ScoringMathTea is analyzed as a C++ RAT attributed in the text to Lazarus and tied to ESET’s Gotta Fly instance of Operation DreamJob targeting UAV-related know-how from companies supporting Ukraine. The sample is a DLL that starts from DllMain, creates a thread for its main function, initializes configuration fields, stores its C2 URL through stack strings, and leaves null slots for additional C2 addresses. The reverse engineering details a custom runtime string deobfuscation routine, API hashing, PE export parsing, dynamic API resolution, Winsock initialization, and repeated API lookups used to conceal functionality from static inspection. Its main loop maintains C2 communication with a 60-second beacon while waiting for operator commands, supporting capabilities such as remote command execution and in-memory plugin loading.