General

  • Target

    JaffaCakes118_031527224e74b82bf16e639c666134674ecc8a6e648fed2f68255617bd6a3b18

  • Size

    21.7MB

  • Sample

    241223-pv673szmem

  • MD5

    a9460cbeecd230ffdb2c22ae81409572

  • SHA1

    8bb274360ff935d945b2a899fe9dc304e5c0a290

  • SHA256

    031527224e74b82bf16e639c666134674ecc8a6e648fed2f68255617bd6a3b18

  • SHA512

    efd0f21fd9e24225d240c74b03ba2ac734e47ebfc47c74e69fed6d77cebfe42a9838a54822d8de5e0cbba9daff6909ac4484f779d3842a156451a3eebc5a0a10

  • SSDEEP

    393216:r2flKxdMPPVBLFH/gF51yAyxv6DLYJhMhD7lHs/lKLX1JwmGGyfj1OQZ2hG9j:ragxE7glyHv6DLnhXlMdKLXImGPfhOQd

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

synv

Decoy

hareemshareem.com

aromaticus.club

sakabay.com

ebtedaieeduone.com

goodyertirerebate.com

mehmeterdas.com

everestjsc.com

eqtclub.com

ahlcide.ovh

snifu.com

grinabrasive.info

ijustwannablog.com

eng-in-use.com

mo-ip.group

beautynblackbody.com

presto-eng.info

jarah24.com

marigoldbrewery.com

onpointcomprasbrasil.com

cdrh-consultores.com

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    mail.dm-teh.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vm@(O;CO.vEQ

Extracted

Family

remcos

Version

3.1.4 Pro

Botnet

RemoteHost

C2

elninotronics.com:2404

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-E8E8J7

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    wikipedia;solitaire;

Extracted

Family

bitrat

Version

1.38

C2

185.244.30.28:4898

Attributes
  • communication_password

    58d566f77fed2099674f84e99ed222a8

  • tor_process

    tor

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Extracted

Family

xloader

Version

2.3

Campaign

weni

Decoy

sdmdwang.com

konversationswithkoshie.net

carap.club

eagldeream.com

856380585.xyz

elgallocoffee.com

magetu.info

lovertons.com

theichallenge.com

advancedautorepairsonline.com

wingsstyling.info

tapdaugusta.com

wiloasbanhsgtarewdasc.solutions

donjrisdumb.com

experienceddoctor.com

cloverhillconsultants.com

underwear.show

karensgonewild2020.com

arodsr.com

thefucktardmanual.com

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.badonfashoin.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    kKsIA9XNV2zG

Targets

    • Target

      Order.exe

    • Size

      184KB

    • MD5

      b48a1b6628f1f941e506d15013a72619

    • SHA1

      4d6a9fb6ad5aa1b53440c2eb0806602fc164b0a2

    • SHA256

      cf540119b481ff1a73efd8f50bc5942faaa46e79f9cb78d06b2b993ef4c921a4

    • SHA512

      c74f5fb663cd9e34c234a78884a30399825ed4211d5c1a795bebc6fa2546ae02ba9ddf24e648fd251ac5a265131cd645855483aeb411892367858ac2a571f6be

    • SSDEEP

      3072:LizuMU66n2qcHf29Twf8uDiy88V2Sx5Ci8LBNaP08uxcRqqHq0cS0Gf3RMlyPrsD:lM+Me9cfBDiy8i20HunvxcRHqfGlov+M

    Score
    5/10
    • Suspicious use of SetThreadContext

    • Target

      төлем туралы есеп#454326_PDF.exe

    • Size

      899KB

    • MD5

      8ffb5b1aba6759d623f20a9744de4dd0

    • SHA1

      969a580a9e874f8e5a38d7fb4db664be1aa35ce5

    • SHA256

      8674688f673421c41dd39734f690c3b1b0aa8aceb5adeb057cf8b21d8f2e41a6

    • SHA512

      3713871db07036eca5846ca681432e63dbf1951a47186c1f8458a3395da57b53ab796f5b44025bb277cb6f281fecf401d090bc8618fa72b9ea20fce8991a538c

    • SSDEEP

      12288:PNVCqo8zTyvUIZbVlBPI2VBPpZ9SgkVJNoH6tm8EblyuVYvv/zzbVgnQe:0vDBlBPIOBPHsl7Q6tm7blmv/nbO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      87597.exe

    • Size

      704KB

    • MD5

      7e19235ca4a6192bdace52baa0a40d26

    • SHA1

      1ac8aa96052b0da4f7d1072ca8fee01ade2e9f71

    • SHA256

      ed762437d06ffae4d27baec39379997d8acf7ae6e6e758611793f3fb2fafcee1

    • SHA512

      a67be81bf2487babe021184427d47004791fca072b93ea61efa40d81680132ffcbd96cd78a00a8f316be50d5308ce1d5f2b29dc19be32e91a74a65a63c7705a0

    • SSDEEP

      12288:l3MyvUIZbVWX7Q6cgNMuAx206pm2MGydGcHazvuHw3ItoaI43JYLh2ADli:5TvDBW3cEaeMGpcHazv0tV/OLh2ADl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      29146c1ccdf280c8ac9d0c861f8bd222d2d93777c8a822da4d72c64fc3f78670

    • Size

      2.5MB

    • MD5

      20f44573ee6dea2e3b5935c6b1b979db

    • SHA1

      4c7429743c92dddb6929931585de25eebf1792cb

    • SHA256

      29146c1ccdf280c8ac9d0c861f8bd222d2d93777c8a822da4d72c64fc3f78670

    • SHA512

      8c96de16c6cf01b351eff07585c0063167f9d1695510b2a1701ced7fd45aa8c34d101d5cc1e785306daf6c9f4ab9fedd7898608b92468f9483ce44637015aa0b

    • SSDEEP

      49152:rUy6Rw/xG6ds61Yt0E1EgivHgYkYU06z:8Rw/xG073vH0Y

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      2cc3b4295747aeeb5a54b923fdbc9be766ee156c8914f5c07663f7cb1055068e

    • Size

      887KB

    • MD5

      040cca91f06819461187ad57faa81f30

    • SHA1

      51b4261aa8c7a475ca9223d4dfddc19a2720096f

    • SHA256

      2cc3b4295747aeeb5a54b923fdbc9be766ee156c8914f5c07663f7cb1055068e

    • SHA512

      b95e41af609572c7e1de13f03abc9779b00cbc7fc4587345ad1a6259baec08a82e11d8e66e02f11049946dcef6620dcc50d9d9fa120e476eb571698718e4bc80

    • SSDEEP

      12288:ybL3+yvUIZbVlBPI2VBPicnA6dLviSv8PLpSaeFzLyeSXmOpgfm3Q+:yb5vDBlBPIOBPtnfdLaSEzpwzyXpqe

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

    • Target

      RICHIESTA DI OFFERTA.exe

    • Size

      236KB

    • MD5

      73bb5c4b690b8d6df88d6bc18fb3a553

    • SHA1

      60adddd91b6038fc9d819cf6d647ce3be0b11d38

    • SHA256

      a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66

    • SHA512

      9c023dc66d9bcfb2f5bc0274001d92948ac058fc8765d2178907dfd8fb9885ede57acc3836d583ad97516dce1a97c50f081800b41a1f42ea938efb8b23e87567

    • SSDEEP

      3072:+3BepJlZa/xao5JKwI7V4R4iUW/qcijw2HJlZapGBR:EiUIo5JKPgU99vHP

    • Target

      39c1e12e0ada85fa835b623a4698345bf95372bea57a7d3a5070ea1d5d5d825c

    • Size

      846B

    • MD5

      351b843f627dad02a1e21178f29b59ab

    • SHA1

      801db68232be9a0d7b89a834a18d0d1ecf4cdeea

    • SHA256

      39c1e12e0ada85fa835b623a4698345bf95372bea57a7d3a5070ea1d5d5d825c

    • SHA512

      9c3adc2f1251223b1e0dd1ce983dcb0e4a86c5b3abc7880b4028b1e5d9e8d9c59a394e2b0638eaea2aa9dd84c2d49a0ff775a1558bcfee4c3c9443481d0c46a0

    Score
    3/10
    • Target

      3f46e10e5fe376b995e2947d1be21955aa8341f39d80cca737109fcf2cf2bf3b

    • Size

      1.1MB

    • MD5

      1ee5c7e3b59f02fef1b0f793d2196afd

    • SHA1

      3f1a1ce12dec33f946079a532ccda8e0c72f2c7c

    • SHA256

      3f46e10e5fe376b995e2947d1be21955aa8341f39d80cca737109fcf2cf2bf3b

    • SHA512

      0d106c3451f88ed8f27abe47917c4ba4b25706df623f3a0879c5a67c09a269a48b35b94ca25fc2cb7447be75a7e05cbf5464f4c1aff80224c20f263d321387be

    • SSDEEP

      24576:1kcNn8Y5TrvvDB/mF1BVB/9ogBzVf/ppYbItJ4Rvk7xz:l5TrTcBVl9BTpTrV

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Blustealer family

    • Suspicious use of SetThreadContext

    • Target

      53074094addc55786936f3d67d7fe36554a7c4f4f96c06252ae768707295dbec

    • Size

      35KB

    • MD5

      99551779549809d289d12efa5ac43e4e

    • SHA1

      66b5b7aa0264b12e24f37388330a60991de3146a

    • SHA256

      53074094addc55786936f3d67d7fe36554a7c4f4f96c06252ae768707295dbec

    • SHA512

      46c3e62d314c028ff812d299ed54e0cc8602422d462d58e35a1ea92b020cddb1700cfb91f339729b4018cd3cac7eb2268c5e0d5599f6a15f21d663626e2a2afe

    • SSDEEP

      768:RQI4+orqJGPvcK/kmG+1mAaElNZuw3/9WmEyhqbaWB:6FKJGsgkm/mABlNZ//cmnhqt

    Score
    10/10
    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Target

      632cfc71bd4734fdd98e48166a52fbc4a48d43640f3375fd882dd374479bffb1

    • Size

      9.3MB

    • MD5

      aaa839e4993c07fdfba45afe8826d6bf

    • SHA1

      3d00bce50c92b31c3d74d20c5451aedc6878a246

    • SHA256

      632cfc71bd4734fdd98e48166a52fbc4a48d43640f3375fd882dd374479bffb1

    • SHA512

      e3bca0a028a39e602b093069fb84a84ff13d7451ebaaf05dc127aa061ae7d096460133a3b8d726adedafd1dd08d09621197bf9e8747ac622bfedd909dec6f3cc

    • SSDEEP

      98304:IydePKsBylarg6bY/J1ZKbTsBylarg6bY/J1ZKb2ayX0I6:IHisB2Eb01ZssB2Eb01Z820X

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Remcos family

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      685dce7a17356b2a9fe68600ab29af885c591d23221e8f65396478d3a1f5ae03

    • Size

      2.2MB

    • MD5

      9882d9bb0a03a191d8ba9b4bc9c254c5

    • SHA1

      23bbe2b78cfb4d2c1232fb48bda0dc1ea30222d6

    • SHA256

      685dce7a17356b2a9fe68600ab29af885c591d23221e8f65396478d3a1f5ae03

    • SHA512

      c3d683b765eb78dd21105096da079720a4b3abf717cb170b88059e900bd3749caf8002f125e7a0d6e4be2f4f703a5267d951af565eb4ba2a635d0233a8fdb6cc

    • SSDEEP

      49152:AknKa6MMOFqbdx14d2RjbWk0nUt0LrOmJwHL0leN3vkPZ:j4OAxxK2R+UaEQ8kP

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Bitrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      6c4aab4c3bd1ba8f77a781d70ecbc1b4c7dfd9d3c7ad60158fb8d35d1d4246e2

    • Size

      4.6MB

    • MD5

      eaee663dfeb2efcd9ec669f5622858e2

    • SHA1

      2b96f0d568128240d0c53b2a191467fde440fd93

    • SHA256

      6c4aab4c3bd1ba8f77a781d70ecbc1b4c7dfd9d3c7ad60158fb8d35d1d4246e2

    • SHA512

      211951f053ddecc6e0545a83119112d6ad375e226437d6a26ed493b362e51da3718131d59fb045c9b2feea91e04d3b82e9be4e52a46fe2e84ed4f3b4ed2213b3

    • SSDEEP

      49152:U8+7QhuKuy4ab57x03AFPd96gUyeBW51fN4AsYfW4sAMnB4jt40bjqkNQU1:U8puFyft

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

    • Servhelper family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Remote Service Session Hijacking: RDP Hijacking

      Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.

    • Blocklisted process makes network request

    • Indicator Removal: Network Share Connection Removal

      Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

    • Server Software Component: Terminal Services DLL

    • Loads dropped DLL

    • Modifies file permissions

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      73a52a4c60d253ccdb79e5d50814d1689a49fd85f9e0a40a0dc57ba7fb54e5c0

    • Size

      835KB

    • MD5

      7c81e999e91d1d0f772010dfa4c34923

    • SHA1

      76caadc92346688b50a408b6c48017563a24844f

    • SHA256

      73a52a4c60d253ccdb79e5d50814d1689a49fd85f9e0a40a0dc57ba7fb54e5c0

    • SHA512

      ee5777aafc4b568465b85322ba6ffcf0a38ecadde6274a2e4fdf440cf2ea061762a4b07eeb9a5b40b61d8bf3dab91871715bc5e64da74768f0be342b1f79ae27

    • SSDEEP

      12288:8BzZm7d9AZAYJVB7ii/XAvKxRJBnwvogSJ4M4G4aBgZ7u/8u5DGDt2:ucneJVBvXAvwRJdwvZ5aGzu5DGR2

    Score
    3/10
    • Target

      Inv_7623980.exe

    • Size

      829KB

    • MD5

      b20d9ced5d063ec28425551a520ac59d

    • SHA1

      f6bfd3346ed28ef6ed5e45d89f6b1f89d8296b0f

    • SHA256

      3ad516ed1d59d2a83e03dd014de474999c1d20885639cd2f77c1108c636636df

    • SHA512

      2bbfa0ab4ef7132e5740e54d1fcacb35fdbea4a89b5208f42b4660377f5e18f7a09cad7c589d3a1c3b02d06228ba8b3cb02d6f32b0fcf18b71f23c0e367c48d4

    • SSDEEP

      12288:sJzJBoc+ZPzbmhJP8jA+09+Ny6UMZET3jcqd+lHLN3BwspCVad5+v991DqGTR:sjec+ZPzbmf8jFNu4ETQqwtBw

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

    • Target

      8954739d960eecd84aa64e657aed72d40567764023ba14e048778d0ebf24cba8

    • Size

      1KB

    • MD5

      c3bc357d17e8b2403ce323807e75911a

    • SHA1

      4b37b7afbadab1bbdac7e43fb283f7180e47ea1d

    • SHA256

      8954739d960eecd84aa64e657aed72d40567764023ba14e048778d0ebf24cba8

    • SHA512

      463b9dd8f7d8006ec0f28b9383357904b3caeeaf1792e1127be011b20f1ee0c49ca422c4ed7fbfed60fad83bfff5d6728da43e68b4863d6032b7866e162b9c86

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      USD $.exe

    • Size

      1.0MB

    • MD5

      7098068c07032900ff073b55a8ad8e0b

    • SHA1

      5bdda0bc06b935689f29d55b297d0523d82c6bfa

    • SHA256

      2d7aac32ea8a8329262ead70ec2f030c1a4061e4edafdf03e605bb9ce606836e

    • SHA512

      c5568a37cd6cfa600af5742acd1143d434035e2b5d7caa515ccbf182c6f72030e28a3562ee9f5e9341bcc5aeef45f498434fb8ff6835bc07c04220440d0aaf39

    • SSDEEP

      12288:WA72Z5kzykTvNYf3ACtYKWBAZcQEuanCJ4ZTuWnCT2EypSTU0KfOgzUhr2X0GSGl:WAaZ5k7TvqfwCqiZ9149O21FCWZ

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

    • Target

      91d079d9371fa53227e4bb2207ba4d3aa4733feee607773b696779c5e87846b9

    • Size

      400KB

    • MD5

      315c3439a84941a3da05b9b09752dd5f

    • SHA1

      ef24cc39f3f75c879d819480831541f12273f9f0

    • SHA256

      91d079d9371fa53227e4bb2207ba4d3aa4733feee607773b696779c5e87846b9

    • SHA512

      78229f409f4cdf93b87153325e37460855363eac92a84193d5aa82a6121c538d89e77c0da0dac977fbe3f8dc43482f560831ce2384e68268c8c99beb1d71d4ff

    • SSDEEP

      6144:gFLtM1nJIDQx2L2RCo0iRdd21gloXpSFyLbSp13XsfN1/QH5s1mkbK4f4OxoWts4:EOLIyRn0ivdVlCSFlp1383wsmC4VplY1

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxmacromacro_on_action
Score
8/10

behavioral1

discovery
Score
5/10

behavioral2

discovery
Score
5/10

behavioral3

formbookvd9ndiscoveryratspywarestealertrojan
Score
10/10

behavioral4

formbookvd9ndiscoveryratspywarestealertrojan
Score
10/10

behavioral5

agenttesladiscoverykeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral6

agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan
Score
10/10

behavioral7

credential_accessdiscoveryspywarestealer
Score
7/10

behavioral8

credential_accessdiscoveryspywarestealer
Score
7/10

behavioral9

xloadersynvdiscoveryloaderrat
Score
10/10

behavioral10

xloadersynvdiscoveryloaderrat
Score
10/10

behavioral11

guloaderdiscoverydownloader
Score
10/10

behavioral12

guloaderdiscoverydownloader
Score
10/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

blustealerdiscoverystealer
Score
10/10

behavioral16

blustealerdiscoverystealer
Score
10/10

behavioral17

miraibotnet
Score
10/10

behavioral18

discovery
Score
10/10

behavioral19

remcosremotehostdiscoveryrat
Score
10/10

behavioral20

bitratdiscoveryexecutiontrojan
Score
10/10

behavioral21

bitratdiscoveryexecutiontrojan
Score
10/10

behavioral22

servhelperbackdoordefense_evasiondiscoveryexecutionexploitlateral_movementpersistencetrojanupx
Score
10/10

behavioral23

servhelperbackdoordefense_evasiondiscoveryexecutionexploitlateral_movementpersistencetrojanupx
Score
10/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

xloaderm6b5discoveryloaderrat
Score
10/10

behavioral27

xloaderm6b5discoveryloaderrat
Score
10/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
8/10

behavioral30

xloaderwenidiscoveryloaderrat
Score
10/10

behavioral31

xloaderwenidiscoveryloaderrat
Score
10/10

behavioral32

Score
1/10