General
-
Target
2024-12-18_023b01650817f7f3ee4ec8ceab242f16_lockbit_neshta
-
Size
184KB
-
Sample
241218-rp47mssrgl
-
MD5
023b01650817f7f3ee4ec8ceab242f16
-
SHA1
045117711f81087ea812a3dc1a19a0ba8f228c03
-
SHA256
37d78bb11eaabba27c5e03b87d14b516141d52db80b37742d15995bb146c00d4
-
SHA512
0c92e11805f708e41a7ead7c10977f9eae4951fb6b5d8a4703a3705bcc77aa59c51b4807f1ff7fdaa5688c65430a2eeab186b17e5bf8159cebefc1ea9a565cf7
-
SSDEEP
3072:sr85Cas4cGR+OzRQbg8rc87DmDGRwCs7HMMProVQITEqOfBTHTfNBqO/Tw:k9HLGs0RAcomDn7M4avOXy
Malware Config
Targets
-
-
Target
2024-12-18_023b01650817f7f3ee4ec8ceab242f16_lockbit_neshta
-
Size
184KB
-
MD5
023b01650817f7f3ee4ec8ceab242f16
-
SHA1
045117711f81087ea812a3dc1a19a0ba8f228c03
-
SHA256
37d78bb11eaabba27c5e03b87d14b516141d52db80b37742d15995bb146c00d4
-
SHA512
0c92e11805f708e41a7ead7c10977f9eae4951fb6b5d8a4703a3705bcc77aa59c51b4807f1ff7fdaa5688c65430a2eeab186b17e5bf8159cebefc1ea9a565cf7
-
SSDEEP
3072:sr85Cas4cGR+OzRQbg8rc87DmDGRwCs7HMMProVQITEqOfBTHTfNBqO/Tw:k9HLGs0RAcomDn7M4avOXy
Score10/10-
Detect Neshta payload
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Lockbit family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-