Report - delaneyrm.com/CrypterRBMac.zip

Report Overview

Submitted URL
delaneyrm.com/CrypterRBMac.zip
IP
69.163.181.201
ASN
#26347 DREAMHOST-AS
Submitted
2024-05-11 02:09:39
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
delaneyrm.com	unknown	unknown	No data	No data	400 B	3.8 MB	69.163.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
delaneyrm.com/CrypterRBMac.zip
IP
69.163.181.201
ASN
#26347 DREAMHOST-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.8 MB (3839843 bytes)
Hash
27148700a89cdaedc9caf582b780d754
67cac72d4616f13e24b71f39b3a988724e97a97f
0149d448077aaad18a04031fd00ec49f4f507eb3ccc7a35614620f2bc5d4d886

Archive (17)

Filename

Md5

File type

CrypterRB desc.rtf

afbd74679e6787ea27c29f03312ee15f

Rich Text Format data, version 1, ANSI, code page 1252

._CrypterRB desc.rtf

9c78a00cfbe826a88fe3e0b7726cbda4

AppleDouble encoded Macintosh file

fp Plugin.rbx_0.dylib

f7ba60215ce6cffc0c738e2078eb1e65

Info.plist

47d6d21ea12513ed0dec3faed63521e3

XML 1.0 document, ASCII text, with CR line terminators

._Info.plist

87946dd93e9faeed39469cdf1a92b70e

AppleDouble encoded Macintosh file

CrypterRB

8b416fc5dcabb0c535288b180e475917

Mach-O universal binary with 2 architectures: [ppc: - Mach-O ppc executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [ - i386: - Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>]

._CrypterRB

8578fefcfbd958784d29b860730629a8

AppleDouble encoded Macintosh file

rbframework.dylib

484a51c16b7cadad01e9e476806f4712

._rbframework.dylib

87946dd93e9faeed39469cdf1a92b70e

AppleDouble encoded Macintosh file

PkgInfo

23b7d7d024abb0f558420e098800bf27

ASCII text, with no line terminators

._PkgInfo

87946dd93e9faeed39469cdf1a92b70e

AppleDouble encoded Macintosh file

CrypterRB.icns

7ebbfb531cc3dd9e6a59657e8d554fd2

Mac OS X icon, 65948 bytes, "it32" type

._CrypterRB.icns

87946dd93e9faeed39469cdf1a92b70e

AppleDouble encoded Macintosh file

CrypterRB.png

4609e67430a7b92edb88c6456ce7e553

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

Decode.png

70cc41aa4cbb3bff546b02c434d18993

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

Encode.png

90b0a1f5f029a88deba1524ad8386b12

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

GenKeys.png

c0954b2b75dfac3ee42f8b6568499ed5

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	delaneyrm.com/CrypterRBMac.zip	69.163.181.201	200 OK	3.8 MB
URL User Request GET HTTP/1.1 delaneyrm.com/CrypterRBMac.zip IP 69.163.181.201:80 ASN #26347 DREAMHOST-AS File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.8 MB (3839843 bytes) Hash 27148700a89cdaedc9caf582b780d754 67cac72d4616f13e24b71f39b3a988724e97a97f 0149d448077aaad18a04031fd00ec49f4f507eb3ccc7a35614620f2bc5d4d886 HTTP Headers `GET /CrypterRBMac.zip HTTP/1.1 Host: delaneyrm.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Sat, 11 May 2024 01:12:33 GMT Server: Apache Upgrade: h2 Connection: Upgrade, Keep-Alive Last-Modified: Thu, 02 Feb 2012 09:30:39 GMT ETag: "3a9763-4b7f7d9662dc0" Accept-Ranges: bytes Content-Length: 3839843 Cache-Control: max-age=172800 Expires: Mon, 13 May 2024 01:12:33 GMT Vary: User-Agent Keep-Alive: timeout=5, max=100 Content-Type: application/zip`

delaneyrm.com/CrypterRBMac.zip

69.163.181.201

200 OK

3.8 MB

URL User Request GET HTTP/1.1
delaneyrm.com/CrypterRBMac.zip
IP
69.163.181.201:80
ASN
#26347 DREAMHOST-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.8 MB (3839843 bytes)
Hash
27148700a89cdaedc9caf582b780d754
67cac72d4616f13e24b71f39b3a988724e97a97f
0149d448077aaad18a04031fd00ec49f4f507eb3ccc7a35614620f2bc5d4d886

HTTP Headers

GET /CrypterRBMac.zip HTTP/1.1
Host: delaneyrm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 11 May 2024 01:12:33 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 02 Feb 2012 09:30:39 GMT
ETag: "3a9763-4b7f7d9662dc0"
Accept-Ranges: bytes
Content-Length: 3839843
Cache-Control: max-age=172800
Expires: Mon, 13 May 2024 01:12:33 GMT
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (17)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers