Report - raw.githubusercontent.com/Igor4er/screenstalk/main/bot.zip

Report Overview

Submitted URL
raw.githubusercontent.com/Igor4er/screenstalk/main/bot.zip
IP
185.199.109.133
ASN
#54113 FASTLY
Submitted
2024-05-10 06:22:58
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2024-05-09	512 B	9.2 MB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/Igor4er/screenstalk/main/bot.zip
IP
185.199.109.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
9.2 MB (9232762 bytes)
Hash
18e5e216fe64550f4e7a7eeab07ebf6e
a35da5cc8b3f70929ea2c060484ef2898f896a6f
09ce2be8feff65fd8487c70a1badbcb3ad1f609f32ded4cef1a64006422143fd

Archive (22)

Filename

Md5

File type

_socket.pyd

1eea9568d6fdef29b9963783827f5867

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_ssl.pyd

208b0108172e59542260934a2e7cfa85

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

base_library.zip

a5a3a544a31b6f5013eaa0e27171491f

Zip archive data, at least v2.0 to extract, compression method=store

bot.exe

13dd5be3afbd7d49adce3ef5e2d139e9

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

libcrypto-1_1.dll

e94733523bcd9a1fb6ac47e10a267287

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

libffi-8.dll

0f8e4992ca92baaf54cc0b43aaccce21

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections

libssl-1_1.dll

25bde25d332383d1228b2e66a4cb9f3e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

python311.dll

5a5dd7cad8028097842b0afef45bfbcf

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

screenshot.py

b144ee0d7ff12aae52b549dcff5badb6

Python script, ASCII text executable, with CRLF line terminators

select.pyd

c97a587e19227d03a85e90a04d7937f6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

unicodedata.pyd

aa13ee6770452af73828b55af5cd1a32

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

VCRUNTIME140.dll

4585a96cc4eef6aafd5e27ea09147dc6

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

cacert.pem

8d0619bfe30deadf6f21196f0f8d53d3

ASCII text

py.typed

d41d8cd98f00b204e9800998ecf8427e

md.cp311-win_amd64.pyd

fa50d9f8bce6bd13652f5090e7b82c4d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

md__mypyc.cp311-win_amd64.pyd

2d1f2ffd0fecf96a053043daad99a5df

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_bz2.pyd

3859239ced9a45399b967ebce5a6ba23

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_ctypes.pyd

bd36f7d64660d120c6fb98c8f536d369

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_decimal.pyd

65b4ab77d6c6231c145d3e20e7073f51

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_hashlib.pyd

4255c44dc64f11f32c961bf275aab3a2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_lzma.pyd

e5abc3a72996f8fde0bcf709e6577d9d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

_queue.pyd

f00133f7758627a15f2d98c034cf1657

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
VirusTotal	suspicious	VirusTotal - Scan result 2/70

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

raw.githubusercontent.com/Igor4er/screenstalk/main/bot.zip

185.199.109.133

200 OK

9.2 MB

URL User Request GET HTTP/2
raw.githubusercontent.com/Igor4er/screenstalk/main/bot.zip
IP
185.199.109.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
9.2 MB (9232762 bytes)
Hash
18e5e216fe64550f4e7a7eeab07ebf6e
a35da5cc8b3f70929ea2c060484ef2898f896a6f
09ce2be8feff65fd8487c70a1badbcb3ad1f609f32ded4cef1a64006422143fd

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/70

HTTP Headers

GET /Igor4er/screenstalk/main/bot.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"fdeb5943bb7511a30311a92e136288ae0cd3c50b41c48dbb7653c492e79ec626"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: B8B6:3281DD:F2FCD5:100EE24:663DBA42
accept-ranges: bytes
date: Fri, 10 May 2024 06:22:28 GMT
via: 1.1 varnish
x-served-by: cache-hel1410025-HEL
x-cache: HIT
x-cache-hits: 2
x-timer: S1715322149.963755,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: b74bbed22412a3b12529b9a6d09ab1dd264ff250
expires: Fri, 10 May 2024 06:27:28 GMT
source-age: 19
content-length: 9232762
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (22)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers