Gavnosource.rar

Outbound traffic to unusual TLDs (like .pw , .icu , or .top ) which are frequently used by Lumma Stealer C2 panels.

Typically spread via Discord, Telegram, or "leaked" source code forums under the guise of a private tool or game cheat source code. gavnosource.rar

Upon execution, the malware performs several "anti-analysis" checks: Outbound traffic to unusual TLDs (like