lockbit | 8b37a0ceaa72fe854f73150f0a9d7e64469e9d5cc6a85c2fb88527c65997d15d | Triage

Submit
Reports

Overview

overview

Static

static

2025-02-15...ta.exe

windows7-x64

2025-02-15...ta.exe

windows10-2004-x64

Sharing

General

Target

2025-02-15_a7e14726f03b31c182626f457295f00c_darkside_neshta
Size

186KB
Sample

250215-e5ntdavnas
MD5

a7e14726f03b31c182626f457295f00c
SHA1

40f94283483712abfca017b4ea4c0785618a4c27
SHA256

8b37a0ceaa72fe854f73150f0a9d7e64469e9d5cc6a85c2fb88527c65997d15d
SHA512

85e6bab0cbf6b4c018a87eefa6e0a2c6683ca9b6313b3ab1b69f231d5f6cc59bca99a2285aecb68b479001c8c605c7bdfdd9cb712b3aae2aab87eb42b5787c80
SSDEEP

1536:JxqjQ+P04wsmJCVvMH+1zGSNAojMP95D1xDmNgwg0XiOiu/8EINw5YkjPGHUyzS7:sr85CDcSNm9V7Dm7i1j0XjuTxqJogYg

Score

10^/10

lockbit neshta discovery persistence ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-02-15_a7e14726f03b31c182626f457295f00c_darkside_neshta.exe

Resource

win7-20241023-en

lockbit neshta discovery persistence ransomware spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-15_a7e14726f03b31c182626f457295f00c_darkside_neshta.exe

Resource

win10v2004-20250211-en

lockbit neshta discovery persistence ransomware spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-15_a7e14726f03b31c182626f457295f00c_darkside_neshta
- Size
  
  186KB
- MD5
  
  a7e14726f03b31c182626f457295f00c
- SHA1
  
  40f94283483712abfca017b4ea4c0785618a4c27
- SHA256
  
  8b37a0ceaa72fe854f73150f0a9d7e64469e9d5cc6a85c2fb88527c65997d15d
- SHA512
  
  85e6bab0cbf6b4c018a87eefa6e0a2c6683ca9b6313b3ab1b69f231d5f6cc59bca99a2285aecb68b479001c8c605c7bdfdd9cb712b3aae2aab87eb42b5787c80
- SSDEEP
  
  1536:JxqjQ+P04wsmJCVvMH+1zGSNAojMP95D1xDmNgwg0XiOiu/8EINw5YkjPGHUyzS7:sr85CDcSNm9V7Dm7i1j0XjuTxqJogYg
Score

10^/10

lockbit neshta discovery persistence ransomware spyware stealer
- Detect Neshta payload
- Lockbit
  Ransomware family with multiple variants released since late 2019.
  ransomware lockbit
- Lockbit family
  lockbit
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Rule to detect Lockbit 3.0 ransomware Windows payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lockbitneshtadiscoverypersistenceransomwarespywarestealer

behavioral2

lockbitneshtadiscoverypersistenceransomwarespywarestealer

© 2018-2025

Terms | Privacy