SecurityHome.eu TrojanDownloader:JS/Locky.A

Home / malware PDF

TrojanDownloader:JS/Locky.A

First posted on 24 February 2016.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:JS/Locky.A.
Explanation :
This threat downloads other malware, such as Ransom:Win32/Locky.A. You can read more on our ransomware page.

Installation

We have seen this threat arrive in a spam email attachment as the following:

RG< random numbers>-SIG.js

Payload

Downloads and runs other malware

When the malware runs, it connects to a remote host through HTTP and downloads an executable file. This file is saved to the %TEMP% directory as a random file, such as:

.exe

We have also seen this threat download Ransom:Win32/Locky.A

Analysis by Marianne Mallen
Last update 24 February 2016

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

TrojanDownloader:JS/Locky.A