Report Overview

  1. Submitted URL

    raw.githubusercontent.com/returnvar/wce/master/wce.exe

  2. IP

    185.199.110.133

    ASN

    #54113 FASTLY

  3. Submitted

    2024-08-01 15:08:00

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  1. urlquery

    0

  2. Network Intrusion Detection

    0

  3. Threat Detection Systems

    15

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
r10.o.lencr.orgunknown2020-06-292024-06-062024-07-31
raw.githubusercontent.com358022014-02-062014-03-012024-07-31

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeAuto-generated rule - file iam-alt.exe
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeDetects different hacktools based on their imphash
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exewce
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeWindows Credential Editor
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeDetects Amplia Security Tool like Windows Credential Editor
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeModified (packed) version of Windows Credential Editor
mediumraw.githubusercontent.com/returnvar/wce/master/wce.exeIdentifies Windows Credentials Editor (WCE), post-exploitation tool.

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    raw.githubusercontent.com/returnvar/wce/master/wce.exe

  2. IP

    185.199.110.133

  3. ASN

    #54113 FASTLY

  1. File type

    PE32 executable (console) Intel 80386, for MS Windows, 5 sections

    Size

    208 kB (208384 bytes)

  2. Hash

    df840ac27051d26555a109cc47d03fe4

    bbe417463e04008bea15a5fe6d1dd5445a7d093c

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Auto-generated rule - file iam-alt.exe
    Public Nextron YARA rulesmalware
    Detects different hacktools based on their imphash
    Public Nextron YARA rulesmalware
    wce
    Public Nextron YARA rulesmalware
    Windows Credential Editor
    Public Nextron YARA rulesmalware
    Detects Amplia Security Tool like Windows Credential Editor
    Public Nextron YARA rulesmalware
    Modified (packed) version of Windows Credential Editor
    Public InfoSec YARA rulesmalware
    Identifies Windows Credentials Editor (WCE), post-exploitation tool.
    VirusTotalmalicious

JavaScript (0)

HTTP Transactions (9)

URLIPResponseSize
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B
raw.githubusercontent.com/returnvar/wce/master/wce.exe
185.199.110.133200 OK208 kB
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B