General
-
Target
2025-04-21_303eb0514e712272949688d11dda291f_darkside_elex_neshta
-
Size
193KB
-
Sample
250421-mmfztatpz4
-
MD5
303eb0514e712272949688d11dda291f
-
SHA1
118822a7d9c35aa91b68bb23d3e7be43be0bad5f
-
SHA256
0225ded4dc1850d79f0ee3a717c2938d3b6436fdca4a1138dfc427095e8fe878
-
SHA512
2f8dac85cd969df2a7fadbbc1154da0f765f152044045bafd37fe6444042029b7383f29840e0644c821584cc94704dceee07925467ef4d167e61e9f9549992b8
-
SSDEEP
3072:sr85Cs4GsUPnliByocWepjLW9lyNX0bzEvH32QvVT6glyuxl:k9JGpvEByocWedq/VzFGVT6gDl
Behavioral task
behavioral1
Sample
2025-04-21_303eb0514e712272949688d11dda291f_darkside_elex_neshta.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-21_303eb0514e712272949688d11dda291f_darkside_elex_neshta.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
2025-04-21_303eb0514e712272949688d11dda291f_darkside_elex_neshta
-
Size
193KB
-
MD5
303eb0514e712272949688d11dda291f
-
SHA1
118822a7d9c35aa91b68bb23d3e7be43be0bad5f
-
SHA256
0225ded4dc1850d79f0ee3a717c2938d3b6436fdca4a1138dfc427095e8fe878
-
SHA512
2f8dac85cd969df2a7fadbbc1154da0f765f152044045bafd37fe6444042029b7383f29840e0644c821584cc94704dceee07925467ef4d167e61e9f9549992b8
-
SSDEEP
3072:sr85Cs4GsUPnliByocWepjLW9lyNX0bzEvH32QvVT6glyuxl:k9JGpvEByocWedq/VzFGVT6gDl
-
Detect Neshta payload
-
Lockbit family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Renames multiple (7652) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-