Overview

overview

10

Static

static

7

FEhkB_OsaH...PE.exe

windows7-x64

3

FEhkB_OsaH...PE.exe

windows10-2004-x64

7

FQ5NRIxS9E...ni.exe

windows7-x64

7

FQ5NRIxS9E...ni.exe

windows10-2004-x64

7

GEWsqYhryx..._Z.exe

windows7-x64

10

GEWsqYhryx..._Z.exe

windows10-2004-x64

10

GcNRfPQrt7...0i.exe

windows7-x64

10

GcNRfPQrt7...0i.exe

windows10-2004-x64

10

HKPHM9s7J_...V8.exe

windows7-x64

1

HKPHM9s7J_...V8.exe

windows10-2004-x64

1

HyHVsV9i0L...Hy.exe

windows7-x64

10

HyHVsV9i0L...Hy.exe

windows10-2004-x64

10

JC2pSzOI0Y...qp.exe

windows7-x64

9

JC2pSzOI0Y...qp.exe

windows10-2004-x64

9

JntlxTU2VS...XP.exe

windows7-x64

10

JntlxTU2VS...XP.exe

windows10-2004-x64

10

LIAbdwyShK...Gp.exe

windows7-x64

3

LIAbdwyShK...Gp.exe

windows10-2004-x64

3

Ls1JHbNzSC...JE.exe

windows7-x64

10

Ls1JHbNzSC...JE.exe

windows10-2004-x64

10

Mr4X5srRQR...AN.exe

windows7-x64

10

Mr4X5srRQR...AN.exe

windows10-2004-x64

10

OEmxRS9Uai...jI.exe

windows7-x64

10

OEmxRS9Uai...jI.exe

windows10-2004-x64

10

OvVYhhgvd6...oB.exe

windows7-x64

9

OvVYhhgvd6...oB.exe

windows10-2004-x64

9

QKvpJeDIaP...YY.exe

windows7-x64

9

QKvpJeDIaP...YY.exe

windows10-2004-x64

9

fCe2q13vzD...Di.exe

windows7-x64

10

fCe2q13vzD...Di.exe

windows10-2004-x64

10

fyiHA5hP7V...Ui.exe

windows7-x64

10

fyiHA5hP7V...Ui.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ce1075c1eca41e5a2c2a86ef580496414f423529d6db4d4a4b25ecff9f767d1

  • Size

    24.8MB

  • Sample

    241107-mvp8fs1bph

  • MD5

    222664da85e63f004da7e6fc51fbfbc2

  • SHA1

    b2ee76debadac44993e2db0986131ad80426b5ad

  • SHA256

    6ce1075c1eca41e5a2c2a86ef580496414f423529d6db4d4a4b25ecff9f767d1

  • SHA512

    319b53e46ed904e09b60a3d48fbcf6230c2cc9afce39762370eb4a9e0ae6bedb73496173f5ef242a9bbd8c92ce2c16da4f8d35f25e34ed6d3c618e44095f326c

  • SSDEEP

    786432:yUnRIOjsR0PW/+5Ou0PW/+5OgoOicR2OjsC0K4hXdp6oOiK:L3sFnOnru1sC0K4NVk

Score
10/10
gcleaneronlyloggerredlinesectopratsmokeloadervidar23.08937@original_finestpub1test 22.08backdoordiscoveryevasioninfostealerloaderratstealerthemidatrojan

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

redline

Botnet

23.08

C2

95.181.172.100:55640

Extracted

Family

redline

Botnet

TEST 22.08

C2

94.103.83.88:65136

Extracted

Family

vidar

Version

40.1

Botnet

937

C2

https://eduarroma.tumblr.com/

Attributes
  • profile_id

    937

Extracted

Family

redline

Botnet

@Original_Finest

C2

159.69.190.155:35975

Targets

    • Target

      FEhkB_OsaHE2y08GZpzK8pPE.exe

    • Size

      90KB

    • MD5

      ff2d2b1250ae2706f6550893e12a25f8

    • SHA1

      5819d925377d38d921f6952add575a6ca19f213b

    • SHA256

      ca46080e121408d9624322e505dc2178ba99e15871c90e101b54e42ea7b54a96

    • SHA512

      c66544678f3dd49aa1a23cd459a556d923ba44c5d88334a165ea7bd16e4561955536546627b7e83bf1e759428c04b6312e08fdc8c2f6fab69cd29f3b62ce3d23

    • SSDEEP

      1536:lWvNrof2xIZ2ToPCt6VkPRYLUbrjhd3d7t20WYwuIJLO+s8jcdd1vzGHY:lWufhgTeCt0uREWrdhdY0W5uIVO77vKH

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      FQ5NRIxS9E6fSVzjWc_kvJni.exe

    • Size

      381KB

    • MD5

      58f5dca577a49a38ea439b3dc7b5f8d6

    • SHA1

      175dc7a597935b1afeb8705bd3d7a556649b06cf

    • SHA256

      857dd46102aea53f0cb7934b96410ebbc3e7988d38dcafdc8c0988f436533b98

    • SHA512

      3c75c0cbbbc14bd25b4feb141fd1595ce02469da50432fb48400eb089d6150fe87831ccc775d921eeec697af7aad33a35fadcfd2ec775aeee1ce34355af7338a

    • SSDEEP

      6144:x/QiQXCfoL8+Ee0CYDTAsdRa1OGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7f:pQi3foL8+iDNdRa1lL//plmW9bTXeVh8

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      GEWsqYhryxfuQuVPf7TWao_Z.exe

    • Size

      610KB

    • MD5

      592404767648b0afc3cab6fade2fb7d2

    • SHA1

      bab615526528b498a09d76decbf86691807e7822

    • SHA256

      3593247c384586966e5a0e28eb4c4174b31e93c78c7a9e8fef96ec42a152e509

    • SHA512

      83819e4956ac6da21c4927fa6edee2b178bc89bcda8fb5f4d0767d0d8310393f50f0f7e76e1a963002626a8176abfa8d864c9229a41e5b61e1a24a32d379dda9

    • SSDEEP

      12288:axGt1KIgj5TJuWaRGu7a81KE64i5uY4Cgbo73O1kV1nO1GVS9Td01LqB:tKIgKRGuO8gTGYwoS1kVg9q9

    Score
    10/10
    vidar937discoverystealer
    behavioral5behavioral6

    • Target

      GcNRfPQrt7430052z4jWGX0i.exe

    • Size

      927KB

    • MD5

      0e86a231689637b656a0764f2017d22f

    • SHA1

      70954ef5b83a7b0cd9dca4542d63bf3a7dc7ac97

    • SHA256

      3da0e424a6f1268f5682d59be1f83572479c28ca1fb7dab48d0b53220acef66e

    • SHA512

      21a3195665975ba3ec7b042a19b9ce39b5311e7c96070e7a968e7a1f39514a0df3569e39b313529dbb6b948195cd294077fd5b4e8a81e08a38b4ba2d8f6f6f32

    • SSDEEP

      12288:bsp0kUKA1PfP5k9FLRqYjtatql9MiwlDwhl6s5Ep7XzNwzVzTEVGp7K1k:bspuHaFLsqkqyEl68E5azVzwVBk

    Score
    10/10
    redlinesectoprat@original_finestdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      HKPHM9s7J_npOwbKmifWThV8.exe

    • Size

      163KB

    • MD5

      ec3921304077e2ac56d2f5060adab3d5

    • SHA1

      923cf378ec34c6d660f88c7916c083bedb9378aa

    • SHA256

      b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f

    • SHA512

      3796aab3dd9822ba41b57ef009166e4f99adab87cf279f9d86d4d7f227128da8faf2da7290e84ebffc11f1e8d17dfd0d8db9c2691e7fc08a93a02f748e293d28

    • SSDEEP

      3072:T17+hYe5fY7GFGRGkhRFLRYXGd171jpxszmiGAGRC2:J7ii7R9FgGNHszmiGxRC

    Score
    1/10
    behavioral10behavioral9

    • Target

      HyHVsV9i0LBAcDVqJzUYu3Hy.exe

    • Size

      321KB

    • MD5

      94c78c311f499024a9f97cfdbb073623

    • SHA1

      50e91d3eaa06d2183bf8c6c411947304421c5626

    • SHA256

      6aef62b3b8890bc22dd99f9b0d48247ae52c69e7ad9e384332658e73c725e40e

    • SHA512

      29b61f1924f19d073460332950c2316acf769aa40ad7f62a41941160cd8a8da5958e8f96183e0e498afe8558fc3efb3a23f66c7519c142c780c91279ddecb545

    • SSDEEP

      6144:DQbZ65iKd8Ro5c7bW+7kUyptNv+6FsVAIXRwGA69PZ+9ElvczV:6Z65im8Rb7D7kUyP5cVAIhwGA69B+9uY

    Score
    10/10
    gcleaneronlyloggerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • Onlylogger family

      onlylogger

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral11behavioral12

    • Target

      JC2pSzOI0YLF3KGWlIzGFqqp.exe

    • Size

      2.4MB

    • MD5

      b15db436045c3f484296acc6cff34a86

    • SHA1

      346ae322b55e14611f10a64f336aaa9ff6fed68c

    • SHA256

      dab2a18df66f2e74d0831a8b118de6b9df2642ac939cbad0552e30696d644193

    • SHA512

      804bee37e0a6247ef2edb5dba8d4b6820ff10b0a4cb76e4c039a7242285836ed5255a1f297f8ba96168d9295558844a9fd7ec3a977207f339296a001543c1fd9

    • SSDEEP

      49152:/JhGe/xVHII4W2qFRCsh7BQ0vLYtA2uORNJet/ylyPj792:/Jcevr2mLS0cT/Mj792

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      JntlxTU2VSh_6o3pBeenGZXP.exe

    • Size

      4.6MB

    • MD5

      a20f5887bc06dda3e4c4d59d9b00f3ee

    • SHA1

      837d2cfdb935c67f5c018bcc15e2ac4ee8c741a9

    • SHA256

      2b3c1a836d3218ccea9f8b01bb6be6949507298f2da9625f8315aefe89bed30b

    • SHA512

      1bf18d9ecd3ef84ae2219752e2b8364313c0fb2f18cacd1608bac7e4c00039a8d8d380f535b0f08f8818d61dcc235519deef63d475e51307278b678ca90cad6d

    • SSDEEP

      98304:vAQTMV6gJfxdnDTfwPyI6FuWlz0O+SBlnMgxNIopqBwwpU6k:vAPVlfvnDkGFuWImnPxhgrpUf

    Score
    10/10
    sectopratdiscoveryevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15behavioral16

    • Target

      LIAbdwyShKY89Z9xSWSzZEGp.exe

    • Size

      11KB

    • MD5

      e36bb066704e69c1cd7451a6c3b088a4

    • SHA1

      9deffcf1e30b044ed118f666b2e96cf50bf2e736

    • SHA256

      9bc6d20da16865822eb0510b8e4d26a36af0b1f7568a214b374c5c0c61d220b5

    • SHA512

      4feff2dc8a3ee793b35d77dbcffe583dc00c905ccb76d2d88c1fc290a2d77ff49d1e59d996be37662d222dd612ad79484be9ef864a6a5cbab9c7fae1218cdd41

    • SSDEEP

      192:1rHXcaPGRnTCwIprgLmQLdYNHKdIP+V5mbRyfLV7mBp:17XcaPGRnTsgLXLKNHKdIP4IgfLV7mB

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Ls1JHbNzSCujAe0rcXjY2nJE.exe

    • Size

      273KB

    • MD5

      ac7f28f999ef6657abc24673642b518a

    • SHA1

      37c701301ba28e8329f7c990a790320d021331a0

    • SHA256

      46d153d7d517ea834af83364c01388f5c4af458c359625244aa7bac158e8bff2

    • SHA512

      d45fe4a99c81d2221ebb4b537a23ac2a64e05defb8c789eb8a716af30685d2ca5963e8caeadcaec74e5ea588311ea59509077f14870193408114b261e7b97370

    • SSDEEP

      6144:38Gjn4iGmFj3lToLMjHxWs0YMaGahpgxSDj4SmsLdnAJ:jnfGmRVTL74mpgSDkudnA

    Score
    10/10
    smokeloaderpub1backdoordiscoverytrojan
    behavioral19behavioral20

    • Target

      Mr4X5srRQR20TfuVZShfsrAN.exe

    • Size

      321KB

    • MD5

      94c78c311f499024a9f97cfdbb073623

    • SHA1

      50e91d3eaa06d2183bf8c6c411947304421c5626

    • SHA256

      6aef62b3b8890bc22dd99f9b0d48247ae52c69e7ad9e384332658e73c725e40e

    • SHA512

      29b61f1924f19d073460332950c2316acf769aa40ad7f62a41941160cd8a8da5958e8f96183e0e498afe8558fc3efb3a23f66c7519c142c780c91279ddecb545

    • SSDEEP

      6144:DQbZ65iKd8Ro5c7bW+7kUyptNv+6FsVAIXRwGA69PZ+9ElvczV:6Z65im8Rb7D7kUyP5cVAIhwGA69B+9uY

    Score
    10/10
    gcleaneronlyloggerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • Onlylogger family

      onlylogger

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral21behavioral22

    • Target

      OEmxRS9UaiMPqIKXPz6Ef8jI.exe

    • Size

      589KB

    • MD5

      34c76bcc1506b513c7a1ac605c045c4e

    • SHA1

      271c6b3853e33e039242da7cf8f4465c48e90d2e

    • SHA256

      1e7f2339065e8a6909eea27f090499a1af6427d1563ceac0cd25c916c637d29d

    • SHA512

      cb2170b5fa492dcb7df54cfd7f4ad94214de98face0f1710cbad749c79bf322ea1106ace723520486bdeabdf0aa2eefbf70dcc060d61fcda1124298225c36865

    • SSDEEP

      12288:fhdKHkwkYGXXRJRC7ijHRAWteLwnHdYnXQ6mr4ZFrUD:fzKYQv

    Score
    10/10
    redlinesectoprat23.08discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral23behavioral24

    • Target

      OvVYhhgvd6ZhUony5cRMqVoB.exe

    • Size

      2.4MB

    • MD5

      b15db436045c3f484296acc6cff34a86

    • SHA1

      346ae322b55e14611f10a64f336aaa9ff6fed68c

    • SHA256

      dab2a18df66f2e74d0831a8b118de6b9df2642ac939cbad0552e30696d644193

    • SHA512

      804bee37e0a6247ef2edb5dba8d4b6820ff10b0a4cb76e4c039a7242285836ed5255a1f297f8ba96168d9295558844a9fd7ec3a977207f339296a001543c1fd9

    • SSDEEP

      49152:/JhGe/xVHII4W2qFRCsh7BQ0vLYtA2uORNJet/ylyPj792:/Jcevr2mLS0cT/Mj792

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral25behavioral26

    • Target

      QKvpJeDIaPtXDcwKwH_WmAYY.exe

    • Size

      2.4MB

    • MD5

      a7feb91676ca65d3da71c8ff8798e2ec

    • SHA1

      96b60cacea9e992ae9eef8e159d51e50bb0c7a79

    • SHA256

      844c20ca22a32cb2b23ff601dd070dfc800240bbcb2cbd825f3d3b325ad18a5f

    • SHA512

      d029d1e3746ae2c0dbf3351efbd744bdfef15fa9462de1cd35a4c5624d60365e5432e8ce7c49953b01df67f82525f35b79da371affc047e859ee61f60dbf9d75

    • SSDEEP

      49152:yzaIawrFIsU6+anPakV7/HFangWtl4UjhlXAl6RUbbzRMWv5pKJa2Xkut:yzzaOBU6++PrV7/lDmhxAl6UbbzRMWba

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral27behavioral28

    • Target

      fCe2q13vzDk3gxn554bfaSDi.exe

    • Size

      1.0MB

    • MD5

      956c60ba7d7d44f04b4d9ae2db9f723e

    • SHA1

      5b254193558cd413b015cd7efe7633e8712ffcb5

    • SHA256

      318ca6786488302f65aa4989d7be9b8ae25225ceef57894ef47e485153742170

    • SHA512

      e5b10f641a8544f873ae23c37e0a7d850a0e59b012f0bf01d0a75382e3728436ff2c0077b8a61c71008ec44739fadedc5bdd1f33d052acf589dd944918fa1945

    • SSDEEP

      12288:/kX6fGXRvt07nyHJXqiVZ1bhBeGkdq2MF5Jc2mh8IWvcdxCwEGP5WnDbt+MsD1:cqmJX/Pdjehdvgc38IWkiwJInD9s1

    Score
    10/10
    redlinesectoprattest 22.08discoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Suspicious use of SetThreadContext

    behavioral29behavioral30

    • Target

      fyiHA5hP7V19p7libPJSzjUi.exe

    • Size

      317KB

    • MD5

      145bf5658332302310a7fe40ed77783d

    • SHA1

      5370ac46379b8db9d9fca84f21d411687109486f

    • SHA256

      bddcd5eba3036a21b11e6d6d3cbe84daf562db27814adf7e32b5cc103d3c25d3

    • SHA512

      d3d9a8231f256efee7ce7ba6841d78c598dc912e7e5d503a9a094e6303d0f9f165a60c5370f353076b1f592d7d9ee6765d0ba4863a1c4935bb47e2ffa4ffb776

    • SSDEEP

      6144:QIH2L4AqFKDXavv7HPdVVJ31H0WJhtJSOi4k/YjN6+7i3eWQj3KWS/jrAZcEujqY:WLKFKqvz3CehLSO+YjN43jRPoZNm

    Score
    10/10
    gcleaneronlyloggerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • Onlylogger family

      onlylogger

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

themida
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
7/10

behavioral4

discovery
Score
7/10

behavioral5

vidar937discoverystealer
Score
10/10

behavioral6

vidar937discoverystealer
Score
10/10

behavioral7

redlinesectoprat@original_finestdiscoveryinfostealerrattrojan
Score
10/10

behavioral8

redlinesectoprat@original_finestdiscoveryinfostealerrattrojan
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

gcleaneronlyloggerdiscoveryloader
Score
10/10

behavioral12

gcleaneronlyloggerdiscoveryloader
Score
10/10

behavioral13

discoveryevasionthemidatrojan
Score
9/10

behavioral14

discoveryevasionthemidatrojan
Score
9/10

behavioral15

sectopratdiscoveryevasionratthemidatrojan
Score
10/10

behavioral16

sectopratdiscoveryevasionratthemidatrojan
Score
10/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

smokeloaderpub1backdoordiscoverytrojan
Score
10/10

behavioral20

smokeloaderpub1backdoordiscoverytrojan
Score
10/10

behavioral21

gcleaneronlyloggerdiscoveryloader
Score
10/10

behavioral22

gcleaneronlyloggerdiscoveryloader
Score
10/10

behavioral23

redlinesectoprat23.08discoveryinfostealerrattrojan
Score
10/10

behavioral24

redlinesectoprat23.08discoveryinfostealerrattrojan
Score
10/10

behavioral25

discoveryevasionthemidatrojan
Score
9/10

behavioral26

discoveryevasionthemidatrojan
Score
9/10

behavioral27

discoveryevasionthemidatrojan
Score
9/10

behavioral28

discoveryevasionthemidatrojan
Score
9/10

behavioral29

redlinesectoprattest 22.08discoveryinfostealerrattrojan
Score
10/10

behavioral30

redlinesectoprattest 22.08discoveryinfostealerrattrojan
Score
10/10

behavioral31

gcleaneronlyloggerdiscoveryloader
Score
10/10

behavioral32

gcleaneronlyloggerdiscoveryloader
Score
10/10