Report Overview
Submitted URL
cdn.discordapp.com/attachments/1217012911361495100/1230520460119113728/dark_moon.zip?ex=6629127b&is=6627c0fb&hm=6f3aede67b6966a23c50ce1ea944798fa81626fd0bbc9a7bc4f0f4a32699d47c&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 14:32:39
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
cdn.discordapp.com | 2474 | 2015-02-26 | 2015-08-24 | 2024-04-22 | 631 B | 350 kB | 162.159.134.233 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-23 | medium | cdn.discordapp.com/attachments/1217012911361495100/1230520460119113728/dark_moon.zip?ex=6629127b&is=6627c0fb&hm=6f3aede67b6966a23c50ce1ea944798fa81626fd0bbc9a7bc4f0f4a32699d47c& | detect_Redline_Stealer |
Files detected
URL
cdn.discordapp.com/attachments/1217012911361495100/1230520460119113728/dark_moon.zip?ex=6629127b&is=6627c0fb&hm=6f3aede67b6966a23c50ce1ea944798fa81626fd0bbc9a7bc4f0f4a32699d47c&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
349 kB (348633 bytes)
Hash
d5a45fb1647b66b0f0d51d631918f2de
85f4edda38407565c53d53414e1407189b760667
Archive (2)
Filename | Md5 | File type | ||||||
---|---|---|---|---|---|---|---|---|
Dark moon user and pass.txt | 6302867ad4fd05d7ff1f27b86a8877aa | ASCII text, with no line terminators | ||||||
DarkMoon_Gen.exe | f3c021dbce0cd670f15415c3aa6b83aa
| PE32+ executable (GUI) x86-64, for MS Windows, 6 sections |
Detections
Analyzer | Verdict | Alert |
---|---|---|
YARAhub by abuse.ch | malware | detect_Redline_Stealer |
YARAhub by abuse.ch | malware | detect_Redline_Stealer |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
cdn.discordapp.com/attachments/1217012911361495100/1230520460119113728/dark_moon.zip?ex=6629127b&is=6627c0fb&hm=6f3aede67b6966a23c50ce1ea944798fa81626fd0bbc9a7bc4f0f4a32699d47c& | 162.159.134.233 | 200 OK | 349 kB | |||||||
Detections
HTTP Headers
| ||||||||||