General

  • Target

    Spyroid Vip [EagleSpy V4].zip

  • Size

    147.4MB

  • MD5

    8795e6fc407634b83f7264ab7a8cdc18

  • SHA1

    164dfaa19487455e41343dde07e195d1fbf84f9c

  • SHA256

    f6036ed6066d916a9fd27ecb9d9447bcaacc45dae8122de755630563e33e5430

  • SHA512

    6d5af203630f793874c49c1338df52b46b63016cafe0d2282ebb463a41ef368263caea72ffab2cf0427f8093b284553f801dfcc319c45a906f18c25bd46d9f6a

  • SSDEEP

    3145728:fD5qcJK+ueOmtynXEMKNTDynjR6+iCMFfSzJBAMbCuu+QxUFr0xARj9txmutLX:bweK+ueOAqZdqhF6zJBAMbCmIUF9tR1

Score
10/10

Malware Config

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

Files

  • Spyroid Vip [EagleSpy V4].zip
    .zip
  • Bunifu.UI.WinForms.1.5.3.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.1.5.3.xml
    .xml
  • Config.json
  • DrakeUI.Framework.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • GeoIPCitys.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • KeyAuthPatchDll.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Licence.p12
  • License.xml
  • LiveCharts.MAPS.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LiveCharts.WinForms.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LiveCharts.Wpf.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • LiveCharts.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • MetroFramework.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • MetroSet UI.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • SPYdroiedVIP.exe
    .exe windows:5 windows x64 arch:x64

    b1c5b1beabd90d9fdabd1df0779ea832


    Headers

    Imports

    Sections

  • SipaaFramework.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Siticone.Desktop.UI.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Spyroid VIP.pdb
  • System.IO.Compression.ZipFile.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • WinMM.Net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • World.xml
  • license.lic
  • settings.xml