Report - cdn.discordapp.com/attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 21:29:48
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-22	632 B	316 kB	162.159.135.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
314 kB (313909 bytes)
Hash
2f6e03149bac97fcff7fccc7070d9bfc
77f50d445bd54a2d5cfd9dec76b80b74c869f043
b31eee462343438141ccf745c7932ea017f63ee6e7b354b1816879460d9bb558

Archive (11)

Filename

Md5

File type

channelamount.txt

f899139df5e1059396431415e770c6dd

ASCII text, with no line terminators

channelnames.txt

cd07cf342e8e7e211820183054c61e66

ASCII text, with no line terminators

roleamount.txt

d645920e395fedad7bbbed0eca3fe2e0

ASCII text, with no line terminators

rolenames.txt

0ee17c733cce2f6e9bfbd3d93da95b14

ASCII text, with no line terminators

webhookamount.txt

c0c7c76d30bd3dcaefc96f40275bdc0a

ASCII text, with no line terminators

webhookmessage.txt

a4147ed30ea3978581fd7fea5b931a47

ASCII text, with no line terminators

config maker.py

4e48840a7f9581ac6c4add0c71199066

Unicode text, UTF-8 text, with CRLF line terminators

Lithium.exe

1df60780b6b998fca971f2a535b08ce8

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

LithiumCore.dll

80d79c50f5556276842a277c0796c052

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

081d9558bbb7adce142da153b2d5577a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Veylib.dll

3552d418ce6394cdd9fc0fb06b883013

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb&

162.159.135.233

200 OK

314 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb&
IP
162.159.135.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
314 kB (313909 bytes)
Hash
2f6e03149bac97fcff7fccc7070d9bfc
77f50d445bd54a2d5cfd9dec76b80b74c869f043
b31eee462343438141ccf745c7932ea017f63ee6e7b354b1816879460d9bb558

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/63

HTTP Headers

GET /attachments/1202563684866457660/1215275220202557474/Lithium_V4.zip?ex=6628fb3f&is=6627a9bf&hm=0ff6ec9a6a50b88ebce0f0b863a30da43084a86423d676c247b2c8c215b0c9cb& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 Apr 2024 21:29:23 GMT
content-type: application/zip
content-length: 313909
cf-ray: 8790f2df0e7e5697-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Lithium_V4.zip"
etag: "2f6e03149bac97fcff7fccc7070d9bfc"
expires: Wed, 23 Apr 2025 21:29:23 GMT
last-modified: Thu, 07 Mar 2024 12:29:51 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1709814591297470
x-goog-hash: crc32c=ILfQng==, md5=L24DFJusl/z/f8zHBw2b/A==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 313909
x-guploader-uploadid: ABPtcPr4LxHiAVNd7anX7Ev6w_rZHVxfg7LC2DLjc5ASrk1iOZ0V9MOhx7LfgEoiNB0ud-Clzq4
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YI0tss1ifam5KQ%2Bm01gn%2F99j3lNFFUjYkFvcdr7Sa3aXc0yuU2xBS3wS%2BRRHjwIhytVZudgEmAksNDYLW2Idyl8eM0g0g59eFI1cV4K2%2FuFQTk5hph%2F7Dzmrk%2B8Y3B7NRh4tQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=CpqTRR9S0yw48KF9CeCOglqPAq8nTf2T4CRuUWEFnxA-1713907763-1.0.1.1-2dispxJdUJKmSqiBWLr7kGqq3_gkTP0HGhRxTDUWFi6qGc92UL5QLvbfKLRgw0kcFSzEh8.CgBYKbU8kmcVeZQ; path=/; expires=Tue, 23-Apr-24 21:59:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=xM6LGNztdL5MMJFbsaJbNCRe.QeB7M3LrEKukshhMgU-1713907763672-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2