General
- Target 2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer_lynx_njrat_nymaim_smoke-loader
- Size 251KB
- Sample260702-3wzraagx2y
- SHA256 d026e4c148662ffef84c8080fef235909e512807fca9c89dcd1dfd5e2209660d
- MD5 250f0aaeb111be2bf8549fc7fb4638c8
- SHA1 c2df346480e90b174427829c9a639ff495316760
- SHA512 481ede347e78ca0317bc773d69a7c1f95b0c5b4eb11414cbb2f80bafc35e862f826532786dd4d971f496f1876a20b5c3edea6a2da97c2e587d829c62a320fc34
- SSDEEP 6144:XtzzaGZn3o3aS4hgsQURTSTou+e0+WMv97f8qfAOJjejcw:XtzzLx43aS4hgZURTcJjfKcw
- TLSH T134447C107591C432E87110365978EBB6853EFC350B258ADBB3C45F7EDE703C2AA35A6A
- MD5 SHA1 SHA512 SSDEEP TLSH
Behavioral task
behavioral1
Sample
2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer.exe
Resource
win10v2004-20260513-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer.exe
Resource
win11ltsc2024-20260629-en
16 signatures
150 seconds
Malware Config
Extracted
Family
-
gcleaner
C2
-
45.12.253.56
-
45.12.253.72
-
45.12.253.98
-
45.12.253.75
Attributes
-
url_path
/setupsetup.php
/setupsetup.php
/default/puk.php
Targets
-
- Target 2026-07-02_250f0aaeb111be2bf8549fc7fb4638c8_amadey_cobalt-strike_darkgate_elex_gcleaner_luca-stealer_lynx_njrat_nymaim_smoke-loader
- Size 251KB
- SHA256 d026e4c148662ffef84c8080fef235909e512807fca9c89dcd1dfd5e2209660d
- MD5 250f0aaeb111be2bf8549fc7fb4638c8
- SHA1 c2df346480e90b174427829c9a639ff495316760
- SHA512 481ede347e78ca0317bc773d69a7c1f95b0c5b4eb11414cbb2f80bafc35e862f826532786dd4d971f496f1876a20b5c3edea6a2da97c2e587d829c62a320fc34
- SSDEEP 6144:XtzzaGZn3o3aS4hgsQURTSTou+e0+WMv97f8qfAOJjejcw:XtzzLx43aS4hgZURTcJjfKcw
- TLSH T134447C107591C432E87110365978EBB6853EFC350B258ADBB3C45F7EDE703C2AA35A6A
- MD5 SHA1 SHA512 SSDEEP TLSH
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.