Overview

overview

10

Static

static

10

1PDF.Fatur...07.exe

windows7-x64

8

1PDF.Fatur...07.exe

windows10-2004-x64

8

3e6642f710...5e.exe

windows7-x64

10

3e6642f710...5e.exe

windows10-2004-x64

10

4c40337094...92.exe

windows7-x64

10

4c40337094...92.exe

windows10-2004-x64

10

644d928a4a...25.exe

windows7-x64

10

644d928a4a...25.exe

windows10-2004-x64

10

64ec6562b9...2e.exe

windows7-x64

10

64ec6562b9...2e.exe

windows10-2004-x64

10

7a0395c75a...8e.exe

windows7-x64

10

7a0395c75a...8e.exe

windows10-2004-x64

10

901478668c...d4.exe

windows7-x64

10

901478668c...d4.exe

windows10-2004-x64

10

938b7e042b...98.exe

windows7-x64

10

938b7e042b...98.exe

windows10-2004-x64

10

96d1bc7dec...b7.exe

windows7-x64

10

96d1bc7dec...b7.exe

windows10-2004-x64

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

DHL_PT5638...53.bat

windows7-x64

8

DHL_PT5638...53.bat

windows10-2004-x64

8

DTLite.exe

windows7-x64

10

DTLite.exe

windows10-2004-x64

10

PDF.Fatura...07.exe

windows7-x64

8

PDF.Fatura...07.exe

windows10-2004-x64

8

PDF.exe

windows7-x64

10

PDF.exe

windows10-2004-x64

10

SIP.03746.XSLSX.exe

windows7-x64

8

SIP.03746.XSLSX.exe

windows10-2004-x64

8

a33245a27c...8a.exe

windows7-x64

10

a33245a27c...8a.exe

windows10-2004-x64

10

Resubmissions

21-01-2025 11:18

250121-nef6aa1jfx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected2024071401.zip

  • Size

    54.3MB

  • Sample

    250121-nef6aa1jfx

  • MD5

    1deae7b244bd725828d39c59ccb36f5b

  • SHA1

    af1298cefef18ddae3bc472b61828d4b8ee30594

  • SHA256

    c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

  • SHA512

    15d37132af78f43b79da983fdd7db5a6716d9eded87568e1c1a24a8241f5e4e0f7de22b6c72a0640dd027ddc50f2f24fdb0ec5b8a2ed606588e2ce80aa873bbe

  • SSDEEP

    1572864:ZCPcetzLnPM24Z4Ienxa/x4AW+kTpM/vpnT:M3LnPHxACSkTpqvpnT

Score
10/10
blankgrabberremcosremotehostcollectioncredential_accessdefense_evasiondiscoveryexecutionlinkpdfpersistenceprivilege_escalationratspywarestealerupx

Malware Config

Extracted

Family

remcos

Version

4.9.3 Light

Botnet

RemoteHost

C2

127.0.0.1:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-52SPIJ

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://thelustfactory.com/vns/1.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://thelustfactory.com/vns/2.ps1

Targets

    • Target

      1PDF.FaturaDetay_202407.exe

    • Size

      323KB

    • MD5

      d8bf792f818877bf4848fde9511caeb8

    • SHA1

      a8aea1abb7cf1ddb275584bb5746c97790342e80

    • SHA256

      f5d96127b34730cf3bbbccd1c35098873fc0af897cc5d6dc3dd39a8e64c511d7

    • SHA512

      28292c32d518cecb66ef0a41f583022b6c125ae758fb013dd51896c25625cc23da2a8604d794e2198939f994d15bec09d9b67003bc5bd734d27b15b167e1ebe4

    • SSDEEP

      6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BLtsorUC7ggXpTILMYSQpIIQENMshQt:kANwRo+mv8QD4+0V161tTNjkIIFN5c

    Score
    8/10
    defense_evasiondiscoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion
    behavioral1behavioral2

    • Target

      3e6642f7100bb72137d68b5aa34a2d1f1a75722ab7d2b15987bbdeb84bc3265e.exe

    • Size

      1.9MB

    • MD5

      0475d0b51b30bf28599601243c9a9aae

    • SHA1

      7adf31fb8aaa01d94531f9e058e33877e0141ccf

    • SHA256

      3e6642f7100bb72137d68b5aa34a2d1f1a75722ab7d2b15987bbdeb84bc3265e

    • SHA512

      92167276fc1688239f252a7101c2082ce6cd1f65f30de3b9b33a22d2fcd58a542faecf308d67c719756b4b504247c1588d159120439d1d2ef1a47612575192d6

    • SSDEEP

      24576:7DseOujx71gWufN62I520/hjlB6iTzKFjiZpWFsZrKp0HqGmyejFykKu9XusD4eq:7DjxSNudSOZpW+wG8nXv0eq

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral3behavioral4

    • Target

      4c40337094cf0bb86fad86d2ea724ac6e6a499f0acd877839a69d35c354a7792.exe

    • Size

      2.2MB

    • MD5

      05b8f1d7c18fe35533949d3b3ae5c726

    • SHA1

      581171a5941b4231548331b16b2342b50616dd23

    • SHA256

      4c40337094cf0bb86fad86d2ea724ac6e6a499f0acd877839a69d35c354a7792

    • SHA512

      f0effe37b6097d286ba67f44da82847a56c0b933166bb4904cc75db074ad11152bd06b80733c927e55ddac84a335ff764ac8cf3d5eccdd11079f2e0162476ea5

    • SSDEEP

      49152:ob33xSNudSRZpWod7tOvJOHdi1PXdFs0KinlZ4PCLRn:ooRRt6udqr

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral5behavioral6

    • Target

      644d928a4a942f6ae4c90640103b595941f7a0b557ba49d122d137b1429c0325.exe

    • Size

      2.0MB

    • MD5

      771eade8ae168734077830344b852624

    • SHA1

      5ac6b79a426a3229adef67508b751815af689f86

    • SHA256

      644d928a4a942f6ae4c90640103b595941f7a0b557ba49d122d137b1429c0325

    • SHA512

      ec70c99c9c0f608abd25ad614488c5a8adf7170aa29a4204efa5e7d03c0a50a55fdabbbf5758a4a24f9542fd264e98c05b28e99082e5775ca4b3d13614eef3b6

    • SSDEEP

      24576:N2bLgxjx71gWufN62I520/hjlB6iTzKFMiZpWht5YY7tOvkIOTpNsVOt1a42oU+D:NYQxSNudS5ZpWNd7tOvJONNdMboMToL

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral7behavioral8

    • Target

      64ec6562b96016699c6ae14166f4d31bde2b160eaa84d34a661fc2943017202e.exe

    • Size

      1.9MB

    • MD5

      2c9b6dd3a6026fa2c7db268eaea331df

    • SHA1

      fb4c9fe50dfc133895929a96f1f43047a4ced8dd

    • SHA256

      64ec6562b96016699c6ae14166f4d31bde2b160eaa84d34a661fc2943017202e

    • SHA512

      899728690f636ab34e440eb1add2abd16dc3e286fd51608b2d41531ca8c00d79925e8565622185bd35e8cdc0d0c6a1a5c001c4faeba2c36e593f96cde7128856

    • SSDEEP

      24576:ZDgcvIjx71gWufN62I520/hjlB6iTzKFjiZpWOsZrKp0HqGmyejFyogd23TZdG35:ZDFExSNudSOZpWfwG8Xd3Vkk

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral10behavioral9

    • Target

      7a0395c75ac633d66a7a9f2690cbdb9c90ac5b0fc4f9273b6e0cf16f70eedd8e.exe

    • Size

      2.0MB

    • MD5

      1e96a6d78465dceadfaedf2c8200a6de

    • SHA1

      8f4569d6233bb9ba161a68527ee9b8e8c04a63bb

    • SHA256

      7a0395c75ac633d66a7a9f2690cbdb9c90ac5b0fc4f9273b6e0cf16f70eedd8e

    • SHA512

      7a920008616f6b2a2c7abfd272b2e22c471dd68b5d9d6c8bcbb521bb26173d8e06fc0b291964205cdc9347dd6a946fcd2239a8d0ca67bd1adaa0eaeae1722127

    • SSDEEP

      49152:j1YhxSNudS5ZpW5d7tOvJOpE8BIMXxl4IPTRUN33eFvlux4NuAIBq6As/qZrUFju:BYm5Et6OEVS

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral11behavioral12

    • Target

      901478668c0d5ecb3b5044dcb3e1744045f7b2a800a7c0c67020d9294470f3d4.exe

    • Size

      2.2MB

    • MD5

      6c155f7b7d10fffc7a31ce4eb5d3a1f8

    • SHA1

      f3483275258b30ab963e672656fd9aaebe814877

    • SHA256

      901478668c0d5ecb3b5044dcb3e1744045f7b2a800a7c0c67020d9294470f3d4

    • SHA512

      5a1a94c2b63a683a5281b05b998b5b35a215bab2cc47c74f332783a78a5de107f8bb15ca3c006e1672f4ab4918376f09769fa028a172b68a6ded814e4be0ed65

    • SSDEEP

      49152:qb33xSNudSRZpWXd7tOvJOodL1PXdFs0Ki3lZ4/yARne:qoR2t6ld1Ln

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral13behavioral14

    • Target

      938b7e042bda75e416261e46d0d4873781fd5d53c2ce6c2748b92eeb8a826598.exe

    • Size

      1.9MB

    • MD5

      c318036044f10d288cedac36d81a611b

    • SHA1

      442245535cd0c4876f784a28fdbf6a32bb70e220

    • SHA256

      938b7e042bda75e416261e46d0d4873781fd5d53c2ce6c2748b92eeb8a826598

    • SHA512

      6043678915f0893b3fbca5633dc1effe2e27d0f25eb1da413b14b93aa4204334b8792fee3e67bbfc905cc0130748afbec6fc6aaf834fe7c168a430bd06d769da

    • SSDEEP

      24576:MDXpgvsPjx71gWufN62I520/hjlB6iTzKF+iZpWWt5YY7tOvkIOTUQvb7Mhh21:MDevYxSNudSrZpWKd7tOvJOpb7K81

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral15behavioral16

    • Target

      96d1bc7dec91a7a4e5fe653853a504e07d17e898fa437cf75e929fa909dd6bb7.exe

    • Size

      1.9MB

    • MD5

      793083dde2eea5178604a08fb09da307

    • SHA1

      95934b5ce27e6e6460e0eb4d6f6d43f5ee152fde

    • SHA256

      96d1bc7dec91a7a4e5fe653853a504e07d17e898fa437cf75e929fa909dd6bb7

    • SHA512

      94cf4786a639eca98bfaf553349afae0bd68a905fe73b423399ed3a728aa572baabb08040ca778fc4bb24ce26d3deaf1cb6649e1a674570b0dfb98b205049b5c

    • SSDEEP

      49152:b3BxSNudSRZpWid7tOvJOu1LhCvV1iSvz6qHtBnP8x1NABnNm6z+EknpBASLKbiu:aRrt62T

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral17behavioral18

    • Target

      Built.exe

    • Size

      33.3MB

    • MD5

      bf496771139b8b76ab7e2e3813ce78a3

    • SHA1

      949686fc9af5710904902044e92b0397b337d814

    • SHA256

      92118eac9bf1f5e9cf45e2773f74163202f609125e8f0aa0a077446e6f1cd4d1

    • SHA512

      ce9ab86130380ffc378ae3cd14c67c94f6034631821392aba9c8946eec07591311e7942b45cfe2dacfcae6cfe73495937be9b81790ea66824c3212fcb9cd3bc2

    • SSDEEP

      786432:8Nz4CWGpXkqva096PzXf4mWy1DlIF1qqHdbrtTqslFEO:IkCWGJ446rPu/FQqjqwFd

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      DHL_PT563857935689275783656385FV-GDS3535353.bat

    • Size

      6KB

    • MD5

      60186cd9a2e82835bc143c1fb4662b7e

    • SHA1

      880c7f14743f9759b30bcc28085949122f54c20e

    • SHA256

      b66081b0e5dfe21e03d1043700d7c05e65bda96ad33a6370c374217d5ae84405

    • SHA512

      98ca66c502178601cf1d568fb4b5ef122564f548eae2c82c9979207ea69398212f2b35571f3cc0696ec9edb70174a016c00ddd12fc26140d63196188e6f0f8b7

    • SSDEEP

      192:jOJVeUYLAKLt+IS0y+80TJco4Ga5y0p8te:QeAKZZS280FL3aw0aE

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral21behavioral22

    • Target

      DTLite.exe

    • Size

      2.1MB

    • MD5

      684de18cccab7719057cd4bbfbee16c3

    • SHA1

      a7b956a4aca4624fb466a932d49fb3268a42b7e2

    • SHA256

      fb26dcd89930afef0012125087704a3564d8ef0a37c3c6c021b42071ad273ceb

    • SHA512

      a06aefaf05f3011daeb65a34a773e920b868078c3c104982546a6d5a75c3da11cf9988adb1d595264d8d3cf78f340bae2d8242ca3e6090d72e2fce747c7176cb

    • SSDEEP

      49152:/1YhxSNudS5ZpWBd7tOvJOUUFBIMXxl4IPTRUN33eFvlux4NuAIBq6As/qZrUFjk:dYm54t6rUOSW

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral23behavioral24

    • Target

      PDF.FaturaDetay_202407.exe

    • Size

      322KB

    • MD5

      3a2ba5be087162cfdb5d49ac32edd534

    • SHA1

      879043e2954c4cf7f461c1381ae2a943d71bbaef

    • SHA256

      7a285458817660143004002c76b1e1457666b1659dfbd35863541f62630430d0

    • SHA512

      ba8dba7d1cd39b00cf6ee894809b1c09a3f72484d6dafb4ff2b2663d29247baf0565dfc3e4f0bcccb78138ffca59e9c56579485244d00f5b1bc69cfedb1c024a

    • SSDEEP

      6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BLGx1d0RjzV5Pnz63LLHBNy:kANwRo+mv8QD4+0V16xblLPkLLhNy

    Score
    8/10
    defense_evasiondiscoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion
    behavioral25behavioral26

    • Target

      PDF.exe

    • Size

      258KB

    • MD5

      34c2047d0b69ba023b700c21431accc0

    • SHA1

      e34c28611707c81565cb73d8a1a46dfc3ab2495a

    • SHA256

      ff9b39d07fd6e4a7f98d109664d91de9e318671da6412da85396541722d92799

    • SHA512

      a1566d65beb8135edfcb5c4a09631bc17dff56db672621990a10d0eff37a0290c7e1e9705f1918a7e719cbea4b1cecc29bb8254da946108e9bd5432070cc8ca7

    • SSDEEP

      6144:VbJhs7QW69hd1MMdxPe9N9uA0hu9TBrjJ0Xxne0AqGLj:VbjDhu9TV6xeJqG3

    Score
    10/10
    discoveryexecutionlinkpdf

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral27behavioral28

    • Target

      SIP.03746.XSLSX.exe

    • Size

      321KB

    • MD5

      a3e681364daaa68ce0177581573f483f

    • SHA1

      eefb4725622f42019e475aa26439c0cf60dc7cc2

    • SHA256

      a94869345f7f1f3a1bc6cca4aa94cc7bde30dcb0bb18198567ea58cc93ba2c15

    • SHA512

      a071ae229d39674e53cf0051bde78b792041064a90580ab4ef51c4bec8dd4e7cc19934a3249e45df20cf3bc1aa76b28ba04f954eda9767acd2aa2092c606949b

    • SSDEEP

      6144:RZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6oHGx1d0RjzV5Pnz63LLHBN+:PANwRo+mv8QD4+0V16oHblLPkLLhN+

    Score
    8/10
    defense_evasiondiscoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion
    behavioral29behavioral30

    • Target

      a33245a27c02bbb72bf66f6bf1c960affefa8ed2a096dc1d6faa6699fe81c48a.exe

    • Size

      1.9MB

    • MD5

      2121a055e132df9c2b62d3ad578faa85

    • SHA1

      60439cb5d41f2256eb54bbd1d84d8d04d78272ef

    • SHA256

      a33245a27c02bbb72bf66f6bf1c960affefa8ed2a096dc1d6faa6699fe81c48a

    • SHA512

      55039a343efd737a7488193f777ca0a44dc465f098e51241d8a0699478d72dda9f5eb8bb204e96cc81da14191475e1ff87132680ac4b5956cb1b85d06a4a6c71

    • SSDEEP

      24576:kDLnN/pjx71gWufN62I520/hjlB6iTzKF+iZpWSsZrKp0HqGmyejFyzXYVN4on59:kDLn7xSNudSrZpWLwG8bvn59

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3
T1059

PowerShell

3
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

3
T1564

Hidden Files and Directories

2
T1564.001

Hidden Window

1
T1564.003

Modify Registry

2
T1112

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Query Registry

3
T1012

Remote System Discovery

1
T1018

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

2
T1016

Internet Connection Discovery

1
T1016.001

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

blankgrabber
Score
10/10

behavioral1

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral2

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral3

remcosremotehostdiscoveryrat
Score
10/10

behavioral4

remcosremotehostdiscoveryrat
Score
10/10

behavioral5

remcosremotehostdiscoveryrat
Score
10/10

behavioral6

remcosremotehostdiscoveryrat
Score
10/10

behavioral7

remcosremotehostdiscoveryrat
Score
10/10

behavioral8

remcosremotehostdiscoveryrat
Score
10/10

behavioral9

remcosremotehostdiscoveryrat
Score
10/10

behavioral10

remcosremotehostdiscoveryrat
Score
10/10

behavioral11

remcosremotehostdiscoveryrat
Score
10/10

behavioral12

remcosremotehostdiscoveryrat
Score
10/10

behavioral13

remcosremotehostdiscoveryrat
Score
10/10

behavioral14

remcosremotehostdiscoveryrat
Score
10/10

behavioral15

remcosremotehostdiscoveryrat
Score
10/10

behavioral16

remcosremotehostdiscoveryrat
Score
10/10

behavioral17

remcosremotehostdiscoveryrat
Score
10/10

behavioral18

remcosremotehostdiscoveryrat
Score
10/10

behavioral19

upx
Score
7/10

behavioral20

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10

behavioral21

execution
Score
8/10

behavioral22

execution
Score
8/10

behavioral23

remcosremotehostdiscoveryrat
Score
10/10

behavioral24

remcosremotehostdiscoveryrat
Score
10/10

behavioral25

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral26

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral27

discoveryexecutionlinkpdf
Score
10/10

behavioral28

discoveryexecutionlinkpdf
Score
10/10

behavioral29

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral30

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral31

remcosremotehostdiscoveryrat
Score
10/10

behavioral32

remcosremotehostdiscoveryrat
Score
10/10