General
-
Target
2024-06-19_1990b12d690ca0cc794b5b69aff67372_lockbit_neshta
-
Size
190KB
-
Sample
240619-kaak6axcme
-
MD5
1990b12d690ca0cc794b5b69aff67372
-
SHA1
3c10c41fae489e0d2ac70cd693a0441da10ded54
-
SHA256
4f46dac7fe7e27e955c968fc3297a1f6d7cc89425a4ee67fbe0642cc0d7cff73
-
SHA512
84d29bcec13df6cfefbfb75673f51ebcdf54a4f42a0ea658393520c836b99370893ac8a5a4ccd2ceccadd3282faa3c66bd5946f96fe217f93305ba0762b891de
-
SSDEEP
3072:sr85CU/ZNMIuc1SoiR9MH8wk44ymr1ilJDoiXWoqflac6sZ/mqFIhzj72WIT6FLD:k9UBNFucVicHrk7yPXDoiXXq0KZeqFIp
Malware Config
Targets
-
-
Target
2024-06-19_1990b12d690ca0cc794b5b69aff67372_lockbit_neshta
-
Size
190KB
-
MD5
1990b12d690ca0cc794b5b69aff67372
-
SHA1
3c10c41fae489e0d2ac70cd693a0441da10ded54
-
SHA256
4f46dac7fe7e27e955c968fc3297a1f6d7cc89425a4ee67fbe0642cc0d7cff73
-
SHA512
84d29bcec13df6cfefbfb75673f51ebcdf54a4f42a0ea658393520c836b99370893ac8a5a4ccd2ceccadd3282faa3c66bd5946f96fe217f93305ba0762b891de
-
SSDEEP
3072:sr85CU/ZNMIuc1SoiR9MH8wk44ymr1ilJDoiXWoqflac6sZ/mqFIhzj72WIT6FLD:k9UBNFucVicHrk7yPXDoiXXq0KZeqFIp
Score10/10-
Detect Neshta payload
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-