General

  • Target

    2025-07-04_1a01c88008877074f2e95c3e3bb30d5c_amadey_elex_gcleaner_hijackloader_neshta_smoke-loader_stop

  • Size

    2.7MB

  • Sample

    250704-ptb1jshq5t

  • MD5

    1a01c88008877074f2e95c3e3bb30d5c

  • SHA1

    80843d8e5222829b915a76f4afbf143157ea0c58

  • SHA256

    c003ca36bf6130bfc14e6839c717c2281bd5bebdc1b7c25b058d8eee5d4f02db

  • SHA512

    fe4a64a208809b274682225d8bae92b538ce1d6f0a300b6d638dd023e7251e58c26006dec4e6d8aa949aac4cacb03fa690256ddb37a49149509ee701b6298dad

  • SSDEEP

    49152:ABc2m9UCqF7Q/b7EkxxjJmGVu4yazj4kB71lxPnJOIk91W/FdHIZq:8ct9IF7QDZjjJmGVuj817nYHIdo

Malware Config

Targets

    • Target

      2025-07-04_1a01c88008877074f2e95c3e3bb30d5c_amadey_elex_gcleaner_hijackloader_neshta_smoke-loader_stop

    • Size

      2.7MB

    • MD5

      1a01c88008877074f2e95c3e3bb30d5c

    • SHA1

      80843d8e5222829b915a76f4afbf143157ea0c58

    • SHA256

      c003ca36bf6130bfc14e6839c717c2281bd5bebdc1b7c25b058d8eee5d4f02db

    • SHA512

      fe4a64a208809b274682225d8bae92b538ce1d6f0a300b6d638dd023e7251e58c26006dec4e6d8aa949aac4cacb03fa690256ddb37a49149509ee701b6298dad

    • SSDEEP

      49152:ABc2m9UCqF7Q/b7EkxxjJmGVu4yazj4kB71lxPnJOIk91W/FdHIZq:8ct9IF7QDZjjJmGVuj817nYHIdo

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks