Nemucod meets 7zip

Nemucod meets 7-Zip to launch ransomware attacks

Nemucod is a Javascript downloader used to perform all kind of nasty stuff, recently a “ransomware” routine has been found in some samples, even if a simple one: a XOR with a predefined 255 bytes key. In other instances we have observed the download of a malicious executable responsible for the encryption process. What we will analyze this time is a variant that downloads the infamous Kovter together with the official 7zip CLI application.

Continue reading “Nemucod meets 7-Zip to launch ransomware attacks”