Overview

overview

10

Static

static

8

233f95c87f...31.exe

windows7-x64

8

233f95c87f...31.exe

windows10-2004-x64

8

2d8ea1230d...aa.exe

windows7-x64

10

2d8ea1230d...aa.exe

windows10-2004-x64

10

34dba85bb2...1a.exe

windows7-x64

8

34dba85bb2...1a.exe

windows10-2004-x64

8

463d0b0903...ea.exe

windows7-x64

1

463d0b0903...ea.exe

windows10-2004-x64

1

4bcf45bde8...39.exe

windows7-x64

1

4bcf45bde8...39.exe

windows10-2004-x64

1

5292b8004f...ce.exe

windows7-x64

10

5292b8004f...ce.exe

windows10-2004-x64

10

6babc5b52d...53.dll

windows7-x64

1

6babc5b52d...53.dll

windows10-2004-x64

1

85b73b7b3c...45.exe

windows7-x64

10

85b73b7b3c...45.exe

windows10-2004-x64

10

8eb41b097a...ff.exe

windows7-x64

8

8eb41b097a...ff.exe

windows10-2004-x64

8

932380926b...ef.exe

windows7-x64

5

932380926b...ef.exe

windows10-2004-x64

8

9d8729b9ca...de.exe

windows7-x64

10

9d8729b9ca...de.exe

windows10-2004-x64

8

9e147a3bb2...53.dll

windows7-x64

1

9e147a3bb2...53.dll

windows10-2004-x64

1

bccfdc8e1a...96.exe

windows7-x64

7

bccfdc8e1a...96.exe

windows10-2004-x64

7

bf5a9bb619...d7.exe

windows7-x64

1

bf5a9bb619...d7.exe

windows10-2004-x64

1

d0017384df...0a.exe

windows7-x64

1

d0017384df...0a.exe

windows10-2004-x64

1

d72aa8fe30...89.exe

windows7-x64

10

d72aa8fe30...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8547977480.zip

  • Size

    34.2MB

  • Sample

    221203-wg4ncscc33

  • MD5

    2d80845d65f702b4c692e75b67f04b7a

  • SHA1

    3aecbf1263d599dc24fe3c92bcad4c41e23bc955

  • SHA256

    649c75d99b6d8e237d8a8d0142796fcbfa7381674628201f474b58039144ec2a

  • SHA512

    9e2e77b037b815b660403aa9edfe9911301aed7fdd056a3a8b5ac7c229ff25b723acfc41d1d2d59aa8e0268564bce3d854dd9dae3e49917c4b294c1b08a695b6

  • SSDEEP

    786432:dSwjjNxcsSEy6TYX9I9g56wCjlup1pGmlECm9S6N6zZ0cESSNU:dSUN+s81gwC+1pG4WS6Y0cNSe

Score
10/10
privateloaderraccoonredlinebd3a3a503834ef8e836d8a99d1ecff54nam6.1evasioninfostealerloadermainpersistencespywarestealertrojanvmprotect

Malware Config

Extracted

Family

redline

Botnet

nam6.1

C2

103.89.90.61:34589

Attributes
  • auth_value

    5a3c8b8880f6d03e2acaaa0ba12776e3

Extracted

Family

privateloader

C2

208.67.104.60

http://91.241.19.125/pub.php?pub=one

http://sarfoods.com/index.php
Attributes
  • payload_url

    https://cdn.discordapp.com/attachments/910842184708792331/931507465563045909/dingo_20220114120058.bmp

    https://c.xyzgamec.com/userdown/2202/random.exe

    http://193.56.146.76/Proxytest.exe

    http://www.yzsyjyjh.com/askhelp23/askinstall23.exe

    http://privacy-tools-for-you-780.com/downloads/toolspab3.exe

    http://luminati-china.xyz/aman/casper2.exe

    https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr95038215.exe

    http://tg8.cllgxx.com/hp8/g1/yrpp1047.exe

    https://cdn.discordapp.com/attachments/910842184708792331/930849718240698368/Roll.bmp

    https://cdn.discordapp.com/attachments/910842184708792331/930850766787330068/real1201.bmp

    https://cdn.discordapp.com/attachments/910842184708792331/930882959131693096/Installer.bmp

    http://185.215.113.208/ferrari.exe

    https://cdn.discordapp.com/attachments/910842184708792331/931233371110141962/LingeringsAntiphon.bmp

    https://cdn.discordapp.com/attachments/910842184708792331/931285223709225071/russ.bmp

    https://cdn.discordapp.com/attachments/910842184708792331/932720393201016842/filinnn.bmp

    https://cdn.discordapp.com/attachments/910842184708792331/933436611427979305/build20k.bmp

    https://c.xyzgamec.com/userdown/2202/random.exe

    http://mnbuiy.pw/adsli/note8876.exe

    http://www.yzsyjyjh.com/askhelp23/askinstall23.exe

    http://luminati-china.xyz/aman/casper2.exe

    https://suprimax.vet.br/css/fonts/OneCleanerInst942914.exe

    http://tg8.cllgxx.com/hp8/g1/ssaa1047.exe

    https://www.deezloader.app/files/Deezloader_Remix_Installer_64_bit_4.3.0_Setup.exe

    https://www.deezloader.app/files/Deezloader_Remix_Installer_32_bit_4.3.0_Setup.exe

    https://cdn.discordapp.com/attachments/910281601559167006/911516400005296219/anyname.exe

    https://cdn.discordapp.com/attachments/910281601559167006/911516894660530226/PBsecond.exe

    https://cdn.discordapp.com/attachments/910842184708792331/914047763304550410/Xpadder.bmp

Extracted

Family

raccoon

Botnet

bd3a3a503834ef8e836d8a99d1ecff54

C2

http://77.73.133.7/

rc4.plain

Targets

    • Target

      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231

    • Size

      3.5MB

    • MD5

      d0c77a8d28ac7ed062de16103b7b7a9e

    • SHA1

      2aff43098626864c0bbb1ab5463683321b54cdcd

    • SHA256

      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231

    • SHA512

      05d6e0f5d3677e1cc268ecc1ad3d5e1b7925f61bfa0e91516805d19b44a776fc7bad0725809109ab62b73916d5bc92a09e22d8f4fdfa3e191347c2ba066a7120

    • SSDEEP

      49152:bDLaXbiwy/9Zxi9wrxqeMho8OYetIqRLC4GBN0ILUMh+l4Im2ZvrOYa7DYya/Ku8:3OXzEnkGxqeQohS8LCR4kL7Hcdfro/o

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      2d8ea1230d6d994febd35edec21f298efe7e1a2a6f75d00a691035980f30a5aa

    • Size

      786KB

    • MD5

      7185834758af3441e82bba85cd5b8ff0

    • SHA1

      58520459530dcd3f840825b540d02b0a86590b86

    • SHA256

      2d8ea1230d6d994febd35edec21f298efe7e1a2a6f75d00a691035980f30a5aa

    • SHA512

      9a99d1a453a830b8c17e42e9c746b12483f3c9e8585e94e6a615b8d50cbf612610628670d8e261bab1450ed8ed7c1dac9ad7e04e1723a545325cbea098b734e8

    • SSDEEP

      24576:26UqGLpGLMMMHMMMvMMZMMMKzbKXOMMHMMMvMMZMMMKzbKXT7GLMMMHMMMvMMZM0:Z6MMHMMMvMMZMMMFOMMHMMMvMMZMMMFi

    Score
    10/10
    raccoonbd3a3a503834ef8e836d8a99d1ecff54stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      34dba85bb25c6589d0a5befe607e52b82a740402b92dbb5989797a523fb7561a

    • Size

      215KB

    • MD5

      926677dc69319999351c0771c03ca302

    • SHA1

      0d36a4435c234015d7c3207762b08c1924272753

    • SHA256

      34dba85bb25c6589d0a5befe607e52b82a740402b92dbb5989797a523fb7561a

    • SHA512

      3e34fb409fec7dbe39a6f3e19a0db3f97ac944dfa0c0ffecc00d5510285fe99f42ba80cb6a910f834cb7ba47b487329dc1facc168ce970de34a8e2a32c5abe42

    • SSDEEP

      1536:8I47GyTGCwiSnmQUt0LB18rs5gc3H2KrmswOOF+xcYPit0AQ:8vGyYiSDnt18w5X3HrrmsQMxDqqAQ

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral5behavioral6

    • Target

      463d0b090396ffa05d579521256e421080a955415554feebe490482551eb08ea

    • Size

      8KB

    • MD5

      fd1489c65b0d75f4cdc7b1f2634b5359

    • SHA1

      f8431629d627f8dc13ca486e8b5d0a46f47d46fd

    • SHA256

      463d0b090396ffa05d579521256e421080a955415554feebe490482551eb08ea

    • SHA512

      e4fc02e1567e188caaf67ccd3a068e6b9db1c20b22a6949ec9ffd9d1a037afe36d744ac8c94a0fd5df55c7e2a51c10a9bcf05c3274175c8296cf16be718a99a2

    • SSDEEP

      96:a9hcOxiPwrltSJ1+pa/4/pzzkZj6tfCIQJ25FsfQungwffm2gbFnU:avc4rvpPd4Z+t6BJyungwffPZ

    Score
    1/10
    behavioral7behavioral8

    • Target

      4bcf45bde8ef34c0afeea288098cf34da11c2748eead6cf4752db1a4a2e79c39

    • Size

      720KB

    • MD5

      deece2ef4fe8f9c0c587d67ecb2d1fa4

    • SHA1

      cf7588cf77acd63a4ecf3f554e1672708ee4eaac

    • SHA256

      4bcf45bde8ef34c0afeea288098cf34da11c2748eead6cf4752db1a4a2e79c39

    • SHA512

      c062403aaccc83f090704f79540d22f4a6d7de7d18de1297d3170ebb9653a8e40ec3719e45f91782c2eb4829ba623aba3b3040ab716901dc81d939356a21ebd6

    • SSDEEP

      12288:+SipcKrMXnVVLsx7i0ioWvVGYmp7aGEiN8ut/DIXIrVO6b04huXB1lyqmxlz4lVP:fipcKOnVVLsxXEir/DqIrVG4eyjbz4zP

    Score
    1/10
    behavioral10behavioral9

    • Target

      5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce

    • Size

      450KB

    • MD5

      47d4b2fd7654ad71026eb66dd2aa5d97

    • SHA1

      dabbda8e945fadee09c5bbee1b0ed9a4036038f5

    • SHA256

      5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce

    • SHA512

      3412e220dfcfa4401b03e0ca36c55c03f65bc92016a5a52db625a16c4e1171b1305477e9b461f3aaffeafcae99ccfdf1c9e4729695007718469bda1d753f28f1

    • SSDEEP

      6144:Z8fFQo+7Q0H3y+nvEGiBpYbgBUR4JttcBDlxdwpfxfBThM9eo1I7u0Kry2wej99u:ZYFiISM5jY9IfBTy9eo1dC

    Score
    10/10
    redlinenam6.1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral11behavioral12

    • Target

      6babc5b52d59c0b41e526f06b9e751aeef7ad6fc8b9eef5f56f95d4e3cded853

    • Size

      3.4MB

    • MD5

      4d536854aa5cbf1fc1c7d2cfc8ee65f6

    • SHA1

      d29e0930c73e808b394c082e372033b0e57bc8b9

    • SHA256

      6babc5b52d59c0b41e526f06b9e751aeef7ad6fc8b9eef5f56f95d4e3cded853

    • SHA512

      1aa95fa137e5fc15b56f2155877f23e6609a440f22d143daff0436c0573ec75c528cb2a4af6d76b29085187ba2bc7ea105af65a89559445f248b466cd0079ad4

    • SSDEEP

      49152:naJlbM2hKrp949JqBaaI8zAlhSQrhF0Cph4D4QGpUFCU/rc6jQ6qv/:Ei94AIRSQrhF0K2DX6U/rk

    Score
    1/10
    behavioral13behavioral14

    • Target

      85b73b7b3c9acc6648beb77ce878ebeea26a2a949bf17c3184f2bd4544d12b45

    • Size

      4.8MB

    • MD5

      854d5dfe2d5193aa4150765c123df8ad

    • SHA1

      1b21d80c4beb90b03d795cf11145619aeb3a4f37

    • SHA256

      85b73b7b3c9acc6648beb77ce878ebeea26a2a949bf17c3184f2bd4544d12b45

    • SHA512

      48ed604ea966a35cc16631ce5da692bb236badafdb6d3d01ef3a27ab5a9c1ea6a19d6e8209c894ab292614cfbd355c2ca96401fd4dbb9a3abbfd886cddae77cc

    • SSDEEP

      98304:GiIOIQKetb5uDv/tFAOoLKSIc5EP61wNYZiu7JfQmEM9:rIbCEA1EP614g9fQm59

    Score
    10/10
    privateloaderevasionloadermainspywarestealertrojan

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15behavioral16

    • Target

      8eb41b097a51665e2a51b7d055260ea06b5224123450a147080de0a0ebcb4fff

    • Size

      7.3MB

    • MD5

      83dbe0cb14f889e38fc0f8889842cf9d

    • SHA1

      ded313ca908136000fd9e5f623dcf0974e2b5f30

    • SHA256

      8eb41b097a51665e2a51b7d055260ea06b5224123450a147080de0a0ebcb4fff

    • SHA512

      ad4bef13d8b816dc81b42e0a2983cedd8c1b66bb15ffff93d908dd8bb78621c2ec690c44dc01bffb3a378159c42c7552ebd27bdb889eb13351a85a26d61fbac6

    • SSDEEP

      196608:91O0G+ffRqHIxpuBM9lsB1veokOefmev7+RND:3OL+ffRqoxpAQi0POcmez+LD

    Score
    8/10

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral17behavioral18

    • Target

      932380926bc6bffcdf0bc446af37d140ce22426f651679e3b7d1c8fea83d14ef

    • Size

      2.4MB

    • MD5

      989cb0bfa4cc0bd8e8302f47add8e368

    • SHA1

      515b82386397ec822edbce6f24a6c4b9d13b0344

    • SHA256

      932380926bc6bffcdf0bc446af37d140ce22426f651679e3b7d1c8fea83d14ef

    • SHA512

      9211bb8622c7dee790db4847a9095bfd8dc48d324a400f374ab42ce65c1e2295cc6392a16e031282f6b3fa29a1881487016c9b817e05d65420d7db41f4548583

    • SSDEEP

      24576:pu4wFHPSaD/zXFRRhOnYQb6VOOmWC9+HW0MigJS3Cd+XHKrQD2YR:

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral19behavioral20

    • Target

      9d8729b9ca0547bf3679e88b9c2c5ae941fcfe67dfd7dfc598cb304d6624ddde

    • Size

      6.3MB

    • MD5

      ded964e022a37d93d434091ec75f9881

    • SHA1

      e89a551ac1f19dc3838e21157667e2f98d84d06b

    • SHA256

      9d8729b9ca0547bf3679e88b9c2c5ae941fcfe67dfd7dfc598cb304d6624ddde

    • SHA512

      13f0873cc797eeb7a4a1606ea3dc95f0d1f96bf1dfad286ee3959f0b885426214c24c1ea2422a46191f78063b75200d7ad9065d5654a7758086a9e41f7cf75af

    • SSDEEP

      196608:91OEVXHF+E/eq7QuIUVUMxVuAK1X84eu/k9RD13q:3OEVV+tq7Q7U62AAi84VkF13q

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Drops file in System32 directory

    behavioral21behavioral22

    • Target

      9e147a3bb22a10fe3f032dda125b871c7892065a68acd85de372e4622ec2a753

    • Size

      1.8MB

    • MD5

      6df29a5803a4576a90b6d9cc44b622bc

    • SHA1

      7bed517810e102847d8679aaa3a1caf7ae1a6064

    • SHA256

      9e147a3bb22a10fe3f032dda125b871c7892065a68acd85de372e4622ec2a753

    • SHA512

      38267fca5b28db2e85663bfe075307cfd66e8fd6c30303ad9840a1c04ab287232d700fbca506d837c2c927f46b738999a3de40747dd064ddf3a9dd025cf882a2

    • SSDEEP

      24576:hQTh2cyxiz583hZprjumLzu2O7K8HzxemmF2ZvgsnJQ9q12BL7TLhn5c0ANTyKmz:15Q831o2cHtemmFoDQ9q12BLTh+0u+b

    Score
    1/10
    behavioral23behavioral24

    • Target

      bccfdc8e1ac04a684732b0011d6b512118d3b6fb5a249803cd2e87427a965296

    • Size

      1.7MB

    • MD5

      e9118e77017247f6e5d4046ce9dad8b6

    • SHA1

      8204f61940dc697bf1d96e5a1625629ead242275

    • SHA256

      bccfdc8e1ac04a684732b0011d6b512118d3b6fb5a249803cd2e87427a965296

    • SHA512

      027a2e262975982f0de9a6be165b77edb037beca0ecfa38a3c4f63aae07416aa688767fd50cf0bf1a5c492d9ee6d04c72aefb3a90ae31a7de1ce088964f5bdaa

    • SSDEEP

      49152:H6M6Zsl+0dOuD2rmHiSCYK64SDq2zPrBLNTyCrxw:H6pZskpuD+gGYa+zBL05

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral25behavioral26

    • Target

      bf5a9bb619ac4bdad9a043f41b3980bf442f3965564ce612ced3cb2352311fd7

    • Size

      44KB

    • MD5

      caef853daea33a8898555fee1d45e093

    • SHA1

      f32005ded199e821ef77d501f8368a9dcc89c20c

    • SHA256

      bf5a9bb619ac4bdad9a043f41b3980bf442f3965564ce612ced3cb2352311fd7

    • SHA512

      b9e37d92c74d9b0677c1c7f8ca2e68fbda5d04b2ca206f6b5401d32073c798a827c6cf449ccecf9c6b58ed15b3ca18b4ba0b5c53c0566ca194affc5eb411a92b

    • SSDEEP

      768:8jYeM17XpwE3sKfkCbJokUP/W1CqpBoa8PP:feW71D6xP/WIquPP

    Score
    1/10
    behavioral27behavioral28

    • Target

      d0017384df7b41aba785a35c92082d1460af89204cfae22e6173eaebe16b270a

    • Size

      95.4MB

    • MD5

      6d08fd7ee7d279585077bff3b77c9cf1

    • SHA1

      09918a40856f17990378fcf280d3ce399d1bbdde

    • SHA256

      d0017384df7b41aba785a35c92082d1460af89204cfae22e6173eaebe16b270a

    • SHA512

      9673687f67aecefaeeb24104cea85632a89ca4533fe668a14a99cc05ff2fd0e399b8ff62c1716f933884bc160639ca9245fcfaf70dbc32cd8180e55808cf7e01

    • SSDEEP

      96:wCuMxH2gn9Qr393iMMQGjHJvVkOoEV35quW/2viMffthpl4WUl4hbFnU:wCNn9Y95MLkOoEVFNviMfftl2

    Score
    1/10
    behavioral29behavioral30

    • Target

      d72aa8fe30b132afe13a9be90142550b530d9687aff41954bbd3503115f37489

    • Size

      87KB

    • MD5

      769df9e877f419beb20a34515a4b211f

    • SHA1

      8de6ec68b339a3f8761703b20a3cfe1c4370f532

    • SHA256

      d72aa8fe30b132afe13a9be90142550b530d9687aff41954bbd3503115f37489

    • SHA512

      ef19bd14aac3260be66a30ff21fedf181ece14fb67e76546fa41b6462f2514645c0c2cd0a6244be1b03af71459114c66f28bc588eabaab3d340071a80aa8d8ea

    • SSDEEP

      1536:VpQKRk5UqXbkb2bM5XiE6cuR0Zng71jahYQeEmus8jcd3WWn7q:r6rkb2b6S3cuREn0ahZeEmr3WWn7q

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

2
T1064

Scheduled Task

3
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

3
T1053

Modify Existing Service

1
T1031

Privilege Escalation

Scheduled Task

3
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

5
T1112

Scripting

2
T1064

Virtualization/Sandbox Evasion

1
T1497

Disabling Security Tools

3
T1089

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

13
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

19
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

vmprotect
Score
8/10

behavioral1

vmprotect
Score
8/10

behavioral2

vmprotect
Score
8/10

behavioral3

raccoonbd3a3a503834ef8e836d8a99d1ecff54stealer
Score
10/10

behavioral4

raccoonbd3a3a503834ef8e836d8a99d1ecff54stealer
Score
10/10

behavioral5

persistence
Score
8/10

behavioral6

persistence
Score
8/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

redlinenam6.1infostealerspyware
Score
10/10

behavioral12

redlinenam6.1infostealerspyware
Score
10/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

privateloaderevasionloadermainspywarestealertrojan
Score
10/10

behavioral16

privateloaderevasionloadermainspywarestealertrojan
Score
10/10

behavioral17

Score
8/10

behavioral18

Score
8/10

behavioral19

Score
5/10

behavioral20

Score
8/10

behavioral21

evasiontrojan
Score
10/10

behavioral22

Score
8/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
10/10

behavioral32

Score
10/10