Locky Dropper Now Comes Embedded in the Loader”
Nemucod meets a new buddy: PHP
Published 5 years ago
We have already written about Nemucod downloader when it was paired with 7-Zip, this time we have spotted a new variant in the wild that appears to be a further evolution from previous versions. Before we dig into the analysis part, let’s take a quick look at the most recent history of Nemucod:
Locky Ransomware Shipping With a New Loader
Published 5 years ago
ReaQta has been monitoring a new and massive worldwide Locky ransomware spam campaign. The attacks are carried out in the usual way: a javascript file attached to an email message delivered to the victims, although this is the first campaign we have tracked that shows a different deployment behaviour. The javascript downloader usually retrieves Locky’s dropper …
Continue reading “Locky Ransomware Shipping With a New Loader”
Nemucod meets 7-Zip to launch ransomware attacks
Published 6 years ago
Nemucod is a Javascript downloader used to perform all kind of nasty stuff, recently a “ransomware” routine has been found in some samples, even if a simple one: a XOR with a predefined 255 bytes key. In other instances we have observed the download of a malicious executable responsible for the encryption process. What we will analyze this …
Continue reading “Nemucod meets 7-Zip to launch ransomware attacks”
