Report - www.shellterproject.com/Downloads/Shellter/Old/shellter

Report Overview

Submitted URL
www.shellterproject.com/Downloads/Shellter/Old/shellter_v6.9.zip
IP
38.242.134.114
ASN
#51167 Contabo GmbH
Submitted
2024-04-19 22:31:03
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.shellterproject.com	unknown	2014-04-23	2017-02-25	2024-04-18	518 B	332 kB	38.242.134.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	www.shellterproject.com/Downloads/Shellter/Old/shellter_v6.9.zip	Hunting_Rule_ShikataGaNai

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.shellterproject.com/Downloads/Shellter/Old/shellter_v6.9.zip
IP
38.242.134.114
ASN
#51167 Contabo GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
332 kB (332244 bytes)
Hash
cbdfe6057890f4ed7f3c61e1597fc811
4d05d1e85b469b8febf99b39db3f8f2ab7e8d363
7a4eb997fc3ef4af47e8db922027f54158a4ad07af4791283a008cba100ae6fb

Archive (13)

Filename

Md5

File type

faq.txt

db1c8969995d83d72472cb4e3a9c28d2

ASCII text, with CRLF line terminators

readme.txt

a7b1e43800cfc0eb368e655fed06a0aa

Non-ISO extended-ASCII text, with CRLF line terminators

version_history.txt

cf24ba63cf4ec0a0dad4ff6c03d53642

ASCII text, with CRLF line terminators

Executable_SHA-256.txt

99dae2663529cb2a44fa9fe0a59b6182

ASCII text, with no line terminators

BeaEngine.png

7791f23b74f5ca927636ecd57e28671c

PNG image data, 1898 x 357, 8-bit/color RGBA, non-interlaced

BeaEngine_License.txt

68524368cd470d2a6d32c72182f7e57e

ASCII text, with CRLF line terminators

Shellter_License.txt

f73e465a43eb7a1125b91be5dd3e7952

ASCII text, with CRLF line terminators

calc

b69936d29c02434eca5b59fa4ddcf77c

data

calcenc

8504412d24964408a78c39b17db1783b

data

info.txt

689acd398c8148f3ad2e285535d9a950

ASCII text, with CRLF line terminators

krb1

774a5c3d26017c021619247fa7c3e579

data

krb3

e9fd96d1a9f83de90511ba8b31d71a63

data

shellter.exe

709265ece639cf24cc608a3d702230f3

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_peb_parsing
Elastic Security YARA Rules	malware	Windows.Shellcode.Generic
Elastic Security YARA Rules	malware	Windows.Trojan.Metasploit
YARAhub by abuse.ch	malware	meth_get_eip
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_peb_parsing
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
VirusTotal	malicious	VirusTotal - Scan result 38/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.shellterproject.com/Downloads/Shellter/Old/shellter_v6.9.zip

38.242.134.114

332 kB

URL
www.shellterproject.com/Downloads/Shellter/Old/shellter_v6.9.zip
IP
38.242.134.114:0
ASN
#51167 Contabo GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
332 kB (332244 bytes)
Hash
cbdfe6057890f4ed7f3c61e1597fc811
4d05d1e85b469b8febf99b39db3f8f2ab7e8d363
7a4eb997fc3ef4af47e8db922027f54158a4ad07af4791283a008cba100ae6fb

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Hunting_Rule_ShikataGaNai
VirusTotal	malicious	VirusTotal - Scan result 38/62

HTTP Headers

GET /Downloads/Shellter/Old/shellter_v6.9.zip HTTP/1.1
Host: www.shellterproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 22:30:30 GMT
Server: Apache
Last-Modified: Mon, 27 Feb 2017 10:58:03 GMT
Accept-Ranges: bytes
Content-Length: 332244
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers