Overview

overview

10

Static

static

10

bazaar.202...ge.exe

windows7-x64

1

bazaar.202...ge.exe

windows10-2004-x64

1

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

6

bazaar.202...te.exe

windows10-2004-x64

6

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...te.exe

windows7-x64

10

bazaar.202...te.exe

windows10-2004-x64

10

bazaar.202...32.exe

windows7-x64

7

bazaar.202...32.exe

windows10-2004-x64

7

bazaar.202...32.exe

windows7-x64

7

bazaar.202...32.exe

windows10-2004-x64

7

bazaar.202...RC.exe

windows7-x64

3

bazaar.202...RC.exe

windows10-2004-x64

3

bazaar.202...oad.js

windows7-x64

3

bazaar.202...oad.js

windows10-2004-x64

3

bazaar.202...nt.exe

windows7-x64

7

bazaar.202...nt.exe

windows10-2004-x64

7

Resubmissions

15/09/2024, 22:00 UTC

240915-1wpj7svapc 10

15/09/2024, 21:56 UTC

240915-1tbwbsthne 10

20/08/2024, 13:49 UTC

240820-q4v2vayfmp 10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 13:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe

  • Size

    32KB

  • MD5

    4dcf673308fe42cdf084fb4707577363

  • SHA1

    d9098067f1d28503e3029c2b2de0ebe4b124d3f1

  • SHA256

    4d4fe010edd8e5cb0a3dbe463a9bea549aaee512737ac1a8e1b81c2b1100d1fa

  • SHA512

    8ff8d589a02d809832c82e64157dafb2002b752c148bf8ef6cf8b6f7393ff0bfc4713c6723031d086d6ba27fa711d2b5aabf0b806fc9783e47c5b2eb3fbe3c28

  • SSDEEP

    384:jl3kcQnkUoSsJGG5ZfB3yIwt4U3Qu0/7FTgPtTFAqzmosSis:jWcQneSwP5ZRs4U3CeNsg

Score
10/10
njratdiscoverytrojan

Malware Config

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.SpyGate.exe
    "C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.SpyGate.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3012

Network

  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    3.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 550329
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7703BDC80D214B6A9B96CAE8B40999A8 Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:06Z
    date: Tue, 20 Aug 2024 13:52:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468734
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B9EB071428FC4104A411CA4DA104D20F Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:07Z
    date: Tue, 20 Aug 2024 13:52:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468841
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 38A611D6C1874B03ABD7666391D7E242 Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:07Z
    date: Tue, 20 Aug 2024 13:52:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 252133
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CA11822B9A9546C0990567384DE0DF1B Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:07Z
    date: Tue, 20 Aug 2024 13:52:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 586035
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E85A173D4EC84A05A649CD307FFF845C Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:07Z
    date: Tue, 20 Aug 2024 13:52:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 327794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A4BFF0A64835428A9E997F30733500E7 Ref B: LON04EDGE0913 Ref C: 2024-08-20T13:52:07Z
    date: Tue, 20 Aug 2024 13:52:07 GMT
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    152.141.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.141.79.40.in-addr.arpa
    IN PTR
    Response
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     7.8kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     7.9kB
     19
    16
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    96.4kB
     2.8MB
     2039
    2034

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     7.8kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     7.8kB
     16
    13
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 127.0.0.1:19811
    HEUR-Backdoor.MSIL.SpyGate.exe
  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    3.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    3.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

  • 8.8.8.8:53
    152.141.79.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    152.141.79.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3012-0-0x0000000074B02000-0x0000000074B03000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-1-0x0000000074B00000-0x00000000750B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3012-2-0x0000000074B00000-0x00000000750B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3012-3-0x0000000074B02000-0x0000000074B03000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-4-0x0000000074B00000-0x00000000750B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3012-5-0x0000000074B00000-0x00000000750B1000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.