Resubmissions

05/02/2025, 06:51 UTC

250205-hmnx7swpgk 10

05/02/2025, 06:49 UTC

250205-hlsvrswpdj 10

28/04/2024, 18:31 UTC

240428-w6cwyaec5v 10

21/04/2024, 08:57 UTC

240421-kwwqhsfh8z 10

21/04/2024, 05:45 UTC

240421-gfvazacf82 10

18/04/2024, 19:05 UTC

240418-xry2ascb73 10

18/04/2024, 16:34 UTC

240418-t3alashf75 10

04/03/2024, 18:33 UTC

240304-w7b12ahg61 10

Analysis

  • max time kernel
    300s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/04/2024, 18:31 UTC

General

  • Target

    bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe

  • Size

    32KB

  • MD5

    24cc1404f53045420a81c054d26daec7

  • SHA1

    986f83fa51663d0f551ea0dc838265d0c23283e9

  • SHA256

    1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815

  • SHA512

    de42f387157436eada861078fc799605167795ca3726d123b1ecc8996b618fde13e0b26c6597146d355e1b6ccc808d721f76ef85efeba2ebcf66f8d06520f8ab

  • SSDEEP

    384:ll3kcQnkUoSsJGG5ZfB3yIwt4U3Qu0/7FTgPtTFAqzmVsSiA:lWcQneSwP5ZRs4U3CegsM

Score
10/10

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.SpyGate.exe
    "C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.SpyGate.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2320

Network

    No results found
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2320-0-0x0000000074200000-0x00000000747AB000-memory.dmp

    Filesize

    5.7MB

  • memory/2320-1-0x0000000000130000-0x0000000000170000-memory.dmp

    Filesize

    256KB

  • memory/2320-2-0x0000000074200000-0x00000000747AB000-memory.dmp

    Filesize

    5.7MB

  • memory/2320-3-0x0000000074200000-0x00000000747AB000-memory.dmp

    Filesize

    5.7MB

  • memory/2320-4-0x0000000000130000-0x0000000000170000-memory.dmp

    Filesize

    256KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.