{"report_id":"29ef0227-41a7-490a-9a05-0cbd14209af5","version":6,"status":"done","tags":[],"date":"2025-03-10T18:36:41Z","url":{"schema":"http","addr":"github.com/cheatsgod/Fivem-Spoofer-CFX/archive/refs/tags/58.48.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-19T18:36:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"yvtdq90pk9gkybs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"codeload.github.com","ip":{"addr":"140.82.121.10","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":62359,"first_seen":"2013-04-18T11:49:11Z","last_seen":"2025-03-05T08:30:21.950747Z","alert_count":1,"request_count":1,"received_data":4316899,"sent_data":535,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-03-05T02:34:42.098124Z","alert_count":0,"request_count":1,"received_data":4320184,"sent_data":534,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"0416fe9d59b4b2553f56b7622ed04283","sha1":"19d9a247905b6b708f76b544e4a423aa9098c84b","sha256":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","sha512":"719ffb4e968a54acc5f4372c3ac9f6cf02c9c5c1c4b5f6a34b5938cad906ae84beba913f02c982944af77031e711c662132e275488c36a003ded2436dea93015","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":4316221,"url":{"schema":"https","addr":"codeload.github.com/cheatsgod/Fivem-Spoofer-CFX/zip/refs/tags/58.48","fqdn":"codeload.github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.10","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"archive":[{"path":"Fivem-Spoofer-CFX-58.48/README.md","filename":"README.md","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","size":2211,"md5":"e7b4454a0ce920850618b565cf61aeb7","sha1":"8c2f7edd0edbb4f02b1437cfc55541a9f0276ee5","sha256":"4e1a289777e11557ac74948ec9a7c81ca1dd09a35e4c18785c18b460d85f25f7","sha512":"6af1d650d2b3bb72f285b4d5a882adfadb7b5c438d701dbbe46af5e6d16634a2823eda4641c26d482b591d592485fe5aa7a4de8d1c6d4a3e300daee9e56a9d70","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","filename":"cfx_rat.exe","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 7 sections","size":364544,"md5":"ad7b7b32905e09687e4159c4a739a39e","sha1":"92a5c464048cf74ad7e5332cb3bd925239264541","sha256":"e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","sha512":"ed8e49bb5bf5fdc4d32e4c48a45cca2bad2f31d4ee8236556f82767ec8fba6d8cf3ca0003d8b901544c95b4f26badc32a141d18fed5f7fede4aaa811a5df86bc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-10","alert":"files - file ~tmp01925d3f.exe","trigger":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-08","alert":"Scan result 38/71","trigger":"e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","verdict":"malicious","severity":"","comment":"malicious - 38/71","link":"https://www.virustotal.com/gui/file/e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","meta":null}]}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe.recipe","filename":"cfx_rat.exe.recipe","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":311,"md5":"3d712041a23ad32b656e83f0a9220a07","sha1":"2fdd327a6756522bede62f93e28836dcf4ea5232","sha256":"d8c2e65f85a1f3fa462ef58c3fbe09fbfc905b55b2045d743f2c9b31a967a3c4","sha512":"98b7a3cfd5a65419b80e7261f24049aa054e2c9966c7775dffc4bfdf76a3613d983f8ad76a4df10c5c0088ab0a16e7fe65680e284f266bf7ea6d84eea64db31f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.iobj","filename":"cfx_rat.iobj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Intel amd64 COFF object file, not stripped, 4045 sections, symbol offset=0x19dbac, 12055 symbols, created Mon Mar 14 14:56:14 2022, 1st section name \".drectve\"","size":2222361,"md5":"bc4a24b68f0e17d58b9284063df80e2d","sha1":"4e019657334df15107d8cff168d49b9a0c38676d","sha256":"9bd5263fc02fbfc25eb19417c1338973de599474dc01ca9af53585fe76741562","sha512":"922ba887ecc9d7471f306eaa3570b6d1577f625840ecf892d1a93817dc5df085f71367716d8b51ebd1c0ad90888c7be323bb29e230827d4f192c7c15c6968af7","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.ipdb","filename":"cfx_rat.ipdb","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"data","size":882688,"md5":"7f08a9a2e9a7fe8654ea6c716df40cc8","sha1":"668c5409d3cb4e50bd7ee4d5946efeed4dff16d6","sha256":"1e7c86f895684075f63205035e979bf975396952f2252fe928311f9ef4d03821","sha512":"3ab90f7c37628e19f15dc863945a1750f5d243d689072a4fbc2527df4f63378bdcecd45fd159833e2d59446ddf5ca247d492c56187d36eee7ac9fea3839ef1c9","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.pdb","filename":"cfx_rat.pdb","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"MSVC program database ver 7.00, 4096*1647 bytes","size":6746112,"md5":"338d290f8c9653098a4d5747ab9929bc","sha1":"52671ad3b0da5a1ab19a1b9d83f520e7299b0ff6","sha256":"bb8bc4ce0ab8bf35ed70fe2c22b30b2470855b97c4e8a3a49850fd73a6c0d557","sha512":"8e42ff36bf789afa8314c09965ff20610defe51417079ca7552b6979a799af5543eb5adccced27b5dbc1062cf62d7827abe509c61cfb5d9b47e145ebac8b3361","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/main.obj","filename":"main.obj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Common Data Format (Version 2.5 or earlier) data","size":4081693,"md5":"860422e430c5ef03eacf7039736f1de2","sha1":"c4c63d3c459f83fc5ebd3eedeea318d20ff8f4c7","sha256":"baa5c21c3ee26e45bbd8e6779810bcf85bebedb00030e7b215b97ecce8c099ce","sha512":"39f888303b6084a487b8f8f13a0385eb23c5fadbbcb6339a9d20aa838c16a5392e1a0c0744350e87a8b3762499b0054a10239e3a3744ec51bcb25ded99f2cb67","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/network.obj","filename":"network.obj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Common Data Format (Version 2.5 or earlier) data","size":4008935,"md5":"c4da10bcf43a96b51b073c5d0714ea56","sha1":"c98655b019590819da97e3c77af38dec3151775d","sha256":"c1a0b0f5189a28bb28c825a4218c0255ac7d48334a04ac5c70adce93b8ae4d96","sha512":"839f7e1f0593c87da760958d51ab9a75b6e3602b382fec20c792294f65684df45840292ccdcd39990faf261472505c5e9b3237ea4dde2aa833b7265088aa4b9d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.log","filename":"sarnax.cfx.log","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators","size":1304,"md5":"8133a8eee7305053c4d90f4cdb4860ae","sha1":"1fe16c3a3393405dc71aefd2e3c85ac6fa4f8a05","sha256":"6f45c4f37f20a5aa6e0053fe1577ab26ac32105838f7d7a8405d8752be3c8d4f","sha512":"d108a8473664c4fa72d65f7e8153502e6710a057204eb0c96ec4758240f34dbcbc26e1bf99398b85b946703f918bf81879534552a1c0d99d6385b3a6ac6e0549","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.command.1.tlog","filename":"CL.command.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with very long lines (381), with CRLF line terminators","size":916,"md5":"4a78ce5b18a798a1704482e88e281c2e","sha1":"711e17c5262c27b7e964a2ee252191ea55474a47","sha256":"9dc9378e48f0b5541a3b8f16397248a9ba2fd0f59df45bef3ce398940afbca46","sha512":"f15621b49e7661bf7cdd8365ce6fb8237486090245c3a6556a273b5471aa353d8ab4c284b632df73a78543c454bc5fc2629168bd0a565bd2b901dbd4ae40274c","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.read.1.tlog","filename":"CL.read.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":52556,"md5":"cb2bed31bcef88fd5971850ad42fd9b2","sha1":"c4ebe17a2dc386a0a34b37836d9a65e749e42f04","sha256":"f0b26526d07092736dda6d23376c531d4b64ddab2f51023aaf83f95ea674dbe0","sha512":"f52aa35d0b8718a1b1fb1d2c324170b2e24bf7bb32ea6c0ce14d91f2902b3d189dd0aea64143afff369e41aaf750bb6fe3a352962d75c1423024c68dc5d475aa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.write.1.tlog","filename":"CL.write.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":1060,"md5":"d54eacba775d16b64dd57eabf0a4240d","sha1":"dc7ff9ad26103273b35e27e31a0506bfd2094950","sha256":"728e8d99d01ffea9fab06e32e69fcef9a550751d55e0f7d3f81c0f1ad921c117","sha512":"d98e3a27a6666f18359564d94eba48ce173fec9a485b70770e1f12c8fe082e47dc46ce65a32e72787574ca4ce7bec8c5817479fadddc7a6062bfb79773cd0417","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/sarnax.cfx.lastbuildstate","filename":"sarnax.cfx.lastbuildstate","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":183,"md5":"d2c3e7e78c590a3aca4f352448e9347e","sha1":"fc75384a0aa805c6452e97765e2a73ecf8acafb8","sha256":"a47f419dd2425b80f26db915b74b32e8abb33bdfb4a05ded6622bd40204a2880","sha512":"f82510be19829a224c30b03bac8f69a940efc87c09e7f8687ad76a2bf873a672977a743bebea0812ee6022e9a787f1d327b65eb55940919a6d36186fea427744","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/cleanthat.yaml","filename":"cleanthat.yaml","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"ASCII text","size":262,"md5":"3b8f1cfe0389dd798a6c7d73329aab13","sha1":"29cf9880bcdd787ebad1509eec9556b0b6f7869b","sha256":"08163aae6eb5fb25e990784207370df6e4f6cf115590e74fcb32fc1c2b495496","sha512":"73e35c9010ae818eb44f48888916a3fcd0d7e82d1b3c7aed604cde8bd5b5c6ef3b819a91192a88fe5ab451f3fb71367544f4bf618a34762cc24a54337bb8a912","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx.sln","filename":"sarnax.cfx.sln","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1451,"md5":"97c4040261d539766ceac12eb617c997","sha1":"685f9b9abd1ee68e71502634d86a67888fcbdb2b","sha256":"2cb4adce73cc5f6f4c0263785f7efe804f3aa960c71c5260c4a411a445ebf8c6","sha512":"3e26d2b392694c555c0e60ea91794bd580be5c7fcdf8d1d50c6d9ac56f406e83e2e1071e49c959f646907b5e2140fadc4aa255655f63b724b173780c7cd68bf1","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/common.hpp","filename":"common.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":4774,"md5":"5ba1d7617d695dba245a3ac0c8dc6da7","sha1":"c73ef86288d41992f9d9a2c354e9ad19a81647e0","sha256":"caf1471a0106c1d960c4a17aeb1bf71f4c3aae34acee6a6fb30481186d4fb1e0","sha512":"81911189f0ed3dd414e9951a61e8c223e2ea720cf727bc1b7b1a421246ac135923204ef388d926b5776f8eea313cae30c0457f78fb389da7c76cb06044f7ab0d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/network.cpp","filename":"network.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, ASCII text, with CRLF line terminators","size":6265,"md5":"dfea218c91ffbae3d053686f7ec1fb5d","sha1":"00afd17e0213578b750e0717e3f87073259d3811","sha256":"abb6461f731a15e305dc73fcf19157b2f50b913a7275cf8379d021f0ebb729c2","sha512":"ca8ecf4375455aea4ebf560062022c665b56e082cb4acb7cabdb16b7eb207ce72dec2f6582b1fa7043ae096a8a2790a526c21507e3ed5e554f9adc35858479f8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/network.hpp","filename":"network.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":263,"md5":"843fe982987bda8f4b840ba0ffdd303e","sha1":"642269d481557d42c11063422c6e894153a8f74e","sha256":"118450eba05cc68bf7789acd8c4455f053ec48d345ba5efa8943d3dae452775f","sha512":"8d83db88ac66f60283f829c222533997d31164ff2408c81206e2281628214fd407dd06441df58fb61646bb8350ea82aaf54e114228f95bcd232d4709c177d30a","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/trace.cpp","filename":"trace.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, ASCII text, with very long lines (349), with CRLF line terminators","size":4780,"md5":"2c65576aa6d7abaae8e2505bac65ed86","sha1":"0e4f684343c1ded61ad76899cb09f9c1e9957a2f","sha256":"47630530901beb7015380afe5829254a6cd182d1cd7d6cdc6bdc7173ca81ecd3","sha512":"c505864aa1da1ee2bb6cffb4286293cdbe871eed1f3be6d1ab7d4cb620ef3b946f762aafbef20d657c80fb88ee45c26c3df4fabb342a9a3d68e2565883e3bc5f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/trace.hpp","filename":"trace.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":2523,"md5":"67ecaa2c19b3296d448c2b3af5a4928b","sha1":"f9c614e742257f5c8569515b262a0ee6a0f09271","sha256":"56f3b760c99dfad7c9a14cd499cfda9acfc7b8089802e83353cb85194732125c","sha512":"ce3e36afcbfb1ce927c96ab12d74d36f094d06cb4d6371093de71a7d2059d0f41f30eeeba7bbb919bb01eeedc72059c0e9891bf20948e1a522e0b62eb37b6e39","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/main.cpp","filename":"main.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":6832,"md5":"65cac3a1b715663da144aab46b037029","sha1":"7d840c9af27909984ca2e03b4a0646f1c1e7ad7c","sha256":"15dd9db71894d87ecfdba1c4729980346109ad81c93ad7848f1e680cf5e47d5a","sha512":"b0b8d9942b92ea24089f351d9bd435a0e9e7d333616f232bee66b8f2db273a68d5e40962b26a15514613574c69610af9be5c53fc2a436f2742a17ecafaf188a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj","filename":"sarnax.cfx.vcxproj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":7840,"md5":"42a2db66da5bb6f1596fbafc30e7cd22","sha1":"80456f086175abe5ae470c6a4a7fbbff6d2c8e8b","sha256":"242a6cb44b38eda019b9c12a5a4bbd06f0c054ce22cceebe540c4a96a187ee52","sha512":"c44f983dd36461269979274c6746f0cbe7d82f601bb03ae678d84543aa41955c4773f4b0eb46d226934b20c236981079d29af783f9abe32a8015f7fae5100026","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj.filters","filename":"sarnax.cfx.vcxproj.filters","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2044,"md5":"e7dd11ef7606246e4d3b617ae473ace2","sha1":"c610c4e1d32d3f8090efccae46991614092b2d3a","sha256":"103619b105347b70f796e30bb9f5fa4de110d7a173eb64cdd9ef1d3e2f458e28","sha512":"bb92cd8bb439d43cdacae7712ba1c71c41f1019801eb6ea019e273365efba63ff3e545123241aab545520862317722c82f15ba53e0b5fe65694fbcdd6ff832ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj.user","filename":"sarnax.cfx.vcxproj.user","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":168,"md5":"244d056f5e959be6d9a2f7e94686f1c8","sha1":"3ba38385380485d9ff25eb142eca0a01d8ce2fab","sha256":"c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676","sha512":"8d5c4c9e54c85c90224f7610fef69d9c7e8d0db6be369181ebed13e2be9c86b651a438f1978f99c3ef432a8cb6bc5b8df26c476e7e5b32511d0d31cd49b55f20","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-10","alert":"files - file ~tmp01925d3f.exe","trigger":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-12-18","alert":"Scan result 36/66","trigger":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","verdict":"malicious","severity":"","comment":"malicious - 36/66","link":"https://www.virustotal.com/gui/file/aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0416fe9d59b4b2553f56b7622ed04283","sha1":"19d9a247905b6b708f76b544e4a423aa9098c84b","sha256":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","sha512":"719ffb4e968a54acc5f4372c3ac9f6cf02c9c5c1c4b5f6a34b5938cad906ae84beba913f02c982944af77031e711c662132e275488c36a003ded2436dea93015","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":4316221,"url":{"schema":"https","addr":"codeload.github.com/cheatsgod/Fivem-Spoofer-CFX/zip/refs/tags/58.48","fqdn":"codeload.github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.10","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"archive":[{"path":"Fivem-Spoofer-CFX-58.48/README.md","filename":"README.md","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","size":2211,"md5":"e7b4454a0ce920850618b565cf61aeb7","sha1":"8c2f7edd0edbb4f02b1437cfc55541a9f0276ee5","sha256":"4e1a289777e11557ac74948ec9a7c81ca1dd09a35e4c18785c18b460d85f25f7","sha512":"6af1d650d2b3bb72f285b4d5a882adfadb7b5c438d701dbbe46af5e6d16634a2823eda4641c26d482b591d592485fe5aa7a4de8d1c6d4a3e300daee9e56a9d70","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","filename":"cfx_rat.exe","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 7 sections","size":364544,"md5":"ad7b7b32905e09687e4159c4a739a39e","sha1":"92a5c464048cf74ad7e5332cb3bd925239264541","sha256":"e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","sha512":"ed8e49bb5bf5fdc4d32e4c48a45cca2bad2f31d4ee8236556f82767ec8fba6d8cf3ca0003d8b901544c95b4f26badc32a141d18fed5f7fede4aaa811a5df86bc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-10","alert":"files - file ~tmp01925d3f.exe","trigger":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-08","alert":"Scan result 38/71","trigger":"e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","verdict":"malicious","severity":"","comment":"malicious - 38/71","link":"https://www.virustotal.com/gui/file/e36c106e985e38525f99e21e4a2bc6fc65d7e2f5eb4194fe69162eb80b436f71","meta":null}]}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe.recipe","filename":"cfx_rat.exe.recipe","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":311,"md5":"3d712041a23ad32b656e83f0a9220a07","sha1":"2fdd327a6756522bede62f93e28836dcf4ea5232","sha256":"d8c2e65f85a1f3fa462ef58c3fbe09fbfc905b55b2045d743f2c9b31a967a3c4","sha512":"98b7a3cfd5a65419b80e7261f24049aa054e2c9966c7775dffc4bfdf76a3613d983f8ad76a4df10c5c0088ab0a16e7fe65680e284f266bf7ea6d84eea64db31f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.iobj","filename":"cfx_rat.iobj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Intel amd64 COFF object file, not stripped, 4045 sections, symbol offset=0x19dbac, 12055 symbols, created Mon Mar 14 14:56:14 2022, 1st section name \".drectve\"","size":2222361,"md5":"bc4a24b68f0e17d58b9284063df80e2d","sha1":"4e019657334df15107d8cff168d49b9a0c38676d","sha256":"9bd5263fc02fbfc25eb19417c1338973de599474dc01ca9af53585fe76741562","sha512":"922ba887ecc9d7471f306eaa3570b6d1577f625840ecf892d1a93817dc5df085f71367716d8b51ebd1c0ad90888c7be323bb29e230827d4f192c7c15c6968af7","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.ipdb","filename":"cfx_rat.ipdb","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"data","size":882688,"md5":"7f08a9a2e9a7fe8654ea6c716df40cc8","sha1":"668c5409d3cb4e50bd7ee4d5946efeed4dff16d6","sha256":"1e7c86f895684075f63205035e979bf975396952f2252fe928311f9ef4d03821","sha512":"3ab90f7c37628e19f15dc863945a1750f5d243d689072a4fbc2527df4f63378bdcecd45fd159833e2d59446ddf5ca247d492c56187d36eee7ac9fea3839ef1c9","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.pdb","filename":"cfx_rat.pdb","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"MSVC program database ver 7.00, 4096*1647 bytes","size":6746112,"md5":"338d290f8c9653098a4d5747ab9929bc","sha1":"52671ad3b0da5a1ab19a1b9d83f520e7299b0ff6","sha256":"bb8bc4ce0ab8bf35ed70fe2c22b30b2470855b97c4e8a3a49850fd73a6c0d557","sha512":"8e42ff36bf789afa8314c09965ff20610defe51417079ca7552b6979a799af5543eb5adccced27b5dbc1062cf62d7827abe509c61cfb5d9b47e145ebac8b3361","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/main.obj","filename":"main.obj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Common Data Format (Version 2.5 or earlier) data","size":4081693,"md5":"860422e430c5ef03eacf7039736f1de2","sha1":"c4c63d3c459f83fc5ebd3eedeea318d20ff8f4c7","sha256":"baa5c21c3ee26e45bbd8e6779810bcf85bebedb00030e7b215b97ecce8c099ce","sha512":"39f888303b6084a487b8f8f13a0385eb23c5fadbbcb6339a9d20aa838c16a5392e1a0c0744350e87a8b3762499b0054a10239e3a3744ec51bcb25ded99f2cb67","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/network.obj","filename":"network.obj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Common Data Format (Version 2.5 or earlier) data","size":4008935,"md5":"c4da10bcf43a96b51b073c5d0714ea56","sha1":"c98655b019590819da97e3c77af38dec3151775d","sha256":"c1a0b0f5189a28bb28c825a4218c0255ac7d48334a04ac5c70adce93b8ae4d96","sha512":"839f7e1f0593c87da760958d51ab9a75b6e3602b382fec20c792294f65684df45840292ccdcd39990faf261472505c5e9b3237ea4dde2aa833b7265088aa4b9d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.log","filename":"sarnax.cfx.log","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators","size":1304,"md5":"8133a8eee7305053c4d90f4cdb4860ae","sha1":"1fe16c3a3393405dc71aefd2e3c85ac6fa4f8a05","sha256":"6f45c4f37f20a5aa6e0053fe1577ab26ac32105838f7d7a8405d8752be3c8d4f","sha512":"d108a8473664c4fa72d65f7e8153502e6710a057204eb0c96ec4758240f34dbcbc26e1bf99398b85b946703f918bf81879534552a1c0d99d6385b3a6ac6e0549","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.command.1.tlog","filename":"CL.command.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with very long lines (381), with CRLF line terminators","size":916,"md5":"4a78ce5b18a798a1704482e88e281c2e","sha1":"711e17c5262c27b7e964a2ee252191ea55474a47","sha256":"9dc9378e48f0b5541a3b8f16397248a9ba2fd0f59df45bef3ce398940afbca46","sha512":"f15621b49e7661bf7cdd8365ce6fb8237486090245c3a6556a273b5471aa353d8ab4c284b632df73a78543c454bc5fc2629168bd0a565bd2b901dbd4ae40274c","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.read.1.tlog","filename":"CL.read.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":52556,"md5":"cb2bed31bcef88fd5971850ad42fd9b2","sha1":"c4ebe17a2dc386a0a34b37836d9a65e749e42f04","sha256":"f0b26526d07092736dda6d23376c531d4b64ddab2f51023aaf83f95ea674dbe0","sha512":"f52aa35d0b8718a1b1fb1d2c324170b2e24bf7bb32ea6c0ce14d91f2902b3d189dd0aea64143afff369e41aaf750bb6fe3a352962d75c1423024c68dc5d475aa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/CL.write.1.tlog","filename":"CL.write.1.tlog","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":1060,"md5":"d54eacba775d16b64dd57eabf0a4240d","sha1":"dc7ff9ad26103273b35e27e31a0506bfd2094950","sha256":"728e8d99d01ffea9fab06e32e69fcef9a550751d55e0f7d3f81c0f1ad921c117","sha512":"d98e3a27a6666f18359564d94eba48ce173fec9a485b70770e1f12c8fe082e47dc46ce65a32e72787574ca4ce7bec8c5817479fadddc7a6062bfb79773cd0417","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/bin/release/sarnax.cfx.tlog/sarnax.cfx.lastbuildstate","filename":"sarnax.cfx.lastbuildstate","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":183,"md5":"d2c3e7e78c590a3aca4f352448e9347e","sha1":"fc75384a0aa805c6452e97765e2a73ecf8acafb8","sha256":"a47f419dd2425b80f26db915b74b32e8abb33bdfb4a05ded6622bd40204a2880","sha512":"f82510be19829a224c30b03bac8f69a940efc87c09e7f8687ad76a2bf873a672977a743bebea0812ee6022e9a787f1d327b65eb55940919a6d36186fea427744","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/cleanthat.yaml","filename":"cleanthat.yaml","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"ASCII text","size":262,"md5":"3b8f1cfe0389dd798a6c7d73329aab13","sha1":"29cf9880bcdd787ebad1509eec9556b0b6f7869b","sha256":"08163aae6eb5fb25e990784207370df6e4f6cf115590e74fcb32fc1c2b495496","sha512":"73e35c9010ae818eb44f48888916a3fcd0d7e82d1b3c7aed604cde8bd5b5c6ef3b819a91192a88fe5ab451f3fb71367544f4bf618a34762cc24a54337bb8a912","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx.sln","filename":"sarnax.cfx.sln","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":1451,"md5":"97c4040261d539766ceac12eb617c997","sha1":"685f9b9abd1ee68e71502634d86a67888fcbdb2b","sha256":"2cb4adce73cc5f6f4c0263785f7efe804f3aa960c71c5260c4a411a445ebf8c6","sha512":"3e26d2b392694c555c0e60ea91794bd580be5c7fcdf8d1d50c6d9ac56f406e83e2e1071e49c959f646907b5e2140fadc4aa255655f63b724b173780c7cd68bf1","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/common.hpp","filename":"common.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":4774,"md5":"5ba1d7617d695dba245a3ac0c8dc6da7","sha1":"c73ef86288d41992f9d9a2c354e9ad19a81647e0","sha256":"caf1471a0106c1d960c4a17aeb1bf71f4c3aae34acee6a6fb30481186d4fb1e0","sha512":"81911189f0ed3dd414e9951a61e8c223e2ea720cf727bc1b7b1a421246ac135923204ef388d926b5776f8eea313cae30c0457f78fb389da7c76cb06044f7ab0d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/network.cpp","filename":"network.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, ASCII text, with CRLF line terminators","size":6265,"md5":"dfea218c91ffbae3d053686f7ec1fb5d","sha1":"00afd17e0213578b750e0717e3f87073259d3811","sha256":"abb6461f731a15e305dc73fcf19157b2f50b913a7275cf8379d021f0ebb729c2","sha512":"ca8ecf4375455aea4ebf560062022c665b56e082cb4acb7cabdb16b7eb207ce72dec2f6582b1fa7043ae096a8a2790a526c21507e3ed5e554f9adc35858479f8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/network.hpp","filename":"network.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":263,"md5":"843fe982987bda8f4b840ba0ffdd303e","sha1":"642269d481557d42c11063422c6e894153a8f74e","sha256":"118450eba05cc68bf7789acd8c4455f053ec48d345ba5efa8943d3dae452775f","sha512":"8d83db88ac66f60283f829c222533997d31164ff2408c81206e2281628214fd407dd06441df58fb61646bb8350ea82aaf54e114228f95bcd232d4709c177d30a","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/trace.cpp","filename":"trace.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, ASCII text, with very long lines (349), with CRLF line terminators","size":4780,"md5":"2c65576aa6d7abaae8e2505bac65ed86","sha1":"0e4f684343c1ded61ad76899cb09f9c1e9957a2f","sha256":"47630530901beb7015380afe5829254a6cd182d1cd7d6cdc6bdc7173ca81ecd3","sha512":"c505864aa1da1ee2bb6cffb4286293cdbe871eed1f3be6d1ab7d4cb620ef3b946f762aafbef20d657c80fb88ee45c26c3df4fabb342a9a3d68e2565883e3bc5f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/core/trace.hpp","filename":"trace.hpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C++ source, ASCII text, with CRLF line terminators","size":2523,"md5":"67ecaa2c19b3296d448c2b3af5a4928b","sha1":"f9c614e742257f5c8569515b262a0ee6a0f09271","sha256":"56f3b760c99dfad7c9a14cd499cfda9acfc7b8089802e83353cb85194732125c","sha512":"ce3e36afcbfb1ce927c96ab12d74d36f094d06cb4d6371093de71a7d2059d0f41f30eeeba7bbb919bb01eeedc72059c0e9891bf20948e1a522e0b62eb37b6e39","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/main.cpp","filename":"main.cpp","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":6832,"md5":"65cac3a1b715663da144aab46b037029","sha1":"7d840c9af27909984ca2e03b4a0646f1c1e7ad7c","sha256":"15dd9db71894d87ecfdba1c4729980346109ad81c93ad7848f1e680cf5e47d5a","sha512":"b0b8d9942b92ea24089f351d9bd435a0e9e7d333616f232bee66b8f2db273a68d5e40962b26a15514613574c69610af9be5c53fc2a436f2742a17ecafaf188a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj","filename":"sarnax.cfx.vcxproj","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":7840,"md5":"42a2db66da5bb6f1596fbafc30e7cd22","sha1":"80456f086175abe5ae470c6a4a7fbbff6d2c8e8b","sha256":"242a6cb44b38eda019b9c12a5a4bbd06f0c054ce22cceebe540c4a96a187ee52","sha512":"c44f983dd36461269979274c6746f0cbe7d82f601bb03ae678d84543aa41955c4773f4b0eb46d226934b20c236981079d29af783f9abe32a8015f7fae5100026","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj.filters","filename":"sarnax.cfx.vcxproj.filters","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2044,"md5":"e7dd11ef7606246e4d3b617ae473ace2","sha1":"c610c4e1d32d3f8090efccae46991614092b2d3a","sha256":"103619b105347b70f796e30bb9f5fa4de110d7a173eb64cdd9ef1d3e2f458e28","sha512":"bb92cd8bb439d43cdacae7712ba1c71c41f1019801eb6ea019e273365efba63ff3e545123241aab545520862317722c82f15ba53e0b5fe65694fbcdd6ff832ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Fivem-Spoofer-CFX-58.48/sarnax.cfx/sarnax.cfx.vcxproj.user","filename":"sarnax.cfx.vcxproj.user","modified":"2022-10-12T14:57:52-07:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":168,"md5":"244d056f5e959be6d9a2f7e94686f1c8","sha1":"3ba38385380485d9ff25eb142eca0a01d8ce2fab","sha256":"c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676","sha512":"8d5c4c9e54c85c90224f7610fef69d9c7e8d0db6be369181ebed13e2be9c86b651a438f1978f99c3ef432a8cb6bc5b8df26c476e7e5b32511d0d31cd49b55f20","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-10","alert":"files - file ~tmp01925d3f.exe","trigger":"Fivem-Spoofer-CFX-58.48/bin/release/cfx_rat.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-12-18","alert":"Scan result 36/66","trigger":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","verdict":"malicious","severity":"","comment":"malicious - 36/66","link":"https://www.virustotal.com/gui/file/aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"codeload.github.com/cheatsgod/Fivem-Spoofer-CFX/zip/refs/tags/58.48","fqdn":"codeload.github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.10","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-10T18:36:19.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Thu, 05 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7A:96:66:B4:C7:AA:A7:7E:A1:CD:48:AF:0B:3D:0F:BF:60:60:4F:B2","sha256":"E1:98:8B:15:72:3F:32:52:C2:39:56:E1:1B:04:4E:37:BC:7B:9F:ED:1C:4D:5E:10:FA:7A:E3:8F:5B:E0:6C:4E"}}},"request":{"raw":"GET /cheatsgod/Fivem-Spoofer-CFX/zip/refs/tags/58.48 HTTP/1.1\r\nHost: codeload.github.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: https://render.githubusercontent.com\r\ncontent-disposition: attachment; filename=Fivem-Spoofer-CFX-58.48.zip\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/zip\r\ncross-origin-resource-policy: cross-origin\r\netag: W/\"06ef9f74a51406bc3deeed5a6d613964f59facccd7b2fc7680a1f43df96e59f7\"\r\nstrict-transport-security: max-age=31536000\r\nvary: Authorization,Accept-Encoding,Origin\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\ndate: Mon, 10 Mar 2025 18:36:20 GMT\r\nx-github-request-id: 8C76:599AB:114302:13F706:67CF3123\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4316221,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"0416fe9d59b4b2553f56b7622ed04283","sha1":"19d9a247905b6b708f76b544e4a423aa9098c84b","sha256":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","sha512":"719ffb4e968a54acc5f4372c3ac9f6cf02c9c5c1c4b5f6a34b5938cad906ae84beba913f02c982944af77031e711c662132e275488c36a003ded2436dea93015","ssdeep":"98304:0klTWZBG3isXUFCyPDN8BIGtGOU9TIvrsq7SFXOqFh:0ZEis1yLN8eGXGYrsaWX9Fh","tlshash":"7116336d346417ccf86d00ef229ba709492250f9668fe6729d40602af51d277fece27e","first_seen":"2025-03-10T18:36:48.004646Z","last_seen":"2025-03-10T18:36:48.004646Z","times_seen":1,"resource_available":false,"data":null}},"time_used":910,"timings":{"blocked":344,"dns":85,"connect":75,"send":0,"wait":222,"receive":0,"ssl":182},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-12-18","alert":"Scan result 36/66","trigger":"aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","verdict":"malicious","severity":"","comment":"malicious - 36/66","link":"https://www.virustotal.com/gui/file/aa9550e19450949ee72f18607b2a34de9c0709437057d347799c573d298d0e8a","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"github.com/cheatsgod/Fivem-Spoofer-CFX/archive/refs/tags/58.48.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-10T18:36:19.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Thu, 05 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A","sha256":"B8:BB:81:87:68:33:87:39:42:04:5A:8D:F8:F0:62:19:E0:06:02:EB:CB:43:84:C7:AB:C2:4F:18:37:9C:87:F5"}}},"request":{"raw":"GET /cheatsgod/Fivem-Spoofer-CFX/archive/refs/tags/58.48.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Mon, 10 Mar 2025 18:36:19 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://codeload.github.com/cheatsgod/Fivem-Spoofer-CFX/zip/refs/tags/58.48\r\ncache-control: max-age=0, private\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\nx-github-request-id: CA66:CBB1C:1D87C2B:1E20372:67CF3123\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":4316221,"size_decoded":0,"mime_type":"application/zip","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-26T18:18:27.566527Z","times_seen":15742433,"resource_available":true,"data":null}},"time_used":1081,"timings":{"blocked":442,"dns":67,"connect":74,"send":0,"wait":197,"receive":0,"ssl":297},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}