Tag: obfuscated
Nemucod meets a new buddy: PHP
Published 5 years ago
We have already written about Nemucod downloader when it was paired with 7-Zip, this time we have spotted a new variant in the wild that appears to be a further evolution from previous versions. Before we dig into the analysis part, let’s take a quick look at the most recent history of Nemucod:
Locky Ransomware Shipping With a New Loader
Published 5 years ago
ReaQta has been monitoring a new and massive worldwide Locky ransomware spam campaign. The attacks are carried out in the usual way: a javascript file attached to an email message delivered to the victims, although this is the first campaign we have tracked that shows a different deployment behaviour. The javascript downloader usually retrieves Locky’s dropper …
Continue reading “Locky Ransomware Shipping With a New Loader”
Nemucod meets 7-Zip to launch ransomware attacks
Published 6 years ago
Nemucod is a Javascript downloader used to perform all kind of nasty stuff, recently a “ransomware” routine has been found in some samples, even if a simple one: a XOR with a predefined 255 bytes key. In other instances we have observed the download of a malicious executable responsible for the encryption process. What we will analyze this …
Continue reading “Nemucod meets 7-Zip to launch ransomware attacks”
