General
-
Target
https://samples.vx-underground.org/Samples/Families/Neshta/fbbefa2bf51016a540da3b67d0da5120.7z
-
Sample
240425-tksddscd53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://samples.vx-underground.org/Samples/Families/Neshta/fbbefa2bf51016a540da3b67d0da5120.7z
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://dyjcgvdfgdzgzdzzf.gq/BN1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
https://samples.vx-underground.org/Samples/Families/Neshta/fbbefa2bf51016a540da3b67d0da5120.7z
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-