Report Overview

  1. Submitted URL

    85.239.54.5/summer/bad.exe

  2. IP

    85.239.54.5

    ASN

    #62005 BlueVPS OU

  3. Submitted

    2024-04-25 16:04:19

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  2. urlquery

    0

  3. Network Intrusion Detection

    4

  4. Threat Detection Systems

    5

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
85.239.54.5unknownunknown2023-01-242023-06-27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
mediumClient IP 85.239.54.5
ET INFO Executable Download from dotted-quad Host
mediumClient IP 85.239.54.5
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
high 85.239.54.5Client IP
ET POLICY PE EXE or DLL Windows file download HTTP
medium 85.239.54.5Client IP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium85.239.54.5/summer/bad.exedetect_Redline_Stealer_V2

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium85.239.54.5Sinkholed

ThreatFox

No alerts detected


Files detected

  1. URL

    85.239.54.5/summer/bad.exe

  2. IP

    85.239.54.5

  3. ASN

    #62005 BlueVPS OU

  1. File type

    PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

    Size

    320 kB (320512 bytes)

  2. Hash

    fb3de88a5814efb48ca7ad6536976cab

    102c3ddad2d8543fcbf6b45bbab494331fbe973e

    Detections

    AnalyzerVerdictAlert
    YARAhub by abuse.chmalware
    detect_Redline_Stealer_V2
    VirusTotalmalicious
    VirusTotal - Scan result 58/72

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
85.239.54.5/summer/bad.exe
85.239.54.5200 OK320 kB