Overview

overview

10

Static

static

10

137b35a162...4d.exe

windows7-x64

137b35a162...4d.exe

windows10-2004-x64

2030669b9d...1f.exe

windows7-x64

10

2030669b9d...1f.exe

windows10-2004-x64

10

241b251516...7b.exe

windows7-x64

10

241b251516...7b.exe

windows10-2004-x64

10

4ae73bfefe...44.exe

windows7-x64

10

4ae73bfefe...44.exe

windows10-2004-x64

10

4c312e3cce...5c.exe

windows7-x64

10

4c312e3cce...5c.exe

windows10-2004-x64

10

540eb4eb6d...67.exe

windows7-x64

10

540eb4eb6d...67.exe

windows10-2004-x64

9

5e1a82be9d...ee.exe

windows7-x64

10

5e1a82be9d...ee.exe

windows10-2004-x64

10

a9b51a1c84...5e.exe

windows7-x64

10

a9b51a1c84...5e.exe

windows10-2004-x64

10

abbaee1408...19.exe

windows7-x64

10

abbaee1408...19.exe

windows10-2004-x64

10

ba794fac4a...ff.exe

windows7-x64

10

ba794fac4a...ff.exe

windows10-2004-x64

10

c2d55f54c2...12.doc

windows7-x64

4

c2d55f54c2...12.doc

windows10-2004-x64

1

e42d6acc64...6d.exe

windows7-x64

10

e42d6acc64...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10419957019.zip

  • Size

    7.8MB

  • Sample

    230510-rx1jesge79

  • MD5

    d4382a2bf9bedb470e4f8769a575f8a4

  • SHA1

    f59bf67aa88d4f210f44a52789b627fdbd27e65b

  • SHA256

    f65ae8f2b7540ff93010945ecba328569fa0d193545b422d02145cb92e811f9c

  • SHA512

    5143817b684993399aab407481b4ae14590b8be5ed8718e2f501ec7e6bffd217e72e0a66b9a294a7af1f3915a1822382d3f371ba8bfe0f1e339e2b1162a722d8

  • SSDEEP

    196608:wPdG8BWPdG8BcDWzNDth2CyMOxw4WL9eySwpDxScyCuk:wavNZ0xMWT63dpbAk

Score
10/10
adwindhawkeyem00nd3v_loggercollectioninfostealerkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.tcci.org.sa
  • Port:
    587
  • Username:
    fahad.s@tcci.org.sa
  • Password:
    Brown3044

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.tcci.org.sa
  • Port:
    587
  • Username:
    salem.jaza@tcci.org.sa
  • Password:
    Brown3044

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.tcci.org.sa
  • Port:
    587
  • Username:
    cbwy@tcci.org.sa
  • Password:
    Brown3044

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.tcci.org.sa
  • Port:
    587
  • Username:
    mfrhan1@tcci.org.sa
  • Password:
    Brown3044

Targets

    • Target

      137b35a1620fae21dec2f0c3a131d9a0d29cfcd9e82ce8f834eb77d4f4016d4d

    • Size

      520KB

    • MD5

      b315a288273055d8a43a06b32a1de187

    • SHA1

      fc5a8b8d6db2a078c00fac9b1c3ab136f860f01f

    • SHA256

      137b35a1620fae21dec2f0c3a131d9a0d29cfcd9e82ce8f834eb77d4f4016d4d

    • SHA512

      5bcc6c2a26da57d43b749f35dd182b388b6f352ac70dbc74edcb7b365e79d2a7e8433421be3686276f4859d4c1cc265732bb1f48c199b3f477a8db35c164e2e7

    • SSDEEP

      6144:nujqOoq5bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9f:5q5QtqB5urTIoYWBQk1E+VF9mOx9Yi

    Score
    1/10
    behavioral1behavioral2

    • Target

      2030669b9dc24b34099a10012ea0850380a10205475657c3f8e2d34b5e91551f

    • Size

      823KB

    • MD5

      65510e95f239192ac363a192203c1d2c

    • SHA1

      1f35acbc9389e21cfd77cc74f4b633d77b0c732d

    • SHA256

      2030669b9dc24b34099a10012ea0850380a10205475657c3f8e2d34b5e91551f

    • SHA512

      9c801085ad441790e8cb761fac082ba69fcb7fb47ee67773029072fd37c20c24214dc8a824a346d181cf0dec486dc4fc61162a0373e17e4ca90c5670f1316558

    • SSDEEP

      12288:d0ueVG7/ksXLRittWVAChSaglFAk+JFuLRGzD8PjDLAvJ9e9g0EjslPYHD+e8Rx+:3eE4skttWVAJayHLoDC/ABFaNYj1

    Score
    10/10
    m00nd3v_loggerinfostealerspywarestealer

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      241b2515168df42784e10af72536a6d661d8bd483abae1931d81f11c8ebcdf7b

    • Size

      688KB

    • MD5

      02e2a992875b23ec7aae8081b368b779

    • SHA1

      491b4ed14c4eccef51e4b980a59efeecea8b6dd0

    • SHA256

      241b2515168df42784e10af72536a6d661d8bd483abae1931d81f11c8ebcdf7b

    • SHA512

      44fec96393f437c7576f2c54cd7bb2d2fee82b3fe040240fda494ab71164301e621c2a2c54a1d2b272f89b8c9abc882b7e93d05a4a5af3cfba22ce8c3ed578c1

    • SSDEEP

      12288:WErur6nhxWCV8OO13OzEuXZtRLe8S542pExolJgiiy:WEarKhxWCcOz7XZrLYi

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      4ae73bfefefb1e74a928827cf4f59b3f136e739775209353af6d43bb5bde0d44

    • Size

      742KB

    • MD5

      0c27d36bd2796e873a7f5a45915e85b3

    • SHA1

      e6c30d3e932f6c00dac3c8d65edd59e3cb667a03

    • SHA256

      4ae73bfefefb1e74a928827cf4f59b3f136e739775209353af6d43bb5bde0d44

    • SHA512

      b705af364764061f7ed044771dc2ad48256bcc4a8166ef1bb3319bebdee440e172102000b02c4f8ea1b1d4f4594ba439a05efed895e033822a9462d98f8beef2

    • SSDEEP

      12288:g/MwIMg8dyQjNrrQzo6xAFix8eylAYjzFpRgeZL7+sHKd:g/SgXvQM2DdlYjvfqd

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c

    • Size

      658KB

    • MD5

      5e9a63f5b3d8f53478a2889c0eefd510

    • SHA1

      d6d545146b969ac2ea389a1f11ffcda377549da2

    • SHA256

      4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c

    • SHA512

      2ee785eafa4ff4e738f13c26659b479ef84d52977e0c6d054c4b38f228959a0909b8652923b821d557bef7ae3e5f129e6b2c5039b83bb1a71ef464d6e5ef5e87

    • SSDEEP

      12288:gXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:gXQnnYsNHXR9NlgobVcUK7UXrj++

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral10behavioral9

    • Target

      540eb4eb6d4b81ba016cea7899b4aa104a38d0a539bf018140fb552de00ee267

    • Size

      945KB

    • MD5

      8c954b7b1b63e226c6997b1e0260ba69

    • SHA1

      47676b03a41c3711842091156984754b25a4771c

    • SHA256

      540eb4eb6d4b81ba016cea7899b4aa104a38d0a539bf018140fb552de00ee267

    • SHA512

      c449ef2778e286c5add39c5bae7c9a0fd3fce23f034f68d4f49e9c0ac5373289d7d82d475253dbf984aaf4140023ba396556194de66182bcf3ab3fb71f4cbe2e

    • SSDEEP

      12288:ZV+mzTiV2KQ4p2+fk104bYOgTY3+0dXHjVqouwYnb3pENT4a/gFDV3MzQHmVbb:Z858F+81XYHTm+GoouwCZENVgH88HmVX

    Score
    10/10
    adwindtrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral11behavioral12

    • Target

      5e1a82be9d8f3ed23343ff5dd356625fabb8a16fb2e8e637051913a9f05342ee

    • Size

      908KB

    • MD5

      d37057ddacd28e391e837d5546afcb7b

    • SHA1

      a5991fc91e81dfcda292869010af0aa70265296a

    • SHA256

      5e1a82be9d8f3ed23343ff5dd356625fabb8a16fb2e8e637051913a9f05342ee

    • SHA512

      e3cb56df554309ba1d581c222f6b7ded1afb75f95f60ee13aa4c6fc153d61e03b61e9e83691f31d0dab06eba8c96cce963dba888912935b00e2357593095d5e5

    • SSDEEP

      12288:ybz6wJ9k3IpnZvQEh3QMm8nuO+oibB1Yy9P0XE4oK0jYdCeTdvnBn:Ov9Dp1Q03g8j6Fw9SYYeTdvB

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral13behavioral14

    • Target

      a9b51a1c8409470cf8204ec646aabdd91cf7aa424dfaeaf5e58447e65065925e

    • Size

      692KB

    • MD5

      21a98f442dc499874eee65be09e23256

    • SHA1

      b220652614f3f561aa690ef5009c655bb31956d1

    • SHA256

      a9b51a1c8409470cf8204ec646aabdd91cf7aa424dfaeaf5e58447e65065925e

    • SHA512

      6dbd625a43d2da5bb9743a01e748c71c0654f9c71229ab1b5e4973a9b12f657f4d301f6a8cada418bad21009f0596b78cda4745fc896fd3bac02974c800401f0

    • SSDEEP

      12288:ZzgmdXs3Q7Rxyb+xM3A4qte6gvV696oYd+eufXpaIJYHjDDU:5gksGcC2TxN69HY+fp/S7U

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral15behavioral16

    • Target

      abbaee140815099a2d6b0d4edbc24c39f18bb451a32e67a18c511c7a164b7e19

    • Size

      667KB

    • MD5

      389c57aa4b5b8c0d95e6796d290f6777

    • SHA1

      14438e62e33f94128d5c5db261b31d9608c57ec0

    • SHA256

      abbaee140815099a2d6b0d4edbc24c39f18bb451a32e67a18c511c7a164b7e19

    • SHA512

      9eeaec1376239284d75c096256c3183bb0951bf070905b58ac228da63f3a3c55c00d9fd496a07864691923ea8876ebe3cfa6438ab759d89b76a22abc090e9db8

    • SSDEEP

      12288:xHV8idMlURaewENwQYSE0DMIwyVcIz3jSXlT8nHX395J7ecUppB:x8lURpmShUkslT8noc+

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

    • Target

      ba794fac4af75d1fb23270a772d17d36b2d84606cffb38a991e41a22a21b7cff

    • Size

      692KB

    • MD5

      c9dfc04b8b0c393c1fb835b1f2f20ea4

    • SHA1

      5d91d43f27be4899646ce6cd9108c28976f03fab

    • SHA256

      ba794fac4af75d1fb23270a772d17d36b2d84606cffb38a991e41a22a21b7cff

    • SHA512

      f05d077693cb94eeb820127541ce06258e5dbb79aa0a9d0c613db820ed24036875377092d25a8af3ffec34159ab519d5175ccd02dcde41e2114468256552cf25

    • SSDEEP

      12288:ZzgmdXs3Q7Rxyb+xM3A4qte6gvV696oYd+eufXpaIJYHjDD:5gksGcC2TxN69HY+fp/S7

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral19behavioral20

    • Target

      c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12

    • Size

      679KB

    • MD5

      7f075616272cca52e731c11080d0f3ef

    • SHA1

      b5142fe556fc114eb221c4b14ad9d19c9e83fe83

    • SHA256

      c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12

    • SHA512

      f9fe3bb4f04138c8c924a74f35c293cbe3e777a6f2993c0352e4de9f6677807fcb982190d2a070925ee7a6810a136f2f7c1358babe5e8087736513f6b77982a7

    • SSDEEP

      12288:WXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:WXQnnYsNHXR9NlgobVcUK7UXrj++

    Score
    4/10
    behavioral21behavioral22

    • Target

      e42d6acc643608d3be98a986efbb2ae23865c200b4f029182943a8b6447acf6d

    • Size

      667KB

    • MD5

      8d923060ac86ddf3131462a79e04f36d

    • SHA1

      0f8361129ca20a043a4f94ac41966455e7dce031

    • SHA256

      e42d6acc643608d3be98a986efbb2ae23865c200b4f029182943a8b6447acf6d

    • SHA512

      6fe596e89589edff232ff30d757de76c3bb71789013f612614bda2fa518e12a331989a80300ff6c79ff82e966c9dee6cf86fc2ad2b234fa892205fe788078c5b

    • SSDEEP

      12288:kStGqjTO/gykX58BC0MA9dtDoMASkQgT9QFaI7jcQHWbb4E2VVmY:hjuTFMysFSa9kjcs7E2

    Score
    10/10
    hawkeyecollectionkeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral23behavioral24

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

9
T1064

Persistence

Registry Run Keys / Startup Folder

8
T1060

Privilege Escalation

Defense Evasion

Scripting

9
T1064

Modify Registry

9
T1112

Credential Access

Credentials in Files

8
T1081

Discovery

Query Registry

12
T1012

System Information Discovery

22
T1082

Lateral Movement

Collection

Data from Local System

8
T1005

Email Collection

8
T1114

Exfiltration

Command and Control

Impact

Tasks

static1

Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

m00nd3v_loggerinfostealerspywarestealer
Score
10/10

behavioral4

m00nd3v_loggerinfostealerspywarestealer
Score
10/10

behavioral5

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral6

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral7

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral8

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral9

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral10

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral11

adwindtrojan
Score
10/10

behavioral12

Score
9/10

behavioral13

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral14

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral15

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral16

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral17

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral18

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral19

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral20

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral21

Score
4/10

behavioral22

Score
1/10

behavioral23

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral24

hawkeyecollectionkeyloggerpersistencespywarestealertrojan
Score
10/10