[go: up one dir, main page]

General

  • Target
    2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer_lynx_njrat_nymaim_smoke-loader
  • Size 251KB
  • Sample260702-3wzraagx2y
  • SHA256 d026e4c148662ffef84c8080fef235909e512807fca9c89dcd1dfd5e2209660d
  • MD5 SHA1 SHA512 SSDEEP TLSH

Malware Config

Extracted

Family
  • gcleaner

C2
  • 45.12.253.56

  • 45.12.253.72

  • 45.12.253.98

  • 45.12.253.75

Attributes
  • url_path

    /setupsetup.php

    /setupsetup.php

    /default/puk.php

Targets

    • Target
      2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer_lynx_njrat_nymaim_smoke-loader
    • Size 251KB
    • SHA256 d026e4c148662ffef84c8080fef235909e512807fca9c89dcd1dfd5e2209660d
    • MD5 SHA1 SHA512 SSDEEP TLSH
    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks