Overview

overview

10

Static

static

10

InstalIеr...vg.dll

windows7-x64

1

InstalIеr...vg.dll

windows10-2004-x64

1

InstalIеr...sg.dll

windows7-x64

1

InstalIеr...sg.dll

windows10-2004-x64

1

InstalIеr...kc.dll

windows7-x64

1

InstalIеr...kc.dll

windows10-2004-x64

1

InstalIеr...18.exe

windows7-x64

8

InstalIеr...18.exe

windows10-2004-x64

10

InstalIеr...ws.dll

windows7-x64

1

InstalIеr...ws.dll

windows10-2004-x64

1

InstalIеr...le.dll

windows7-x64

1

InstalIеr...le.dll

windows10-2004-x64

1

TT18.exe

windows7-x64

8

TT18.exe

windows10-2004-x64

10

TTDesktop18.exe

windows7-x64

8

TTDesktop18.exe

windows10-2004-x64

10

TikTokDesktop18.exe

windows7-x64

8

TikTokDesktop18.exe

windows10-2004-x64

10

adjthjawdth.exe

windows7-x64

10

adjthjawdth.exe

windows10-2004-x64

10

bxftjhksaef.exe

windows7-x64

10

bxftjhksaef.exe

windows10-2004-x64

10

cli.exe

windows7-x64

3

cli.exe

windows10-2004-x64

3

dujkgsf.exe

windows7-x64

3

dujkgsf.exe

windows10-2004-x64

5

fdaerghawd.exe

windows7-x64

7

fdaerghawd.exe

windows10-2004-x64

7

fkydjyhjadg.exe

windows7-x64

10

fkydjyhjadg.exe

windows10-2004-x64

10

fsyjawdr.exe

windows7-x64

10

fsyjawdr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inv.zip

  • Size

    32.9MB

  • Sample

    241130-z7s64awjax

  • MD5

    395df612211bd2ab91e4b5ed7cd8aaab

  • SHA1

    26da38e651426bf17c9c634e168fbd3c67536e46

  • SHA256

    12ca4ad8cd613c8d086cd39a5c6e787c12209f2271ba850817b72eae3cd559da

  • SHA512

    5a8e583a5f9009ea6a7469ac85ffb3c74650f9fbf468464829ccad8c19350efa2e522cd21f6d58769f04104fe78cac582a3eb1044505b28b54e7f5690e66e7b8

  • SSDEEP

    786432:yf1JKtsiYULst2jeCweXzj4x0kJD04lQsccAp2i8NdgpkEB2MSg7b7nnxzmFlwJn:U7iYULSMeCpzoL7TGpMdguEQW7b7nnx9

Score
10/10
amadeydcratlummameduzaquasarstealcvidar0174ec9d0ab5d3dd4d0bbe7415cfa10c41d35cbb974bc2d1287dcd4381b4a2a8a66537e8c9ceofficevoov1discoveryexecutioninfostealerratstealer

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

45.136.51.217:2222

45.136.51.217:5173
Mutex

d1mBeqcqGummV1rEKw

Attributes
  • encryption_key

    h9j7M9986eVjQwMbjacZ

  • install_name

    csrss.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    NET framework

  • subdirectory

    SubDir

Extracted

Family

meduza

C2

62.60.217.159

62.60.244.198
Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    xss

  • extensions

    .txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite

  • grabber_max_size

    1.048576e+06

  • port

    15666

  • self_destruct

    true

Extracted

Family

stealc

Botnet

Voov1

C2

http://154.216.17.90

Attributes
  • url_path

    /a48146f6763ef3af.php

Extracted

Family

vidar

Version

11.8

Botnet

0174ec9d0ab5d3dd4d0bbe7415cfa10c

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

amadey

Version

5.04

Botnet

a66537

C2

http://89.110.69.103

http://94.156.177.33
Attributes
  • install_dir

    a121af5f66

  • install_file

    Gxtuum.exe

  • strings_key

    09dbfb77de24d28905cfed05aeef2129

  • url_paths

    /Lv2D7fGdopb/index.php

    /b9kdj3s3C0/index.php

rc4.plain

Extracted

Family

vidar

Version

11.8

Botnet

41d35cbb974bc2d1287dcd4381b4a2a8

C2

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

amadey

Version

5.04

Botnet

e8c9ce

C2

http://89.110.69.103

http://94.156.177.33
Attributes
  • install_dir

    bfe2cd46d6

  • install_file

    Gxtuum.exe

  • strings_key

    0e6c50aa38bbb0a80ecad7e6fa3b2c11

  • url_paths

    /Lv2D7fGdopb/index.php

    /b9kdj3s3C0/index.php

rc4.plain

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://ponintnykqwm.shop/api

Targets

    • Target

      InstalIеr-x86/Qts5Svg.dll

    • Size

      253KB

    • MD5

      a7d192e6f464e759391c782fa4c3db18

    • SHA1

      bce12f057a2a6e3dfea381892c0206788acd00df

    • SHA256

      bd76dfd40334035338284301256488505b15ec952f1fcab696551fdd69c5eb18

    • SHA512

      01b5b708dc89354358294b97cb08f8bf2d96f55f08dd5825c63f1ce1fe0b213e56863a78900de13ab7ddf0da5a6c1a2d2f252ef7f28159f645a2e4d2de6dcc87

    • SSDEEP

      6144:sKD4dwpLEE61jMW52NP5xwuMnyOWYGcy8Dv4Cnke+9oCsGhvdw61IwxP4zd:sKD42pLEE6mw2NPnBMIBrU

    Score
    1/10
    behavioral1behavioral2

    • Target

      InstalIеr-x86/SbieMsg.dll

    • Size

      3.1MB

    • MD5

      1d531229c003c1bb3e93cfb9fae79ebf

    • SHA1

      f481e660e79c146604f2a512fd66fda1d1ca38f5

    • SHA256

      74a9d7d248fbf81ba1d6bc6c6f921d6fed52b71d4bcde4fcec490cdb0b0d7285

    • SHA512

      f84d6bbacc0aa4b44ed92e1336c553075d0168bc9a876404c2c03f9262b6888f5f22915a2cfcd1593245918c7c7f92e52b5ad4ba3c4d761756184d60a2794284

    • SSDEEP

      12288:z2VpSiFSJYeUvaOen/aMWz1O6125RXvPtu6jAO2Ifq2TvpC4X:zuxv6OenC7Q6125RXvPk6jA23

    Score
    1/10
    behavioral3behavioral4

    • Target

      InstalIеr-x86/SbieShelIPkc.dll

    • Size

      10KB

    • MD5

      ab87c29e560226a3604d004e049eda48

    • SHA1

      b1aee6cf1d58510b75f7fa4ad1b1ac5f9d0eb147

    • SHA256

      c7164a3d901a6658d94db02edaef0615d08df5e2ee15d1e6468be9de8a6b17dd

    • SHA512

      20c2a47fe3201a5b8e21b1d3a998f7d4ef66fe0153e0f2983674632617fcaa37a704795d5215720943804a0136a2635fc8bab589d453ec5b5f45916f0f7a53e7

    • SSDEEP

      192:Je8ARCKz6Nl9vXhUc2jawG31caVkbhY6en2SUhfinDHx:g8At4vXzwJVYH2ScfMd

    Score
    1/10
    behavioral5behavioral6

    • Target

      InstalIеr-x86/TTDesktop18.exe

    • Size

      26.0MB

    • MD5

      13eb2bb3303156d695ecf3f2b2c09eb7

    • SHA1

      db1f2877681d02201c6c9d71d8c52a872c3612b9

    • SHA256

      8680e9ff0246c2b7cd4a45a9c6262851ce8d12e4638e48cb1baec267c2b6ea6b

    • SHA512

      6f44a7f1612f0eb4843c1e0de757a03f53d2b14e7aa8b7f983c2ca9baf0701d30f129edeab9c889655840782a1289fb4d0bf0699223e3c584afdaa4ee5172172

    • SSDEEP

      192:0qgaiJUFTQcHVPtAXjJ9vT2O3yP8B50LOZdBcmCEJXVWwTnkVOvQu:57zFEcH769vT2OCkB50LknnVTnkVUQ

    Score
    10/10
    discoveryexecutionstealcvidar41d35cbb974bc2d1287dcd4381b4a2a8stealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7behavioral8

    • Target

      InstalIеr-x86/cfg/platforms/qwindows.dll

    • Size

      1.5MB

    • MD5

      7a95a2ac88ee34613da76af12a8f6375

    • SHA1

      f5dc8fe31229639bd3fe28b52249af29722e0301

    • SHA256

      e9b4e3c270d7b64eb06871e8d5022d4ea768d93bdd205faab070c6fae695e550

    • SHA512

      602650ee2657e069523e17677eb3c29a0f7e5aa0ed5b44127c368265f7fed020c93c65fb5af2cd1fc54cd1e4dd278ba1498d248910eac1e60dd09b282a2dfe90

    • SSDEEP

      49152:yhteEDXKprit/jl70BkHiZsuu4EkYBdpV:5Wt/q38Bd

    Score
    1/10
    behavioral10behavioral9

    • Target

      InstalIеr-x86/cfg/styles/qwindowsvistastyle.dll

    • Size

      226KB

    • MD5

      6bea57a7fd8f380de36b89d9bfa6a209

    • SHA1

      dbcdf8cbbc8914b2a2fbbd81362dc6cd97378a8e

    • SHA256

      8a864f327756bc0ed0d16c52f37c4c652e7f440081199dcea93ce5839442ee69

    • SHA512

      d4c28ee0be0f986be7e8c07e4b42393824836e084cee89cf699a1a3d911f1280201321666f070ce743a34ea5810b85b0cc4207f72d55e88c62509d3e070d1b8a

    • SSDEEP

      3072:zesbD7Kt3oc+kwwPyjHB3UxqFBArvxXJblgQfMJa5MBuiOWnCT0NGcIRS:P+o3GPYBUeyvxXplPqBuiOWnCT0NYR

    Score
    1/10
    behavioral11behavioral12

    • Target

      TT18.exe

    • Size

      12KB

    • MD5

      ceb5022b92f0429137dc0fb67371e901

    • SHA1

      999932b537591401dfa1a74df00dae99264bd994

    • SHA256

      8d2f2dce701f8dc555e74b53bfaf7a1337027adc7fadc094b2eba3bb5b688f1b

    • SHA512

      a7acdf417ef81f131c050bc8bd364edddf7a2ebc446c69411d549c14ca8967af7b8c8a2d4556018f148d1b57bc985e10104cdc72e2bed518cfe3280b0254a3d8

    • SSDEEP

      192:knUbCDQoJq4Hb0jPuiJddudb7Z+XX1cNIQKXy+AFtaffEOsSRMWSVP1W58:kg3MGWimFNIQKX4Fgf8OxRBSVU

    Score
    10/10
    discoveryexecutionstealcvidar41d35cbb974bc2d1287dcd4381b4a2a8stealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral13behavioral14

    • Target

      TTDesktop18.exe

    • Size

      13KB

    • MD5

      22bded153b8c1ec4b1d1b45e0467f7c6

    • SHA1

      1c8825442a455da9ffa0fd56e0e2848dfa58bf2c

    • SHA256

      f07f39ca504a15d670eecad52c272ed5cdc4025fede61cd910d7da2a55d1d052

    • SHA512

      f6022cbf7120e1771e7ba992bcd59ba5f8f68507d91c10c997a3186766547ea0632347facfdec667c3bde261748eb93ee8df35c71600fd7c459539f629b408bb

    • SSDEEP

      192:0qgaiJUFTQcHVPtAXjJ9vT2O3yP8B50LOZdBcmCEJXVWwTnkVOvQu:57zFEcH769vT2OCkB50LknnVTnkVUQ

    Score
    10/10
    discoveryexecutionstealcvidar41d35cbb974bc2d1287dcd4381b4a2a8stealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral15behavioral16

    • Target

      TikTokDesktop18.exe

    • Size

      17.9MB

    • MD5

      81f6b6fe3201c3941bd49243c5896811

    • SHA1

      8bd0d5bb78255fc9f2dcf70fde14dba16c66551c

    • SHA256

      fa4f1c0b324654420f8758b8ab1d7e0db22f0eacbff0d2e14413ed904ca54aaf

    • SHA512

      f3d22c84fb70a2c851f533037b74c45248b9074aa3042371672c89c3ee5229bbdbbc193e54840adbc5f17672430fbbc0b94dd12c8014f3a3ec93fece24e54d4f

    • SSDEEP

      393216:7bbTRUBXu2+WlsaxtBXu2+WlsaxtBXu2+WlsaxtBXu2+Wlsax:7PKBX4mtfBX4mtfBX4mtfBX4mt

    Score
    10/10
    discoveryexecutionstealcvidar41d35cbb974bc2d1287dcd4381b4a2a8stealer

    • Detect Vidar Stealer

      stealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral17behavioral18

    • Target

      adjthjawdth.exe

    • Size

      888KB

    • MD5

      28aaa8f0b29a96138fd597975a16c5d4

    • SHA1

      b0ea5394610d089ab5248631a4c0f6666f79ffcd

    • SHA256

      2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab

    • SHA512

      7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d

    • SSDEEP

      12288:wAl1WPQtkQNQ6yMs/Ua+iXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//qK4oV4g50:wwFp5yMs/UFEPLZj956t1

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      rat
    behavioral19behavioral20

    • Target

      bxftjhksaef.exe

    • Size

      1.2MB

    • MD5

      7794f39bc5aea95efa5f31bbfd7ad201

    • SHA1

      c57745b835d4cd92460b5db142b0ad19d81c2e49

    • SHA256

      f025eabd6a3067f32685443139c8cf74a3f51a0b7ab6d50fb83ef8c200bfe418

    • SHA512

      5bbd74f85e0d31a3dfcd0167baf5ed3b384b90f116faae3f4a1fe3e89da86f94db48c0ce27e205e3a9c929087ab090d5042a35ce7bbee82b3effa10ffd47b457

    • SSDEEP

      24576:2+U47TU+cy7heu0luv4xV0dgodqD354a8jMjmPWkty:2+xTU+cy7/Iuv4n1D6j4m3y

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral21behavioral22

    • Target

      cli.exe

    • Size

      6KB

    • MD5

      0d575c1cd0678e2263466cccc21d8e24

    • SHA1

      fe81c9e15f89e654bd36a1c9194802621b66b6a9

    • SHA256

      25c9cb817af524069805b3dcedf2df562a232fa54ad925f21863ed6a2d13094c

    • SHA512

      f762a8112b630a8a81f8d9fcc1d279b34ad1a994d3bd7c202b6791a59be769e709ef9d3a7ea2be0de4a6971aa802ed831f07027f8fd1743612227a6617b77e35

    • SSDEEP

      96:cnVYW2fP62ZkorMzivz29ZwhMTNzV1cdbqBzNt:cs62ZkaKW29Zwhu5V1ew

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      dujkgsf.exe

    • Size

      135KB

    • MD5

      bc48cb98d8f2dacca97a2eb72f4275cb

    • SHA1

      cd3dd263fc37c8c7beb1393a654b400f2f531f1c

    • SHA256

      c18fb46afa17ad8578d1edd4aa6a89b42f381ca7998a4e5a096643e0f2721c49

    • SHA512

      7db6992278ca008e7aafa07eb198b046a125d23ca524f15d5302b137385dd4e40a4a54ce4dabb28710b71fbcfdd2d3315fb36e591edc2b3e1737b11b9ee45a5c

    • SSDEEP

      3072:1TGtOioVUSuLwYMdbQro39gSms+rkNgrQ8WZW:peoVU9JMdbQrbvtG

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral25behavioral26

    • Target

      fdaerghawd.exe

    • Size

      29KB

    • MD5

      3ace4cb9af0f0a2788212b3ec9dd4a4e

    • SHA1

      2914bd74b5553f5f4dbd5f7b23bc00d04a2c77cb

    • SHA256

      121bfcb759e561bca3f63777498646c80d030a92dac5a27c7c9cc8f5581e672e

    • SHA512

      76ecc354b1fb5bf93f18bbe9f85401ef40e0826f7eea73a0cb5afda5d69ec384a459c07b6cc2386176888978d2dbb9bac9360e249114c59799de0984bbba5c56

    • SSDEEP

      384:EhEy+hzv91UqVY8+JppEhKe+Ej7sI4GSFdX9NAb/QX22r5A/w/o0el7xI:IEy+hT91UqVY8+XpEh6CMs7gx/o17

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral27behavioral28

    • Target

      fkydjyhjadg.exe

    • Size

      1.2MB

    • MD5

      b2c8bf8a5797d9ee73c205e27cfdbbfb

    • SHA1

      da8b2fa38e7c0fef5d13cef94f0028b75e05e8ab

    • SHA256

      784bcd0555e5e1ab25b212f28bd84b64eac99270afb0a73fb4cd92fb737d6c7f

    • SHA512

      aa5d2bdb1d00faf877502c35ef5716c5ccfde18c26deebd7436e246b9a82069fd8834b8b8c24adfdf5bf89385c214b49ec4c5d6021f6ac72b0d8b998ad223ec2

    • SSDEEP

      24576:kMnfGPxgVa9CaVmOqF3x3UtfwDwxOD9xD5CDRQ7jb52OGxu:kMfGPxgOVpo3xcbc9B5CDRQ7jb50u

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral29behavioral30

    • Target

      fsyjawdr.exe

    • Size

      1.2MB

    • MD5

      75fd2eb14bbf23564f73e2898036d772

    • SHA1

      e29a3b16797552eda08e4407404754d104a7893d

    • SHA256

      d65c30e0a68cb621e9ee353783c6c5083456fb3b7e632a05fa75921af51a3d2c

    • SHA512

      c0506b3d97f5108435cab7ec731923b1f7fbbde95ec72096a91c6ed1d6123c3708297a885de76b0dcbb4f8b0e1a3bda06b9fbb948f7fa98a1e3318b76851109e

    • SSDEEP

      24576:MDTeKIvhz+9fER1gQjlozUCst7S24bJ+c2QJCnrFJz4RAZ/EDLkKYu4Q1jap4C:wqrv5+6Rrl3Jt7SdD2QJghJzwAZ/eLk7

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

ratofficevoov1stealer0174ec9d0ab5d3dd4d0bbe7415cfa10ca6653741d35cbb974bc2d1287dcd4381b4a2a8e8c9cedcratquasarmeduzastealcvidaramadey
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discoveryexecution
Score
8/10

behavioral8

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discoveryexecution
Score
8/10

behavioral14

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer
Score
10/10

behavioral15

discoveryexecution
Score
8/10

behavioral16

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer
Score
10/10

behavioral17

discoveryexecution
Score
8/10

behavioral18

stealcvidar41d35cbb974bc2d1287dcd4381b4a2a8discoveryexecutionstealer
Score
10/10

behavioral19

dcratinfostealerrat
Score
10/10

behavioral20

dcratinfostealerrat
Score
10/10

behavioral21

lummadiscoverystealer
Score
10/10

behavioral22

lummadiscoverystealer
Score
10/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
5/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
7/10

behavioral29

lummadiscoverystealer
Score
10/10

behavioral30

lummadiscoverystealer
Score
10/10

behavioral31

lummadiscoverystealer
Score
10/10

behavioral32

lummadiscoverystealer
Score
10/10