Overview

overview

10

Static

static

10

Malware-1-master.zip

windows10-2004-x64

1

Malware-1-...30.exe

windows10-2004-x64

10

Malware-1-...40.exe

windows10-2004-x64

10

Malware-1-...32.exe

windows10-2004-x64

10

Malware-1-.../5.exe

windows10-2004-x64

10

Malware-1-...91.exe

windows10-2004-x64

10

Malware-1-...ey.exe

windows10-2004-x64

7

Malware-1-....0.zip

windows10-2004-x64

1

Malware-1-...ad.exe

windows10-2004-x64

3

Malware-1-...ti.exe

windows10-2004-x64

5

Malware-1-...an.bat

windows10-2004-x64

7

Malware-1-...an.exe

windows10-2004-x64

3

Malware-1-...ve.bat

windows10-2004-x64

7

Malware-1-...ve.exe

windows10-2004-x64

7

Malware-1-...ya.exe

windows10-2004-x64

Malware-1-...re.exe

windows10-2004-x64

10

Malware-1-...ry.exe

windows10-2004-x64

10

Malware-1-...ck.exe

windows10-2004-x64

3

Malware-1-...he.exe

windows10-2004-x64

10

Malware-1-...op.exe

windows10-2004-x64

7

Malware-1-...rb.exe

windows10-2004-x64

10

Malware-1-...ue.exe

windows10-2004-x64

1

Malware-1-...ng.exe

windows10-2004-x64

6

Malware-1-...kt.bat

windows10-2004-x64

7

Malware-1-...o3.exe

windows10-2004-x64

10

Malware-1-...ey.exe

windows10-2004-x64

10

Malware-1-.../m.exe

windows10-2004-x64

Malware-1-...o3.exe

windows10-2004-x64

9

Malware-1-...dme.md

windows10-2004-x64

3

Malware-1-...er.zip

windows10-2004-x64

1

Malware-1-...ic.exe

windows10-2004-x64

3

Malware-1-...in.exe

windows10-2004-x64

10

Resubmissions

13-01-2025 04:35

250113-e7x5tswlfz 10

13-01-2025 03:52

250113-ee43nsvjby 10

12-01-2025 15:57

250112-tealdsymgt 10

12-01-2025 15:53

250112-tbnc3s1mhn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware-1-master.zip

  • Size

    45.4MB

  • Sample

    250112-tealdsymgt

  • MD5

    ef37386fefe6fbbf646805a591add083

  • SHA1

    1abfc73d9a379c796036de72e5f7961b4295bf5e

  • SHA256

    2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

  • SHA512

    112cccdada7554db108f3fd469e72fc0568aadbcad33b75a2046018827c5542d5fdcb6b454eb7bb0f58a6ea00e65bcd503a807222e1f21cc9a0f087c89453d3e

  • SSDEEP

    786432:8hXFC0opkN2sA1VYXb1ZfLKvrXpXyNoqpkHuMBWn3GhUclPgJ26GEa5+VX:+FnQCXb1ZzsyXpKdBEGeQP2Vj++p

Score
10/10
azorultdarkcometemotetgandcrabimminenttrickbotwannacryxmrigguest16sun10backdoorbankerbootkitcredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerminerpersistenceransomwareratspywarestealertrojanupxvmprotectworm

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

bibl1234.ddns.net:1604

pizdash.ddns.net:1604
Mutex

DC_MUTEX-QKPH38W

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    2PaBrGj3TwxK

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-493223053-2004649691-1575712786-1000\MHQUIY-DECRYPT.txt

Ransom Note
---= GANDCRAB V5.0.4 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .MHQUIY The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5f06f3349dad0036 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAGg88lWQ493+g7wfUHRbbi8vh41I9CF36Oqq//I16YGCearWT6RkSqOtPruJFgRgQ6R2TRwlr0Uv77Dzav5EfLN6kfn1m1BsD7U2tL0iRR+uCkz91/9DEwhlfKC0Q+b3F9DOL/cinEVWUUH0FMJeF/kC2cYvkz7LLAI4xNZuWbnrbvYPDFo5POoO0vcDldmntWtUDj9XqOSYpQOpXCF7gMqsVi8875Xssj6Nm1HlsQY086di9/HDDnhBLbm74Vy2QPhAU5LUkSjy+q1a83SgYUhhpGw+hKvJ/J8McMYmyUbaf7EZ4cDa43lRmkZs8XgNSvXv7UbGuagv4J438sI5P2uh47fwTxv+oO7Ame+JdldWIqqXIQm/Tu76hpqGhKDiOUYj1lclzoLLP/ZRUjAIod024orIv/fAqb3UyDgBL20uLskaU/yetSY6sN+DUPnmvDh1DnlNM2YfypO80KJclJ4J+OxR1K03ATs5iRc3AL/4Bxk5Uy6UwXUMBj9R8xqkDGHxVKrqq0zbPHBHbR7t/8Wf7CxQ7gVRQzoYBRHvrUc72vyclM+HqBsSBLXFVvqzS+zL0dydlAER5uL6SkqcNC3uWvWaHc6V5sBc23AVtbDCnCYhfGHyDkKGSquvhAuh7i/TQAOvST75f+cb/ENkuw9VbgBaaAT0GfLB1KlN5x2At7Jq+YLNAZjM6W1mCI/Vy6EwCsCHCMSChB4lwCgERcpAi3tNPmci7zjG1/IRmMXQkAA/uil88vjcLCiFQO4/pR/HhsUokRfeOFOl824FeJXvweal3HwnArwRYSGeEekF9jSBW9XaKCXHYTR1DsFBp9nyfGERYFhzA6+5ijpWdePRajRgLY1TZ6DpfaqHEXS1gStjYu2gyZ2j3ogI6b3o3iGbV2RREV7o50LFLdSGE6iTcSE6KMnN7Aam53ahV4ZALsNfBAkKjH5pKJu3Xv/xEPpgJ2auCxLH25uBZ3Y23MXC/mu1zP7//6xtfkWyJmCouP9vawir6bfrWRZgZAbkC1byQOLZPVaPEcKhKKnp3KfidmArOkFh1Psa5BxrcMFcmvGwS5Ix7SFPSf9B9x+4TV6QZX1fVCE5APLfXlHiOar1Dl5+HAa27DRaUMls78De2wiN6J5suYv14R92HZowEGUaRcVzPSse0A30HFoJ9h7OQZOUY5gTOaqc5mrhQAA5Iu2VaD1NY2s05fBA0cm4PHiYuOw4A4PI9FkLmcm6AG7IVVD0pybvWZvRGFPHlhyRX4zj6uSQb2E3+POyogSNxev3LGMj8WAYCh60oguoTJERPY7KLkaXETU2usNYTHwRM81lNN2/X+BZg89MwaFUA+P+dt/dwOj97NsNAz/7cEpnheAkk1s0Uwkn6svfTYgcX33Poz4Q28brt9N71GyfyOjCFxc+t1qdGtHwg9GlVY6Y4WWehiGmF1bS8X2m5F9zCwnVpce+dMTC+WFaizktA2XmevLkKuTLQxbu45v/1jMb8YsX6zKx+9/hbwheSbuRBwBX/vbx8WxADN4MjcwexUypxnGcqUKeDGK6L/b3pQmG8JExMOSgM97XYDQc2OdCvGGAxZVqVSgVWnMlPMQFR6hSsomyDTPh87OZ8FV5XI+gGL9e1yUZmoJUnBF4IkYAPPdJLinwQjokTXrLmoJGxFj4ZLDNLzXWi6nLuwCZ/+9S1jrSKP2rPEXQZw8ArrlaXk7Nj3NKXNUmVNV35F+epTM2KkqBhaWhoLmv2bX+uTGlmsUL2/sGt9i31smYPqEe3ZsWhOgBiSEdGt3hsJZwBR7Fws0SMnCAT5Tayk3UBg5l8K2fs2g4p04lGzmXSCZtfWRh03yzE+eoqRqWECSETRGbzYqy59x9M6e2qLLmU1TWpolAinzJX4/fUzW2HNVnADY3JtGbQWYUTRVkuMDhMS43GlYErxUjV3mwq4q2Xru3nVQBPLXos4mRuA8I4OKBgzN78E+aAPLk8h6CJFGVla2CGjOfuJS+YjcFvs8EuwJeadBu5NvI12sIATnNxOc0e6U2kZKndCla2+f9bPstdkF85PkLvCa058dAz6wS6TYIAvIQzzuC09PDJFkOBHliVMiVSCbkHbvAnaUTtDznqia9w//+of8gmf0z637Xv66Mt3BXtG+z9J3JU/hygS5ZbSj8Sw/E77PYfPDrOJX5PON9925UqCqjlEFz9fd4JBQdsqm5Lq7ccgsW0mQPl4FyW1uvxvUCkrKlvDTpacWEx/PmJUI= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZQTptRpHYc7mtWq7fZTGqHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB5eLy/2Y2F+twGthYb1qHBi7t+RGHEY0boScS4tq4Pab3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoARPLnK8+Au5ZALyfhGEwg6hrKQ3vxBFKwg70Zi7pDxFM3vTLNOav1wIZMXQVRleKYDmn1lvgAn90mSDf7SyGQSZnn7Ivlsuw7HIKVYbpfzf2fBccdMBnP2lNhH9XQ3DC2qZAEuDtLkioBZ9MNJGhHpcOdb/HRc8P54k7V/HuibORzJL9NXYCh8sz7uxeRbttC/+YbnzW5+JOXs5ePtQu9FxhOlLD2rpghGmLLQQz3Qtdfjj5QGFTiWwEn7JfT+zb ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/5f06f3349dad0036

Extracted

Family

azorult

C2

http://216.170.114.4/send/the/index.php

Extracted

Family

trickbot

Version

1000312

Botnet

sun10

C2

82.202.212.172:443

24.247.181.155:449

24.247.182.39:449

109.234.38.220:443

24.247.182.29:449

24.247.182.7:449

71.14.129.8:449

198.46.131.164:443

74.132.135.120:449

198.46.160.217:443

71.94.101.25:443

206.130.141.255:449

192.3.52.107:443

74.140.160.33:449

65.31.241.133:449

140.190.54.187:449

24.247.181.226:449

108.160.196.130:449

23.94.187.116:443

103.110.91.118:449
Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:injectDll
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      Malware-1-master.zip

    • Size

      45.4MB

    • MD5

      ef37386fefe6fbbf646805a591add083

    • SHA1

      1abfc73d9a379c796036de72e5f7961b4295bf5e

    • SHA256

      2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

    • SHA512

      112cccdada7554db108f3fd469e72fc0568aadbcad33b75a2046018827c5542d5fdcb6b454eb7bb0f58a6ea00e65bcd503a807222e1f21cc9a0f087c89453d3e

    • SSDEEP

      786432:8hXFC0opkN2sA1VYXb1ZfLKvrXpXyNoqpkHuMBWn3GhUclPgJ26GEa5+VX:+FnQCXb1ZzsyXpKdBEGeQP2Vj++p

    Score
    1/10
    behavioral1

    • Target

      Malware-1-master/2530.exe

    • Size

      1.2MB

    • MD5

      568d17d6da77a46e35c8094a7c414375

    • SHA1

      500fa749471dad4ae40da6aa33fd6b2a53bcf200

    • SHA256

      0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

    • SHA512

      7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

    • SSDEEP

      12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

    Score
    10/10
    emotetbankerdiscoverytrojan
    behavioral2

    • Target

      Malware-1-master/2887140.exe

    • Size

      144KB

    • MD5

      fead887648bddd70a05cf7a7090411dd

    • SHA1

      250c0de3dc100d265ae495f045a2c47dad3520e9

    • SHA256

      dfaf75da62d0561d171217fe893bd818a72ebfccd9d7e7f4c046f5b3ca44794e

    • SHA512

      e1f15de084a78bf27a1c62b5d0d31fabd10be13983dca05962c40ea1e8b3f7bb617e92f44a78048d3484d16f5d4b9e42bc8c5a4b02fda0e0f5eb69368149920a

    • SSDEEP

      3072:buY0LMcTrgw6mo4bnGkbUyh/h39iN/Ko8LdKpZbZo:SY0IkImZUyh/h3MOc

    Score
    10/10
    emotetbankerdiscoverytrojan
    behavioral3

    • Target

      Malware-1-master/32.exe

    • Size

      1.2MB

    • MD5

      568d17d6da77a46e35c8094a7c414375

    • SHA1

      500fa749471dad4ae40da6aa33fd6b2a53bcf200

    • SHA256

      0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

    • SHA512

      7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

    • SSDEEP

      12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

    Score
    10/10
    emotetbankerdiscoverytrojan
    behavioral4

    • Target

      Malware-1-master/5.exe

    • Size

      312KB

    • MD5

      0b0dc2b2ccd4b46b3381508f7209a582

    • SHA1

      a67a1619f96914e4e50e4f86f656ebb54021879a

    • SHA256

      66ae33003289d8c6c3dc7c45c1b01110b4820281061292ac076b1783700a1f2d

    • SHA512

      0715c2f6e01a923deb8bd5c4c70906942ee46dba6383bbd2edbde53e23a7b5c2ab8063e5f48a973925815f1dec18fe15c362fcf928d4f35d12dcf123f303cc37

    • SSDEEP

      3072:5ODQa/lz20bbn7yXO/7/rCaZXo3ZU+BfhYJMyTPkDDYvU:+Qahr7DZXSpnSs

    Score
    10/10
    emotetbankerdiscoverytrojan
    behavioral5

    • Target

      Malware-1-master/96591.exe

    • Size

      1.2MB

    • MD5

      568d17d6da77a46e35c8094a7c414375

    • SHA1

      500fa749471dad4ae40da6aa33fd6b2a53bcf200

    • SHA256

      0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

    • SHA512

      7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

    • SSDEEP

      12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

    Score
    10/10
    emotetbankerdiscoverytrojan
    behavioral6

    • Target

      Malware-1-master/Amadey.exe

    • Size

      49KB

    • MD5

      871294e398217876017702c96d0e7854

    • SHA1

      35a22da1522bf86659576ed59235f8ed7029e79b

    • SHA256

      7fd898dde3a7ed047657e3dc81c3de50ed381857edc53744664332fd98476c54

    • SHA512

      047237e3a615839918fe32662524f2de5455734a01cbb2f66017c636f3d08207b3aead79cdff9a94729550ad7eddc2b5950d5e774fb25fba2d0d69e048ca7fe5

    • SSDEEP

      768:AN4a7os+Bd1CiSJfBFdiGOsSyS5/hhurlzdx:3a2xC5+YSyE/hgpzH

    Score
    7/10
    defense_evasiondiscovery

    • Executes dropped EXE

    behavioral7

    • Target

      Malware-1-master/Blocked-v1.0.ipa

    • Size

      1.1MB

    • MD5

      bdf0fcbfaf2d9a0d788a3b6ace7c6b42

    • SHA1

      02b6be369997d4d0ddc7ea7cf9d0e0ad02470b5f

    • SHA256

      19c538fbb52c15ed9c739c2f45e5d78e432a916db0218f77c7297d96d72e709d

    • SHA512

      0c271a0df77f86fa6ecf483389f34ab1a95109dda468a84a150058e4e363bcc5021f538671a22fbca85516fc07815cfaf3027715e720a6e760061972ef172c47

    • SSDEEP

      24576:KxaqV2aFXljSo9osEv4gfyyYAcPEec5/KqnIqi9Yr21LT1qUDKIqSRPFgJIW:6zN9onpmB+xQLZ7DRFQIW

    Score
    1/10
    behavioral8

    • Target

      Malware-1-master/Download.exe

    • Size

      247KB

    • MD5

      6a97f4f16e7879967a5c02d143d0bd46

    • SHA1

      0898ccf65770813f69bf339462a05a8c6e17be69

    • SHA256

      de2274da8cf00dfc6e6e52db43f82210a1fb7fd30016ebdc81347fb2d1f248fa

    • SHA512

      0bc14103518a2e234f4e3f4ddc46e91a1ed21c2885fd4eb27d3cf8cd088e4fa4fffcc221ddb404f52794c57d6693b2ce080e797bf33f2322490030e0fce0ac27

    • SSDEEP

      3072:ZV3bDzHY2weWeFoyUWfMRBsfpVZynzK4ChhO2IGmXf3Ur3CvZJnodCKJYsUH+Iun:ZBbDzHY0UsfPwUIvOd1

    Score
    3/10
    discovery
    behavioral9

    • Target

      Malware-1-master/Illuminati.exe

    • Size

      1.1MB

    • MD5

      087b2505ac41831c753cf7d1e660c42c

    • SHA1

      dcae226923e062291f48de4d3416d38387815c67

    • SHA256

      f99e4c9a4dd14d402b16e36988b72f3fe7f34b42157f756dbd14b39c70059336

    • SHA512

      10d5f6f7c9f1df66a7afd3dcd2e70288d89bb75a2f6fffa3621b4a4192c40b290eb7c76392b0b282d80925b81d2271c3d1e96a4f406d1f1c0d069a5f6f96c086

    • SSDEEP

      24576:qqvM7STjLT5MSLMDPS2X0xCyj8pk3tgqdtKkkoMJJck:VwMfTvcS2kjPgUGfJ

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10

    • Target

      Malware-1-master/MEMZ-Clean.bat

    • Size

      9KB

    • MD5

      bbae81b88416d8fba76dd3145a831d19

    • SHA1

      42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

    • SHA256

      5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

    • SHA512

      f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

    • SSDEEP

      192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

    Score
    7/10
    discoveryexecution

    • Executes dropped EXE

    behavioral11

    • Target

      Malware-1-master/MEMZ-Clean.exe

    • Size

      12KB

    • MD5

      9c642c5b111ee85a6bccffc7af896a51

    • SHA1

      eca8571b994fd40e2018f48c214fab6472a98bab

    • SHA256

      4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

    • SHA512

      23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

    • SSDEEP

      192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

    Score
    3/10
    discovery
    behavioral12

    • Target

      Malware-1-master/MEMZ-Destructive.bat

    • Size

      13KB

    • MD5

      4e2a7f369378a76d1df4d8c448f712af

    • SHA1

      1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

    • SHA256

      5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

    • SHA512

      90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

    • SSDEEP

      192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

    Score
    7/10
    bootkitdiscoveryexecutionpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral13

    • Target

      Malware-1-master/MEMZ-Destructive.exe

    • Size

      14KB

    • MD5

      19dbec50735b5f2a72d4199c4e184960

    • SHA1

      6fed7732f7cb6f59743795b2ab154a3676f4c822

    • SHA256

      a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

    • SHA512

      aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

    • SSDEEP

      192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

    Score
    7/10
    bootkitdiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral14

    • Target

      Malware-1-master/Petya.exe

    • Size

      225KB

    • MD5

      af2379cc4d607a45ac44d62135fb7015

    • SHA1

      39b6d40906c7f7f080e6befa93324dddadcbd9fa

    • SHA256

      26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

    • SHA512

      69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

    • SSDEEP

      6144:DCyjXhd1mialK+qoNr8PxtZE6x5v+k6f:rjXhd8ZlKOrMZE6x5b6f

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral15

    • Target

      Malware-1-master/Software.exe

    • Size

      1.6MB

    • MD5

      db056b8fa628b67e11bd626192939d6b

    • SHA1

      248ca50f39de6b6180265d19fb6eedc68bf25afc

    • SHA256

      e7f04e85236f0caafe518bd96369313021969077dba1c4a6d42e694498dab04f

    • SHA512

      bca1856b4bb8342c0f6d5ee19edcb420c70e6b272f087d3f8f73daa00842fa00037840a5eb5655e1445af8d578d304874323b2889f75b27136df9366df596336

    • SSDEEP

      24576:ytb20pkaCqT5TBWgNQ7ayEYyM63uUOyok0ceJZwd/w9mML9eu4MaMUp46A:/Vg5tQ7ayExZO9k0waPLR4Ma25

    Score
    10/10
    imminentdiscoveryspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral16

    • Target

      Malware-1-master/WannaCry.EXE

    • Size

      3.4MB

    • MD5

      84c82835a5d21bbcf75a61706d8ab549

    • SHA1

      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

    • SHA256

      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

    • SHA512

      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

    • SSDEEP

      98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral17

    • Target

      Malware-1-master/Win32.EvilClusterFuck.exe

    • Size

      64KB

    • MD5

      2e84f71165225ba0f7f8187c0b2f0f37

    • SHA1

      3c9bf036163ede4b7f9152d04d1a83b7253dd029

    • SHA256

      c9b98408ca67d08e1986d1855c4d99944caad5580533d18496cd8de86dd0885f

    • SHA512

      82c39aaef6103877c8472a55eab6270d57f4d7c46830aedf5fbb5661d7e3fd7aee2e172cdc830cba22cd9034f37784a8cc34f70a5918491bccf148ee923db389

    • SSDEEP

      768:S5ohpPUa2T1VZj4jkVQu7MKquVspXKCxiJrFnMWDmLfe9NZ+OAhaptX/71tXHHi4:tcd1Pl7ZVsw3rFiLfe9NZmAP5ZC6N+

    Score
    3/10
    discovery
    behavioral18

    • Target

      Malware-1-master/apache.exe

    • Size

      252KB

    • MD5

      8e747a4c115ac090e54dfa899c287129

    • SHA1

      a1c523ad0a2fa1b533fb752a25aa48ff1cd4e1e3

    • SHA256

      1117f585985ca4ddd03695876522f80951c919cb41db5854f013923f62285c09

    • SHA512

      049fae2cccf4e1afc79d9e72e016f27d7714ad8b747c28ec3ad520bc25ff319f12aced97d16dbbe863aaab11514a9e90477656983fd67939c0e6d2ddb93558b3

    • SSDEEP

      6144:ZcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQc:ZcWkbgTYWnYnt/IDYhPn

    Score
    10/10
    darkcometguest16discoveryevasionpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19

    • Target

      Malware-1-master/butterflyondesktop.exe

    • Size

      2.8MB

    • MD5

      1535aa21451192109b86be9bcc7c4345

    • SHA1

      1af211c686c4d4bf0239ed6620358a19691cf88c

    • SHA256

      4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

    • SHA512

      1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

    • SSDEEP

      49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ

    Score
    7/10
    discoverypersistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral20

    • Target

      Malware-1-master/crb.exe

    • Size

      139KB

    • MD5

      24275604649ac0abafe99b981b914fbc

    • SHA1

      818b0e3018ad27be9887e9e5f4ef1971f422652c

    • SHA256

      4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749

    • SHA512

      008ef045724963d6ae3b845a6c3de8ebb6682b0f4b8ea77c2d35e2193596b78f0092183de0a88a34f7dde4e71abbc129b2f0f00fd8469801fff66f1b8390b6c8

    • SSDEEP

      1536:JLMVCWvZ8URtqOz3d+1Qs6H9Mk2e3E2avMWC3yMgYxf6+okbdWsWjcdpKCaIxWzX:VM9ntZ3s1QJdnU2SQdf64ZZ8CaIxWec

    Score
    10/10
    gandcrabbackdoorcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (304) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral21

    • Target

      Malware-1-master/eternalblue.exe

    • Size

      886KB

    • MD5

      981aaac4782bb076aa737901910f2556

    • SHA1

      a552a4dac03b584cbb7d461fd48b01ddaa85af5d

    • SHA256

      7f5f447fe870449a8245e7abc19b9f4071095e02813d5f42c622add56da15b8b

    • SHA512

      334d096f72d46adc522f21834d116968a7cb5f05dc21c60e094ac4ccff69412a2c108aeb5c54861ac717ebf884c632edd0291a3d832e4ab7dcc7903e7f965934

    • SSDEEP

      12288:96fny4wDTzvE/XICULcJ48j406qbgg6RaAD9bSoGGHgm3Ihr6k:96fny4wbkHJ4I40vggPWSoGWv3c

    Score
    1/10
    behavioral22

    • Target

      Malware-1-master/fear.png.exe

    • Size

      66KB

    • MD5

      60ffde3dd3003cd24feeba26e47e6571

    • SHA1

      e6c57a55ca93b1f6ebccb8c5fe9757fd0801eea3

    • SHA256

      101678f77a65b5b5830a128e4c737b2aaaea5be95327ec68213ebb92e4251170

    • SHA512

      0a448886296c1f67760f2e09cbc226955c5abd833b6e7b2ce146cc673ddacca7bfbc59f2fa3f3a83381e7d67a0a677c487fc343833e3834dce84e00a6d286ca5

    • SSDEEP

      768:AQyHrxwRjWjPc/u1SDSepzEtYcF6HKc6K:AJHrOWjPcmSDSepz46Kcl

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    behavioral23

    • Target

      Malware-1-master/getr3kt.bat

    • Size

      13KB

    • MD5

      4e2a7f369378a76d1df4d8c448f712af

    • SHA1

      1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

    • SHA256

      5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

    • SHA512

      90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

    • SSDEEP

      192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

    Score
    7/10
    bootkitdiscoveryexecutionpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral24

    • Target

      Malware-1-master/iimo3.exe

    • Size

      1.7MB

    • MD5

      4f8767983d865a5e706ae3c6aa5ab6c5

    • SHA1

      535bc0a1cf7140176fd6e6a205f3394d146c2ba3

    • SHA256

      5ac017285572c24fc8b77324a52ca484e83c3622c61bea80a74a6850f0a16061

    • SHA512

      a88e5fd993d2fdde869ef32a5271d5bbd222f2174217bf4e2c4cea6fad624d237b3528478b70ab1ec5011bd031fc93319865f5877e06fb3efcc53cc5c7e786a3

    • SSDEEP

      49152:ZgTJ84RvagaNgNu5W05jvIAo69PnaLgnMu4x:ZgmmygtNfCvjf58

    Score
    10/10
    discoveryevasiontrojan

    • UAC bypass

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral25

    • Target

      Malware-1-master/jey.exe

    • Size

      744KB

    • MD5

      5a38a223e632a4754f6ec51cbe31215a

    • SHA1

      008cfd9a4345ff5307daa5d2662db2e185fc3014

    • SHA256

      97cd04af9acddab58cffa58c677d7645f5d894769d76539f44380b9175a67bd4

    • SHA512

      e42691b8fda725865b1f379ad8fb56e333ab0c588989ae2890c074679fc59f392b475c57dc472998f00b4a3cad7456810e83886f4f7dd57a8492266ea4eeb189

    • SSDEEP

      12288:Sss9czpqdx1S3DcWayzZPnpdVYke81SmUJqwCW+:uczp4Y3DN5VYkN1ShFCW+

    Score
    10/10
    azorultdiscoveryinfostealertrojan
    behavioral26

    • Target

      Malware-1-master/m.exe

    • Size

      1.3MB

    • MD5

      cb53694f76bda870730f964f84f754a5

    • SHA1

      bc1e6f81d8c54a5fb2e14f9f1ecce980eacb8844

    • SHA256

      9ca85dc8b2ff574f775ddc92a45e48a74323c79e8fb2458413decd53cdf47aa6

    • SHA512

      676c46b803b489afd780b4a0f58297578c9a1bec14b1e43a703664c3beda290dd6c88b6175afa59007d491924f217e623a831026aa2cec77a1c86305865eadf6

    • SSDEEP

      24576:CYt5D+J+TLTSdZRFNR8aBNBweeS2ifqpAp7xGFyN/nd+7dQ5fUMkl:CYt5++T/SdbjBNOeeJiSp87Eu/dUd2UN

    Score
    1/10
    behavioral27

    • Target

      Malware-1-master/mo3.exe

    • Size

      1.9MB

    • MD5

      9d7166176660b51398b82a2793d9e9ab

    • SHA1

      b8511b36463a9b64b1a383805f16c99d4cf9ab30

    • SHA256

      ff4e859d5fa6d8dea84aba8c9c0ccbc58f86be198e4a569f19f60c7844dd4edd

    • SHA512

      938b5c274cb2d3218465f6f9eac21fb37de419e7f5e1a1383a5620d2a5b4cf50f4e730d4de45a67dca9b00373e8fd7c096d1cece1ffdb8a16be85e92f394b587

    • SSDEEP

      49152:h6EMvW2D6H+CFkDSMMRTw+0PRzgUfyMzKmWSfg:h6EChD6HPeDFpHGUfy4rlY

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral28

    • Target

      Malware-1-master/readme.md

    • Size

      154B

    • MD5

      663c882a0d419faf6e2f5248475af539

    • SHA1

      16aa09ad953d6c1f9b119db699518cefac07a937

    • SHA256

      778853b036941d503d6f279777eeb14130c24c318e5c2ea2c6eadabca331693b

    • SHA512

      97a0db4705846772765d497f59200dc47f96c167aba886e61292eaa19d2c798923022572a1da755a926ebe4832530e870714f31281329d0f76833569415f111e

    Score
    3/10
    behavioral29

    • Target

      Malware-1-master/wannakey-master.zip

    • Size

      2.6MB

    • MD5

      3e124e1aef07a9ec3085bcf8c6234e1c

    • SHA1

      1765ae5f7097d18f63a4f7dfcebdf78617bf6eb0

    • SHA256

      941eb0ade566d9b13faafcbc9b94961fede92f01d28bec4e3b70d11f74d0549d

    • SHA512

      20892d03aaab0ac22c653be27af9be1afadc1bd3b4b746683a5c381805eed20f3ec00c90b335c19337777549d9f4d296d8c2af03bc54824cd10420822404d78f

    • SSDEEP

      49152:G4lcggNwl3edhRpi7RhXt2oYe+8Yk5Ddk6KGuKcC7LXYrQb6sw4J6YR6g:G4kdCRvce+pk5q6OKtIarY3g

    Score
    1/10
    behavioral30

    • Target

      Malware-1-master/wintonic.exe

    • Size

      1.6MB

    • MD5

      c7cc7175fa6a305036ecd68cfb4c970c

    • SHA1

      c440e7653a4811935222651dfe61e56a70e5b92a

    • SHA256

      a0375c241cebcf6c4a0293f45a5dc0ce1150fe8169ea410c818af67e6f487b4c

    • SHA512

      0fe4873d7cf6be5fcae7cefd545205ea58a977679b2183ec5caabd47920e3b66813e31e6e545d585f15d3a17d21846b042cd40a507d662c19a2bc58fbfbe4fff

    • SSDEEP

      49152:+h+ZkldoPK8YakOvfcrEb8XCOEU5fwr9K:X2cPK83vkrEb8XCfU5AM

    Score
    3/10
    discovery
    behavioral31

    • Target

      Malware-1-master/youwin.exe

    • Size

      379KB

    • MD5

      c3f3773a596db65c6491b578db621c45

    • SHA1

      ba5529fe2d6648ebfa93c17145f5570f448e1111

    • SHA256

      dfe2c886d9a6e9b26cdddba621fda00832a59def9813177863723e33c8011b0c

    • SHA512

      8d7fab47b741c2e64533c30400cc6b8c20750948f9a9ad4382463ea920021d875eb9dd4d424d182cf25ffdfa96ae2088e89ae8220dd10e161fd9cbb37e213061

    • SSDEEP

      6144:dVH5X7dPd2cUnZF+ZXsFv+g11ZebOzWl4QFUTUPYeOEH9yyIKC0ywAHTWZ:dVH5X7dPd2zcO+8ebRJlQeOEH9ytfvw4

    Score
    10/10
    trickbotsun10bankerdiscoverypersistencetrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot family

      trickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

11
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

2
T1553

Install Root Certificate

1
T1553.004

SIP and Trust Provider Hijacking

1
T1553.003

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Credentials from Password Stores

2
T1555

Credentials from Web Browsers

1
T1555.003

Windows Credential Manager

1
T1555.004

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

9
T1012

System Information Discovery

7
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks

static1

upxguest16minervmprotectdarkcometxmrig
Score
10/10

behavioral1

Score
1/10

behavioral2

emotetbankerdiscoverytrojan
Score
10/10

behavioral3

emotetbankerdiscoverytrojan
Score
10/10

behavioral4

emotetbankerdiscoverytrojan
Score
10/10

behavioral5

emotetbankerdiscoverytrojan
Score
10/10

behavioral6

emotetbankerdiscoverytrojan
Score
10/10

behavioral7

defense_evasiondiscovery
Score
7/10

behavioral8

Score
1/10

behavioral9

discovery
Score
3/10

behavioral10

discoveryupx
Score
5/10

behavioral11

discoveryexecution
Score
7/10

behavioral12

discovery
Score
3/10

behavioral13

bootkitdiscoveryexecutionpersistence
Score
7/10

behavioral14

bootkitdiscoverypersistence
Score
7/10

behavioral15

bootkitpersistence
Score
6/10

behavioral16

imminentdiscoveryspywaretrojan
Score
10/10

behavioral17

wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm
Score
10/10

behavioral18

discovery
Score
3/10

behavioral19

darkcometguest16discoveryevasionpersistencerattrojanupx
Score
10/10

behavioral20

discoverypersistence
Score
7/10

behavioral21

gandcrabbackdoorcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer
Score
10/10

behavioral22

Score
1/10

behavioral23

Score
6/10

behavioral24

bootkitdiscoveryexecutionpersistence
Score
7/10

behavioral25

discoveryevasiontrojan
Score
10/10

behavioral26

azorultdiscoveryinfostealertrojan
Score
10/10

behavioral27

Score
1/10

behavioral28

discoveryevasion
Score
9/10

behavioral29

Score
3/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

trickbotsun10bankerdiscoverypersistencetrojan
Score
10/10