Overview

overview

10

Static

static

10

Samples 6/...ca.exe

windows7-x64

7

Samples 6/...ca.exe

windows10-2004-x64

7

Samples 6/...4e.exe

windows7-x64

10

Samples 6/...4e.exe

windows10-2004-x64

10

Samples 6/...31.exe

windows7-x64

10

Samples 6/...31.exe

windows10-2004-x64

10

Samples 6/...4b.exe

windows7-x64

7

Samples 6/...4b.exe

windows10-2004-x64

7

Samples 6/...1a.exe

windows7-x64

10

Samples 6/...1a.exe

windows10-2004-x64

10

Samples 6/...18.exe

windows7-x64

1

Samples 6/...18.exe

windows10-2004-x64

1

Samples 7/...22.exe

windows7-x64

3

Samples 7/...22.exe

windows10-2004-x64

3

Samples 7/...41.exe

windows7-x64

10

Samples 7/...41.exe

windows10-2004-x64

10

Samples 7/...62.exe

windows7-x64

10

Samples 7/...62.exe

windows10-2004-x64

10

Samples 7/...c5.exe

windows7-x64

10

Samples 7/...c5.exe

windows10-2004-x64

10

Samples 7/...a6.exe

windows7-x64

10

Samples 7/...a6.exe

windows10-2004-x64

10

Samples 7/...64.exe

windows7-x64

10

Samples 7/...64.exe

windows10-2004-x64

10

Samples 7/...a5.exe

windows7-x64

10

Samples 7/...a5.exe

windows10-2004-x64

10

Samples 7/...0d.exe

windows7-x64

10

Samples 7/...0d.exe

windows10-2004-x64

10

Samples 7/...de.exe

windows7-x64

7

Samples 7/...de.exe

windows10-2004-x64

7

Samples 7/...de.exe

windows7-x64

10

Samples 7/...de.exe

windows10-2004-x64

10

Resubmissions

07-01-2024 18:26

240107-w3ameabffn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Divided Threats.zip

  • Size

    198.9MB

  • Sample

    240107-w3ameabffn

  • MD5

    f6fed4cd5f732c98e95cb2d633b6b88f

  • SHA1

    bd61e60312f1e0ec86b24196f44e8f9275de6cf1

  • SHA256

    42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

  • SHA512

    0bf8b62091061100fb81e8a328e738bce4e3ba733a2a47f808b4b3e44f519441883c72752f654c217b7c354c99894515ed8db92c647587a415d1dfc4d96d68f8

  • SSDEEP

    3145728:BHVJkRpdd5SZKO1E2AH57+eBlBtqVJncR6nl4DpAlAR8bpwBZkzxQxqi:9AddkHedtqbAYob0I+1C

Score
10/10
gozilummanullmixerprivateloaderraccoonredlinesectopratsmokeloadersnakekeyloggersocelarsstealcvidarzgrat5ba094fed1175cc7d1abb03fa165c23c706@oleh_pspab777pub4aspackv2backdoorbankermicrosoftdropperinfostealerisfbloaderphishingratstealertrojanupxvmprotect

Malware Config

Extracted

Family

raccoon

Botnet

5ba094fed1175cc7d1abb03fa165c23c

C2

http://79.137.207.53/

Attributes
  • user_agent

    901785252112

xor.plain

Extracted

Family

privateloader

C2

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

http://45.133.1.182/proxies.txt

45.133.1.60

http://37.0.10.214/proxies.txt

http://37.0.10.244/server.txt

37.0.10.237
Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Extracted

Family

stealc

C2

http://robertjohnson.top

http://jaimemcgee.top
Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain
rc4.plain

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dpav.cc/tmp/

http://lrproduct.ru/tmp/

http://kggcp.com/tmp/

http://talesofpirates.net/tmp/

http://pirateking.online/tmp/

http://piratia.pw/tmp/

http://go-piratia.ru/tmp/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

@oleh_ps

C2

194.169.175.235:42691

Extracted

Family

lumma

C2

http://oluaskaz.pw/api

http://zamesblack.fun/api

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

smokeloader

Version

2020

C2

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/
rc4.i32
rc4.i32

Extracted

Family

vidar

Version

40.1

Botnet

706

C2

https://eduarroma.tumblr.com/

Attributes
  • profile_id

    706

Extracted

Family

gozi

Extracted

Family

vidar

Version

40.3

Botnet

706

C2

https://lenko349.tumblr.com/

Attributes
  • profile_id

    706

Extracted

Family

redline

Botnet

pab777

C2

185.215.113.15:6043

Targets

    • Target

      Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe

    • Size

      7KB

    • MD5

      9612c12e7c958af8eddf9ebf341ad754

    • SHA1

      39a96f9934706cc22a34a9398dc1dd4e7d03d738

    • SHA256

      c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca

    • SHA512

      d13a58955741eaa148b7fd55ad690e7f4c9fa53beb06dbc4a6b5ef527bfb23ef9999e2ea5c0ed93ddc519e410f6f6f6ea16cad9702eaa21e08e2bc69bcbf9c22

    • SSDEEP

      192:HpEwzsViovM7q1YpmYiogbJgigbGgJgigoD9NwEt:HpEwIIj7+YptYPv8PVH

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe

    • Size

      4.5MB

    • MD5

      d165d4e09ea0624e62fd5bd90fe68c96

    • SHA1

      9a95939bdfface20125f497c54eda3f3d421e790

    • SHA256

      c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e

    • SHA512

      95d2d8ef66c8d5203398048279f1bb250faccf362359e51e364974ea00d88aceec9d9883a47176b9dc2ba1dd1a81232f4318a61b7b14aa643394873c4cce6ec1

    • SSDEEP

      98304:LhX2dkgF2fKzz5du5XdYQokRicv/f6qzT0rh:LhX2dZF275XdZYcvHvvch

    Score
    10/10
    lummazgratratstealer

    • Detect Lumma Stealer payload V4

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe

    • Size

      3.2MB

    • MD5

      af1d425db05520962f4a587ab397f188

    • SHA1

      51d4246fe8af0eeedd6e53da017a77ca265e9033

    • SHA256

      c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31

    • SHA512

      00de0b42fef04aa38664bc085130d0aa6e15ec456a566ad6bfbf295563507ff9d41d6864b2876db2334437a538149fbb25e6938c8912e57e38267cfd5f85325c

    • SSDEEP

      98304:/d4Y8CE49/sE8ZGPTJFLehalsqqXlGbaWaE0QMf9410wD:/l8fYsj8THLnGqcl7NZQMl4Sw

    Score
    10/10
    lummastealervmprotect

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

    • Target

      Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe

    • Size

      92KB

    • MD5

      e63a11b2e2e6bcfa68011a56ac95bcbb

    • SHA1

      3a43758c8f5bf1fd80b44d7dca6adaebd242ce59

    • SHA256

      c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b

    • SHA512

      03bdecf2da756f32b7a19ca36cb0b272a15357fd0b1b124268400606aaea9c99e65ed440933c11ccc44a506aba50941f2afcb2fafab75979feb703a8b4e91bb7

    • SSDEEP

      1536:f9HMlaocok7dJK4Rm7mUBAMs0q4gF693F7hmE5hOy:f9H75dJKWohBAMs0qC7

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe

    • Size

      248KB

    • MD5

      14c45fa75b1f8644c5fe37ca234a456b

    • SHA1

      056713d15dfa8032597aac2e3f61e6a5794a53e8

    • SHA256

      ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a

    • SHA512

      b6f212cbb3255c2da4d1935507c5f83833bbeea3b6aca7c0632852db2018dc1a667756b8693a50793cc1ea75296fc13b60eea8c0b645a9e7c901a69a6adbbc21

    • SSDEEP

      3072:A9orP+stnvfG4+zxvGz/QUVcRe/1nkJuTby/cT2cARxVC09++zu:SoCshG4qx1UVco/1aYySAR+

    Score
    10/10
    smokeloaderpub4backdoortrojan
    behavioral10behavioral9

    • Target

      Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe

    • Size

      481KB

    • MD5

      36c2d74bceab2c50a296b5f5e46bdd50

    • SHA1

      b163c905cacce0fee43bb55b00c7c0a410e1c676

    • SHA256

      cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18

    • SHA512

      e17f5351e5dc007cf27439d80bf991673f3444fdb46f9ef858657bc3691380783d5f3ec4574b37d404777b3369c24a882c0aec9a852c152468c201e5d66d3f51

    • SSDEEP

      12288:DooLY/n57gQhzUz7fZTnYr2HoFT2da2Xh90YKKIfJ6Mzb7QSJzHIw2Z:DooLon57xzU

    Score
    1/10
    behavioral11behavioral12

    • Target

      Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe

    • Size

      89KB

    • MD5

      dc534760d1110201433d670e90ac2ed2

    • SHA1

      4ece22c0a4bde2a2f2936d87d9d6acb5668c3c78

    • SHA256

      d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122

    • SHA512

      e9889d072e9cb89201d5a64c7b507066f3edd8e4cf5cc56dea82677f69fb00fff5f1fe627ac9612e9bbd2d864afc91251313e32a403462f1fc572121240e3f99

    • SSDEEP

      1536:J7MGuViupm7ir2Ooe+JciT1GdeYH2JaGdVtcrYxam5+s8jcdGhWfM3IP:J7jYZoBPTcYYH2cG6r4J7cWU3Q

    Score
    3/10
    behavioral13behavioral14

    • Target

      Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe

    • Size

      211KB

    • MD5

      2fb4f825fe7e8c33bf88366773d31496

    • SHA1

      92593d08d2e69097fbd838347458e1d1fbcb83c1

    • SHA256

      d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541

    • SHA512

      65b6d2d0609489219b598e43a9b8411b94f67eeacd0cb637cb8d3d0bd433454523dfc824c7142a42407d9a4cd669c6acc1edf10bcc0de9f498bf53df7fdc3ec9

    • SSDEEP

      3072:L5XKAfS4mUPjUtn7uNs8horIYjUi9Uf07kvTavE1Sxpx5rx5t5ZO:hKoS4FPYhuNs8iMG9RvvEs7xV5

    Score
    10/10
    smokeloaderpub4backdoortrojan
    behavioral15behavioral16

    • Target

      Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe

    • Size

      269KB

    • MD5

      f97a56229d045c69e57ced05b232b47e

    • SHA1

      6fc187c34b895c0ecbf357db2cd931b96d55623e

    • SHA256

      d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62

    • SHA512

      c1c2dc4d3e1226309b45b814bf6eb1f2d607ad2f4d9d2374f068bc44e899d74415a77d76316ef84e149a5f1b0bb8fe0ca03e46aed0fea240d1503bdab2f9cb70

    • SSDEEP

      3072:cqBgyZEzcpiFToN/3rHpak/bjKVdRPBjgN1nPYkqoHUDIKNHQ44:c9FToN/7Hpak/HKpBjgN1jqfJH+

    Score
    10/10
    redline@oleh_psinfostealermicrosoftphishing

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral17behavioral18

    • Target

      Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe

    • Size

      254KB

    • MD5

      cf5cb731825863750c4b86a3df164db7

    • SHA1

      044889a9bb37f16cc09c6217006e74c1b6aba492

    • SHA256

      da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5

    • SHA512

      d8345f6cf580d1d29998e2b54facb82807e07a0a03539475e4bf7b8d21e91d60117057a28220d0f033f8c2c9ce36b3143ae511d639a7f446064c0cf32e9f6163

    • SSDEEP

      3072:NFRbzeTt7LnZ+TCUOM6qvzPOGQbFvSlnjWQYtJ4oEKq5X//lV17:XRbzep7LnoT/OxyTPIvSpS7tJC/vp

    Score
    10/10
    stealcstealer
    behavioral19behavioral20

    • Target

      Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe

    • Size

      5.3MB

    • MD5

      0943d1d429a98057dbd293bd3e25acc3

    • SHA1

      5cec545b9061ca87f2556409ebb965930b51cecb

    • SHA256

      dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6

    • SHA512

      4fd88ff35eddd0a26c604c831d14a5f32a8c98d8626c79cf2ff88d1ca47ad21b2cc0c10c463080abdbf1fd04603404c72149ce3cc11dbd433d73115562f7fcd8

    • SSDEEP

      98304:611Y2C1jo5h/lR77cMBUe+xsi9qah1ezissbulaIQA6PXcGQv9xdY/oRizbBAtq9:61CP1ohNDUrxwAgziXqlaFPXNQv9bY/P

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma
    behavioral21behavioral22

    • Target

      Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe

    • Size

      32.7MB

    • MD5

      d387e9154b7e93b35429a2a5e86b3571

    • SHA1

      e85d7e95e4412265baf4154d528923c127620253

    • SHA256

      dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64

    • SHA512

      57ab4dc4769b7d30a3f26213effa9d280b3a8f17498a78728638f07c4d28febff2d360e0da4fe06e1fbd9a70203872857e3b1a98ac9f904ddd7bac175ffa80ff

    • SSDEEP

      786432:kqmCRMv9czxZwPauDyfY+9mCRMv9czxZwPauDyfYH:kqmCRMylAauiY+9mCRMylAauiYH

    Score
    10/10
    lummastealer

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral23behavioral24

    • Target

      Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe

    • Size

      2.5MB

    • MD5

      e338fba38c82e46b25dcec3dce9ed5d1

    • SHA1

      7d76df722d5820c4a6320d26d9240264dab19b0b

    • SHA256

      dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5

    • SHA512

      99100aacc05d50f02d3a53fb2bd677deecf51c60e60f7559e0ff0d0d40ee6a86b81606638d619ea457454045efb240855097f8095f0396b6d24978b38ad8ab9a

    • SSDEEP

      49152:xcB/W2pZACrSaZjfBgNUIk5ZOwE1rmIvARVrxe8+ocT9L0pP5hYSnPdm9:xsWOCdcriNUIvdIRtE9oc9L0pPdnFO

    Score
    10/10
    gozinullmixerprivateloadersmokeloadervidar706aspackv2backdoorbankerdropperisfbloaderstealertrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • NullMixer

      NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

      droppernullmixer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25behavioral26

    • Target

      Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe

    • Size

      1.7MB

    • MD5

      710785459d065a7e822861764ec36480

    • SHA1

      d7d641f65e380e71f13dd04a6a37c903b532fb32

    • SHA256

      e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d

    • SHA512

      7fc4596b4cc119c9f939d4577e54c788dccd3c9aa84d8bfcd8dde14ee22da8b525b5c06201c045634e346444c78bf923c5e203e88af7717fac80178f52f7fa45

    • SSDEEP

      24576:TV+UOwZmL/nvlkykFlTrAEdghT0WUQ2YUhOxiq2p7j4jNyXpcHLYiSHdX3Ra/KhV:TXZnl3AEyRV2YUIxPsDnI/wM2

    Score
    10/10
    lummastealer

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe

    • Size

      414KB

    • MD5

      84b1f23a2a44bba69b9993d7d8f4508d

    • SHA1

      936b40a234c50d16d0ca31d98ae485de14f12d36

    • SHA256

      e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde

    • SHA512

      43e7c621560e1a8284a1c48d67b0b9940d36affb0f41f73c47e9300ac517d853059c827372eeca528d6cb9aba1f267d43e73aa6d6a6d66a740b039397a199e45

    • SSDEEP

      6144:Wucyz4obQmKkWb6ekie+ogU6BYv0znbHKN4BEN58ByW6i0zbcfp3wZhIDsk4ORw3:Wq4w/ekieZgU6u03GU6iScRAnISlx

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      Samples 7/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de.exe

    • Size

      5.5MB

    • MD5

      e425990e2dfd772af2eb898b2bd04bd5

    • SHA1

      78bbe7d94bc5f3f3f7fa61c547aba86882d0af55

    • SHA256

      e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de

    • SHA512

      68338bdee238995629517251f23e157b1be62818ead94a3416384a786735aa0473058cffeb36be18609ddfff8edf3a4c00e4b4a018ac3d24edd6c3a570581b01

    • SSDEEP

      98304:xfrRBIZXtvu4BmcHzF6dU98xmkFILPlKDtjZNlh8/zTNX+FB+pr5HWCY9Wr/G:xfrRqZXjmWmtxmkSLPkDXN0Tp+Fur5lk

    Score
    10/10
    nullmixerprivateloaderredlinesectopratvidar706pab777aspackv2dropperinfostealerloaderratstealertrojan

    • NullMixer

      NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

      droppernullmixer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotect5ba094fed1175cc7d1abb03fa165c23cloaderupxraccoonprivateloadersocelarszgratsnakekeyloggerstealc
Score
10/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

lummazgratratstealer
Score
10/10

behavioral4

lummazgratratstealer
Score
10/10

behavioral5

lummastealervmprotect
Score
10/10

behavioral6

lummastealervmprotect
Score
10/10

behavioral7

Score
7/10

behavioral8

Score
7/10

behavioral9

smokeloaderpub4backdoortrojan
Score
10/10

behavioral10

smokeloaderpub4backdoortrojan
Score
10/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

smokeloaderpub4backdoortrojan
Score
10/10

behavioral16

smokeloaderpub4backdoortrojan
Score
10/10

behavioral17

redline@oleh_psinfostealer
Score
10/10

behavioral18

redline@oleh_psmicrosoftinfostealerphishing
Score
10/10

behavioral19

stealcstealer
Score
10/10

behavioral20

stealcstealer
Score
10/10

behavioral21

lummastealer
Score
10/10

behavioral22

lummastealer
Score
10/10

behavioral23

lummastealer
Score
10/10

behavioral24

lummastealer
Score
10/10

behavioral25

gozinullmixerprivateloadersmokeloadervidar706aspackv2backdoorbankerdropperisfbloaderstealertrojan
Score
10/10

behavioral26

nullmixersmokeloadervidar706aspackv2backdoordropperstealertrojan
Score
10/10

behavioral27

lummastealer
Score
10/10

behavioral28

lummastealer
Score
10/10

behavioral29

Score
7/10

behavioral30

Score
7/10

behavioral31

nullmixerprivateloaderredlinesectopratvidar706pab777aspackv2dropperinfostealerloaderratstealertrojan
Score
10/10

behavioral32

nullmixerprivateloaderredlinesectopratvidar706pab777aspackv2dropperinfostealerloaderratstealertrojan
Score
10/10