Overview

overview

10

Static

static

0374bb627e...71.dll

windows7_x64

10

0374bb627e...71.dll

windows10-2004_x64

10

0ba117fd39...35.exe

windows7_x64

10

0ba117fd39...35.exe

windows10-2004_x64

10

196c17a866...fe.exe

windows7_x64

10

196c17a866...fe.exe

windows10-2004_x64

10

1e0215f67f...53.exe

windows7_x64

10

1e0215f67f...53.exe

windows10-2004_x64

10

25d04d6314...de.exe

windows7_x64

10

25d04d6314...de.exe

windows10-2004_x64

10

428ff553b6...50.exe

windows7_x64

10

428ff553b6...50.exe

windows10-2004_x64

10

455d08a5e2...ce.exe

windows7_x64

10

455d08a5e2...ce.exe

windows10-2004_x64

10

4dbd0cd1e0...59.dll

windows7_x64

10

4dbd0cd1e0...59.dll

windows10-2004_x64

10

4febaf5c3e...92.exe

windows7_x64

10

4febaf5c3e...92.exe

windows10-2004_x64

10

5282f373b4...ff.exe

windows7_x64

9

5282f373b4...ff.exe

windows10-2004_x64

9

6c2e494f16...47.exe

windows7_x64

10

6c2e494f16...47.exe

windows10-2004_x64

10

6c95be6a53...65.exe

windows7_x64

10

6c95be6a53...65.exe

windows10-2004_x64

10

75a5b0e0e9...1a.exe

windows7_x64

10

75a5b0e0e9...1a.exe

windows10-2004_x64

10

7dd89cf8a1...d2.exe

windows7_x64

10

7dd89cf8a1...d2.exe

windows10-2004_x64

10

81fa8a3bdc...77.exe

windows7_x64

10

81fa8a3bdc...77.exe

windows10-2004_x64

10

9268e1f0af...b0.dll

windows7_x64

10

9268e1f0af...b0.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    downloads.zip

  • Size

    6.6MB

  • Sample

    220620-q5zfnadfcn

  • MD5

    3b0f343f00bda8ff449bf69075a2263f

  • SHA1

    f9c873500d08defa8e3f387cfe14b7086acf974e

  • SHA256

    e59e7db0c75cef4bb6e057d725bae7ed5e13fd011b54fe39c3fe7cdb123b684f

  • SHA512

    dddc90f4ed56a28d5551bd144da4e8e53f8fd547abfab2eedae1be209c83a5f040dac8c2ee944754f7464762c98e66a09137b19a61b4fb03efbcdd705550f7b9

Score
10/10
bueremotettrickbotepoch1epoch2lib101rob109rob110sat2xml1yas45bankerdaveevasionloaderpackerpersistenceransomwaresuricatatrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

155.186.9.160:80

80.249.176.206:80

94.23.62.116:8080

59.148.253.194:8080

192.232.229.54:7080

46.101.58.37:8080

62.84.75.50:80

81.215.230.173:443

170.81.48.2:80

46.43.2.95:8080

1.226.84.243:8080

152.169.22.67:80

70.32.115.157:8080

73.51.245.231:8080

94.176.234.118:443

177.73.0.98:443

113.163.216.135:80

186.188.212.201:80

201.71.228.86:80

178.250.54.208:8080
rsa_pubkey.plain

Extracted

Family

emotet

Botnet

Epoch2

C2

99.247.33.186:80

181.165.68.127:80

64.207.182.168:8080

51.89.36.180:443

51.89.199.141:8080

87.106.139.101:8080

139.162.60.124:8080

74.208.45.104:8080

209.141.54.221:7080

173.173.254.105:80

217.20.166.178:7080

208.74.26.234:80

88.153.35.32:80

216.139.123.119:80

110.145.101.66:443

176.111.60.55:8080

139.99.158.11:443

109.116.245.80:80

172.86.188.251:8080

115.94.207.99:443
rsa_pubkey.plain

Extracted

Family

trickbot

Version

1000512

Botnet

xml1

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

sat2

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

lib101

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

rob110

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

buer

C2

https://165.232.118.210/

Extracted

Family

trickbot

Version

1000512

Botnet

yas45

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

rob109

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      0374bb627e51aa5fa5df0640a5468939cf190a1a1bc0c8a0f3df4bc9b3e92171

    • Size

      442KB

    • MD5

      1eadc669573e390002451cae24c73d2a

    • SHA1

      b53754d5e713b95d3f2a9ad154946fb9ed79cec1

    • SHA256

      0374bb627e51aa5fa5df0640a5468939cf190a1a1bc0c8a0f3df4bc9b3e92171

    • SHA512

      78f5cf2f06d3eb47171b3e6d05ce00cfdfd7b5eb8ddcff07621f7d3f9448a191f95c86b2eada24cd79628ec5ed3ebcd2a37eaf5a4fb837cfed679ef9452a5344

    Score
    10/10
    trickbotbankerpackertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral1behavioral2

    • Target

      0ba117fd394120dbe7fef45f244ab20d476e595fd900ce56c4fced0941e8a635

    • Size

      280KB

    • MD5

      f208db3d0b53573ddb865b8083297685

    • SHA1

      db379d053d1aec9c1f8be9cb7a917b6010d099a6

    • SHA256

      0ba117fd394120dbe7fef45f244ab20d476e595fd900ce56c4fced0941e8a635

    • SHA512

      a25da0ad6f451c09ec38c4711b8be6f2db4e6e656626bf4204c2af64887e7b7d89d85fe8d8f8360bf8f4e08a6481f9c34ff9cd592f6bf26fba5889326ff99570

    Score
    10/10
    emotetepoch1bankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      196c17a866c395520e3440779c11fa79063127efb81cfb5d44f9c664f6a790fe

    • Size

      384KB

    • MD5

      e5fbc1da28635c999735d46d021c1b69

    • SHA1

      98bd51f54697562312fabfea5dcadd3eed997207

    • SHA256

      196c17a866c395520e3440779c11fa79063127efb81cfb5d44f9c664f6a790fe

    • SHA512

      8c0f3a35bdfd4e7821f72793595f576a836d5d52ed650d7291c87673489452ef55c5b6182666a678edbf32f4aabc4f8a18fa5e88261c4c919cb012ec585d2fae

    Score
    10/10
    emotetepoch2bankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      1e0215f67fb7b02bc44f33bf6a5b884c3061cbeb38e0150b559635458951fa53

    • Size

      396KB

    • MD5

      8503ea92f4c9941ee3295978729d98ba

    • SHA1

      d04dfbc5b1335c8408ffb5c58bd966791f748ad3

    • SHA256

      1e0215f67fb7b02bc44f33bf6a5b884c3061cbeb38e0150b559635458951fa53

    • SHA512

      a5dade77d81f3fc49b46d828ea653d55b921e8b65b455dd0a1fa7eba7880b3a86deff0aafd21276a86eb95be948ab61da9771343ccbc24164b31c3a5b18edaa5

    Score
    10/10
    trickbotxml1bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot
    behavioral7behavioral8

    • Target

      25d04d6314390db9f02656b70f9d0da208b7d3e4dd47ece7cb907854a2c07dde

    • Size

      284KB

    • MD5

      f81f03280cfa4379453f152008311573

    • SHA1

      97a418aaebc019f4715c911af232d4ca09004536

    • SHA256

      25d04d6314390db9f02656b70f9d0da208b7d3e4dd47ece7cb907854a2c07dde

    • SHA512

      714a662ba23c5f971d92e7db65745c1ce663e59cbf94a767a695dc3527f9645129dd0d584333a3ea6dbe2857c12f9da323cf8b9ce535f04c8617fc7e31e0842f

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral9behavioral10

    • Target

      428ff553b67cd782e6d0227ae09c83ba8074fa11cf4bfd91703b2043aa5f6c50

    • Size

      342KB

    • MD5

      f4853c12c2e213979b03701b36e18960

    • SHA1

      925203dea145358e1457bca76de0edcae8b33961

    • SHA256

      428ff553b67cd782e6d0227ae09c83ba8074fa11cf4bfd91703b2043aa5f6c50

    • SHA512

      2c450e424f88ed9c3e37c03c2f4cc8153392b70320ec5533d17a5e10400c70ec668f8526ea3125364ce7d9eba7dc16295d0587e93c979cbed3cd10bea61a373e

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral11behavioral12

    • Target

      455d08a5e2a10427eb1aec8f9ee931a5ae10b41acb9cf0e9090f87722a96b9ce

    • Size

      296KB

    • MD5

      ac35802d7f24f8c48231c4ad3dba6ca8

    • SHA1

      d4e091c21fbd85e1b3ab5ff2f03eb89df2ffb9bd

    • SHA256

      455d08a5e2a10427eb1aec8f9ee931a5ae10b41acb9cf0e9090f87722a96b9ce

    • SHA512

      f980d12472e06782a1e05a0c9c22e60a54841d63b611b3ecc71fb8475305fc00d01fc266ec21899d0e0dede7ed850f9930ede17d01b874385415450ca952020a

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      4dbd0cd1e0f85d16cb65f376880ca9ba247bd1f81542f135610f951349909959

    • Size

      516KB

    • MD5

      8fe94f61dc7cd3282df2683dde87e61f

    • SHA1

      4731cffdc450f03baac5c9e64554d274b1421531

    • SHA256

      4dbd0cd1e0f85d16cb65f376880ca9ba247bd1f81542f135610f951349909959

    • SHA512

      3907347975a9618c9034e2e0a8a8ad3778e355d8e812134902609a87df300c835b0a76a6165bee752d29f05f3cf7d747944f22f48be745f5ce000b1f7dade251

    Score
    10/10
    trickbotsat2bankersuricatatrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral15behavioral16

    • Target

      4febaf5c3eb1938f657200df1141457d1bb34b9b67222f2e889c9785dd99e492

    • Size

      341KB

    • MD5

      83d8dac9d5b9137272a09108bef54457

    • SHA1

      0134e7feeb2727030a2a8e143751490c760dd7fc

    • SHA256

      4febaf5c3eb1938f657200df1141457d1bb34b9b67222f2e889c9785dd99e492

    • SHA512

      a1778db56c6ca781397eba82efbe3156119b3acb2532e29f16d23b8e516b182ac1ade0c7fa70d7e4774b6d9df0e759ec560391b2d63ae9cb4948c9e63e0bb36b

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral17behavioral18

    • Target

      5282f373b4dbab1b939b625d05d45442e8c008eeb6fa5d3c1f587cf80afa21ff

    • Size

      92KB

    • MD5

      fd8050fe993e55914b1608dd1828f540

    • SHA1

      8d8de88ec4baaeb504b4cdf959fd0d76fd346818

    • SHA256

      5282f373b4dbab1b939b625d05d45442e8c008eeb6fa5d3c1f587cf80afa21ff

    • SHA512

      ac73a5a33b2c9549b678ccf7dd48242f7563eb15b1cc75f3d28e170b72d09f6a4424e75f20c049f603b04c2536f03aa96fae50a6c3f12dbb5f7075ef9dd9e60d

    Score
    9/10
    evasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral19behavioral20

    • Target

      6c2e494f16262d6e4b2eaa552971b562a2bb87ac71a73a8be8638aefb47f1a47

    • Size

      244KB

    • MD5

      ec6363acaf183e7c3bcdc5b009ac277c

    • SHA1

      94bf19b87591a990a40ea61e3235314a02f105e2

    • SHA256

      6c2e494f16262d6e4b2eaa552971b562a2bb87ac71a73a8be8638aefb47f1a47

    • SHA512

      be05c7ef26a3216cd01cbadb1086962caae4075a0ce322c248c56ad3d97c9cb85d19173e52db754152eac8678317ea637fe18d10cc89133f7eadc885fb92d402

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral21behavioral22

    • Target

      6c95be6a536264db1dcb3c13b03b6f67d04b75a49cb9411fa294352590df2e65

    • Size

      860KB

    • MD5

      02adc56200b095ac950730eb3458ce9d

    • SHA1

      ddecba68da8e16bfc2638b48a2080104b180b12e

    • SHA256

      6c95be6a536264db1dcb3c13b03b6f67d04b75a49cb9411fa294352590df2e65

    • SHA512

      5f25c4953683279894086126a7eae6babd25b1f9ffbe367eecf46f6f9dc08f05fd4a94027d9cadeeca21d5d499e5bb96f3e4b7d660c1eeb1f8876addc1d2f885

    Score
    10/10
    trickbotlib101bankersuricatatrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral23behavioral24

    • Target

      75a5b0e0e96691e1aacf99aba23f9b2a53ef8c349a8822494b7b82c400b5a61a

    • Size

      454KB

    • MD5

      92bdf585c0213c658e84afa9bee31e83

    • SHA1

      2605300c6957335e73d527d83405e657ff3348f0

    • SHA256

      75a5b0e0e96691e1aacf99aba23f9b2a53ef8c349a8822494b7b82c400b5a61a

    • SHA512

      94fe04fb55a6046226222d55967a05acfa9f26e7ed5a7ce91f6e57565502399f1daad99084e9ed9d940319a124b0fd9557fb28d2082c0c2cdbba5255ca986726

    Score
    10/10
    trickbotrob110bankertrojansuricata

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral25behavioral26

    • Target

      7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2

    • Size

      196KB

    • MD5

      dd69fb6eb36fd0b9d0e14e099104726a

    • SHA1

      6fb3cad9868b22a0563664d3c5cbefe7e57d09b2

    • SHA256

      7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2

    • SHA512

      6743cac45032112bccf24bd0765f15727c7dd12a46e8162adc39c99631998f3b8b8544916ab398bbeaaa3704b65e8dd57b4f6dd8acaf1c933a2406e9525eacea

    Score
    10/10
    buerloaderpersistence

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral27behavioral28

    • Target

      81fa8a3bdc452dd2b279b61fed92fe83d65e650e06bca9ee4dfcf991a4a59e77

    • Size

      432KB

    • MD5

      7773c8164949a42936c4d1374cf16284

    • SHA1

      9e92535dc7bcdd7bf677a643f90ee730784edfc6

    • SHA256

      81fa8a3bdc452dd2b279b61fed92fe83d65e650e06bca9ee4dfcf991a4a59e77

    • SHA512

      8569116004d7b7154fced5a1a6f9d6ed111cae4cf71a68942fc0b978f5fb42db5b595c059fa77bd787cb923c99894dfc07accbc201c38caa02e3f2a235a9d61c

    Score
    10/10
    trickbotyas45bankerdavetrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Drops file in System32 directory

    behavioral29behavioral30

    • Target

      9268e1f0af209ecb3d16ddbb4b5f294194c62b54812b02aba7efc7b1306c0fb0

    • Size

      544KB

    • MD5

      252d7a18958132b04614191096ab9636

    • SHA1

      e0c9542cba105632c39e4b9b6db75a0cecb29221

    • SHA256

      9268e1f0af209ecb3d16ddbb4b5f294194c62b54812b02aba7efc7b1306c0fb0

    • SHA512

      d66d7f0047b4c41e101641d91270c43325637de28d1a5713194a9a7db8de6320e51de8f0219db209237951432318f9d609c205610f41306f23837ff1a5ece31c

    Score
    10/10
    trickbotrob109bankersuricatatrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

trickbotbankerpackertrojan
Score
10/10

behavioral2

trickbotbankerpackertrojan
Score
10/10

behavioral3

emotetepoch1bankersuricatatrojan
Score
10/10

behavioral4

emotetepoch1bankersuricatatrojan
Score
10/10

behavioral5

emotetepoch2bankersuricatatrojan
Score
10/10

behavioral6

emotetepoch2bankersuricatatrojan
Score
10/10

behavioral7

trickbotxml1bankertrojan
Score
10/10

behavioral8

trickbotxml1bankertrojan
Score
10/10

behavioral9

emotetepoch2bankertrojan
Score
10/10

behavioral10

emotetepoch2bankertrojan
Score
10/10

behavioral11

emotetepoch2bankertrojan
Score
10/10

behavioral12

emotetepoch2bankertrojan
Score
10/10

behavioral13

emotetepoch2bankertrojan
Score
10/10

behavioral14

emotetepoch2bankertrojan
Score
10/10

behavioral15

trickbotsat2bankersuricatatrojan
Score
10/10

behavioral16

trickbotsat2bankersuricatatrojan
Score
10/10

behavioral17

emotetepoch1bankertrojan
Score
10/10

behavioral18

emotetepoch1bankertrojan
Score
10/10

behavioral19

evasionpersistenceransomware
Score
9/10

behavioral20

evasionpersistenceransomware
Score
9/10

behavioral21

emotetepoch2bankertrojan
Score
10/10

behavioral22

emotetepoch2bankertrojan
Score
10/10

behavioral23

trickbotlib101bankersuricatatrojan
Score
10/10

behavioral24

trickbotlib101bankersuricatatrojan
Score
10/10

behavioral25

trickbotrob110bankertrojan
Score
10/10

behavioral26

trickbotrob110bankersuricatatrojan
Score
10/10

behavioral27

buerloader
Score
10/10

behavioral28

buerloaderpersistence
Score
10/10

behavioral29

trickbotyas45bankerdavetrojan
Score
10/10

behavioral30

trickbotyas45bankerdavetrojan
Score
10/10

behavioral31

trickbotrob109bankersuricatatrojan
Score
10/10

behavioral32

trickbotrob109bankersuricatatrojan
Score
10/10