Report Overview
Visitedpublic
2024-11-29 20:57:16
Tags
Submit Tags
URL
nine.ddns.net/x/Registry.exe
Finishing URL
about:privatebrowsing
IP / ASN
103.230.121.124
Title
about:privatebrowsing
Suspicious - DynDNS domain
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
nine.ddns.net 10 alert(s) on this Host | unknown | 2001-06-28 | 2024-11-26 | 2024-11-26 | 398 B | 83 kB | 103.230.121.124 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-11-29 | medium | nine.ddns.net/x/Registry.exe | Detects XWorm RAT |
| 2024-11-29 | medium | nine.ddns.net/x/Registry.exe | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| 2024-11-29 | medium | nine.ddns.net/x/Registry.exe | EXE_RAT_XWorm_April2024 |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Mnemonic Secure DNS
No alerts detected
Quad9 DNS
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-11-29 | medium | nine.ddns.net | Sinkholed |
ThreatFox
No alerts detected
File detected
URL
nine.ddns.net/x/Registry.exe
IP / ASN
103.230.121.124
File Overview
File TypePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size83 kB (82944 bytes)
MD5b9d926e45876e79e38406d31fca91cf5
SHA1d92bda449d795e48293a8b41104b00eb01ae5214
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| RussianPanda public YARA rules | malware | Detects XWorm RAT |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| YARAhub by abuse.ch | malware | EXE_RAT_XWorm_April2024 |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|