Report - agrtech.com.au/dl/hashtoolbox/hashtoolbox

Report Overview

Submitted URL
agrtech.com.au/dl/hashtoolbox/hashtoolbox_release.zip
IP
192.124.249.68
ASN
#30148 SUCURI-SEC
Submitted
2024-05-11 02:22:22
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.starfieldtech.com	6616	unknown	No data	No data	334 B	2.7 kB	192.124.249.23
agrtech.com.au	unknown	unknown	No data	No data	507 B	8.7 MB	192.124.249.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
agrtech.com.au/dl/hashtoolbox/hashtoolbox_release.zip
IP
192.124.249.68
ASN
#30148 SUCURI-SEC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.7 MB (8676004 bytes)
Hash
95bdd2e829237be9aae33a0eb76b0763
91f9b942a4fe379b01d82bcbab2a0590395bc2b1
d374ffc28d68b309a0d5f21717f46d278672489250ffa94832ebee5bc42368db

Archive (2)

Filename

Md5

File type

Hashtoolbox.exe

df2b7513146a6eefdbd54762568b3f73

PE32+ executable (console) x86-64, for MS Windows, 7 sections

LICENSE

482badc2518aa7844abdd04890b20df3

ASCII text

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ocsp.starfieldtech.com/	192.124.249.23		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.23:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2148 bytes) Hash 5aa3443b0681a3d1f227cfe4cd3b41b7 7d0c47220409cdceaf9dc6b7091d9fcda3791574 9294172a4138aeb18af340361f0dc14ac7b28effe7b066f7dba9f353d15decda HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Sat, 11 May 2024 01:20:03 GMT Content-Type: application/ocsp-response Content-Length: 2148 Connection: keep-alive X-Sucuri-ID: 19023 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Fri, 10 May 2024 02:06:06 GMT Expires: Sat, 11 May 2024 02:06:06 GMT ETag: "7d0c47220409cdceaf9dc6b7091d9fcda3791574" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	agrtech.com.au/dl/hashtoolbox/hashtoolbox_release.zip	192.124.249.68	200 OK	8.7 MB
URL User Request GET HTTP/2 agrtech.com.au/dl/hashtoolbox/hashtoolbox_release.zip IP 192.124.249.68:443 ASN #30148 SUCURI-SEC Certificate IssuerStarfield Technologies, Inc. Subjectagrtech.com.au Fingerprint1E:CB:B1:57:5A:76:6B:38:B9:F3:F9:28:C8:97:F6:A4:8A:88:DF:07 ValidityMon, 25 Mar 2024 01:13:51 GMT - Tue, 25 Mar 2025 01:13:51 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 8.7 MB (8676004 bytes) Hash 95bdd2e829237be9aae33a0eb76b0763 91f9b942a4fe379b01d82bcbab2a0590395bc2b1 d374ffc28d68b309a0d5f21717f46d278672489250ffa94832ebee5bc42368db HTTP Headers `GET /dl/hashtoolbox/hashtoolbox_release.zip HTTP/1.1 Host: agrtech.com.au User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sat, 11 May 2024 01:20:04 GMT content-type: application/zip content-length: 8676004 x-sucuri-id: 19018 last-modified: Mon, 20 Aug 2018 23:09:40 GMT etag: "5b7b4a34-8462a4" expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000 x-sucuri-cache: MISS accept-ranges: bytes X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers