Malware Analysis Report

2024-11-30 19:35

Sample ID 240920-e26vsaygjj
Target Spyroid Vip [EagleSpy V4].zip
SHA256 2b5d6007ca08e5bca6e47383d3513e4def176d79992b0bf90c82d69b7ac5ab9c
Tags
agilenet spynote
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2b5d6007ca08e5bca6e47383d3513e4def176d79992b0bf90c82d69b7ac5ab9c

Threat Level: Known bad

The file Spyroid Vip [EagleSpy V4].zip was found to be: Known bad.

Malicious Activity Summary

agilenet spynote

Spynote family

Spynote payload

Obfuscated with Agile.Net obfuscator

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-09-20 04:30

Signatures

Spynote family

spynote

Spynote payload

Description Indicator Process Target
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

118s

Max time network

132s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\GeoIPCitys.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\GeoIPCitys.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

91s

Max time network

162s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Siticone.Desktop.UI.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Siticone.Desktop.UI.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

122s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.Wpf.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.Wpf.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

163s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroFramework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroFramework.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win10v2004-20240802-en

Max time kernel

143s

Max time network

158s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\System.IO.Compression.ZipFile.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\System.IO.Compression.ZipFile.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

89s

Max time network

157s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\GeoIPCitys.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\GeoIPCitys.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240729-en

Max time kernel

120s

Max time network

129s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Guna.UI2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Guna.UI2.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

91s

Max time network

157s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.MAPS.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.MAPS.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

90s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

143s

Max time network

160s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\KeyAuthPatchDll.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\KeyAuthPatchDll.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240708-en

Max time kernel

8s

Max time network

20s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

121s

Max time network

133s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\System.IO.Compression.ZipFile.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\System.IO.Compression.ZipFile.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

142s

Max time network

161s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\DrakeUI.Framework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\DrakeUI.Framework.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

89s

Max time network

165s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Guna.UI2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Guna.UI2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

7s

Max time network

27s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroFramework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroFramework.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win10v2004-20240802-en

Max time kernel

90s

Max time network

159s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Newtonsoft.Json.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

121s

Max time network

130s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\SipaaFramework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\SipaaFramework.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

117s

Max time network

125s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Siticone.Desktop.UI.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Siticone.Desktop.UI.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240903-en

Max time kernel

121s

Max time network

130s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.MAPS.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.MAPS.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240903-en

Max time kernel

119s

Max time network

128s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.WinForms.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.WinForms.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

91s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.WinForms.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.WinForms.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win10v2004-20240802-en

Max time kernel

91s

Max time network

161s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.Wpf.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\LiveCharts.Wpf.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

90s

Max time network

161s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroSet UI.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroSet UI.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

159s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Bunifu.UI.WinForms.1.5.3.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Bunifu.UI.WinForms.1.5.3.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240903-en

Max time kernel

122s

Max time network

135s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\DrakeUI.Framework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\DrakeUI.Framework.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240729-en

Max time kernel

7s

Max time network

17s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroSet UI.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\MetroSet UI.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240903-en

Max time kernel

120s

Max time network

134s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\NAudio.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win10v2004-20240910-en

Max time kernel

142s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\SipaaFramework.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\SipaaFramework.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
GB 88.221.135.27:443 www.bing.com tcp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:52

Platform

win7-20240903-en

Max time kernel

7s

Max time network

21s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Bunifu.UI.WinForms.1.5.3.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Bunifu.UI.WinForms.1.5.3.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win7-20240704-en

Max time kernel

121s

Max time network

138s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\KeyAuthPatchDll.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\KeyAuthPatchDll.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:54

Platform

win10v2004-20240802-en

Max time kernel

89s

Max time network

166s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\NAudio.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-09-20 04:27

Reported

2024-09-20 04:53

Platform

win7-20240708-en

Max time kernel

119s

Max time network

127s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Spyroid Vip [EagleSpy V4]\Newtonsoft.Json.dll",#1

Network

N/A

Files

N/A