General
-
Target
2025-07-04_1a01c88008877074f2e95c3e3bb30d5c_amadey_elex_gcleaner_hijackloader_neshta_smoke-loader_stop
-
Size
2.7MB
-
Sample
250704-ptb1jshq5t
-
MD5
1a01c88008877074f2e95c3e3bb30d5c
-
SHA1
80843d8e5222829b915a76f4afbf143157ea0c58
-
SHA256
c003ca36bf6130bfc14e6839c717c2281bd5bebdc1b7c25b058d8eee5d4f02db
-
SHA512
fe4a64a208809b274682225d8bae92b538ce1d6f0a300b6d638dd023e7251e58c26006dec4e6d8aa949aac4cacb03fa690256ddb37a49149509ee701b6298dad
-
SSDEEP
49152:ABc2m9UCqF7Q/b7EkxxjJmGVu4yazj4kB71lxPnJOIk91W/FdHIZq:8ct9IF7QDZjjJmGVuj817nYHIdo
Behavioral task
behavioral1
Sample
2025-07-04_1a01c88008877074f2e95c3e3bb30d5c_amadey_elex_gcleaner_hijackloader_neshta_smoke-loader_stop.exe
Resource
win10v2004-20250610-en
Malware Config
Targets
-
-
Target
2025-07-04_1a01c88008877074f2e95c3e3bb30d5c_amadey_elex_gcleaner_hijackloader_neshta_smoke-loader_stop
-
Size
2.7MB
-
MD5
1a01c88008877074f2e95c3e3bb30d5c
-
SHA1
80843d8e5222829b915a76f4afbf143157ea0c58
-
SHA256
c003ca36bf6130bfc14e6839c717c2281bd5bebdc1b7c25b058d8eee5d4f02db
-
SHA512
fe4a64a208809b274682225d8bae92b538ce1d6f0a300b6d638dd023e7251e58c26006dec4e6d8aa949aac4cacb03fa690256ddb37a49149509ee701b6298dad
-
SSDEEP
49152:ABc2m9UCqF7Q/b7EkxxjJmGVu4yazj4kB71lxPnJOIk91W/FdHIZq:8ct9IF7QDZjjJmGVuj817nYHIdo
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-