Report - raw.githubusercontent.com/pankoza2-pl/trojan-leaks/main/neptunium.exe

Report Overview

Visitedpublic

2024-07-19 17:07:04

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-18 18:12:17	2.9 kB	8.0 kB	23.33.119.27
raw.githubusercontent.com	35802	2014-02-06	2014-03-01 08:08:08	2024-07-18 22:13:21	523 B	1.4 MB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

raw.githubusercontent.com/pankoza2-pl/trojan-leaks/main/neptunium.exe

IP / ASN

185.199.109.133

#54113 FASTLY

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size1.4 MB (1378304 bytes)

MD594259b5ad79024a5b6f5388f18ec061f

SHA1975251f1d30d9e0c41a88ff58eaa98283d0b2c01

SHA256100b97224063dbaea25b4d53672b7e3fc81443aeef10151c47096ffb3c849334

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 57/72

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen27719

Size504 B (504 bytes)

MD5c746d0145c03aa7156aa6a21d8cd2d41

SHA18fb7cb950f28012e8bf42cf02c7598862c66e21f

SHA256c695ccd93d9e45c8d7b4b08201a3fe45221658531fa0a54f778dadcc2479399e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C695CCD93D9E45C8D7B4B08201A3FE45221658531FA0A54F778DADCC2479399E"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7888
Expires: Fri, 19 Jul 2024 19:18:04 GMT
Date: Fri, 19 Jul 2024 17:06:36 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen16000

Size504 B (504 bytes)

MD5df89293c476ae09fa6ea5ee32b70224e

SHA1e684c88f3ffd36b50489c5391a3637218329e080

SHA2561a09f23c5518140b3792a6c0729e19f7cd9c728016840567f7068b7df5bccb81

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A09F23C5518140B3792A6C0729E19F7CD9C728016840567F7068B7DF5BCCB81"
Last-Modified: Thu, 18 Jul 2024 08:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3812
Expires: Fri, 19 Jul 2024 18:10:08 GMT
Date: Fri, 19 Jul 2024 17:06:36 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen26255

Size504 B (504 bytes)

MD5ba83fc82f22d464fbc0a613d3224fdef

SHA1b8d2b3e057c0d01c05e3891f5b5cdaf09e001d3b

SHA25617205f996d5ce1462adb970516597f51763582906181b875e45b5b7535f38b8f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "17205F996D5CE1462ADB970516597F51763582906181B875E45B5B7535F38B8F"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13895
Expires: Fri, 19 Jul 2024 20:58:11 GMT
Date: Fri, 19 Jul 2024 17:06:36 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen11218

Size504 B (504 bytes)

MD5c1c566b13420f7d3edbf1d5ed3b27db9

SHA197de217d617fdc3b20f959d006b312b10cc0cbae

SHA256fbe357f2cc5c225f66ccd61407a0609124df4790b268fcadf2c3399579ceed4f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FBE357F2CC5C225F66CCD61407A0609124DF4790B268FCADF2C3399579CEED4F"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3346
Expires: Fri, 19 Jul 2024 18:02:22 GMT
Date: Fri, 19 Jul 2024 17:06:36 GMT
Connection: keep-alive

GET raw.githubusercontent.com/pankoza2-pl/trojan-leaks/main/neptunium.exe

185.199.109.133

200 OK

1.4 MB

URL User Request GET HTTPS

raw.githubusercontent.com/pankoza2-pl/trojan-leaks/main/neptunium.exe

IP / ASN

185.199.109.133

#54113 FASTLY

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2023-06-23

Last Seen2025-01-19

Times Seen28

Size1.4 MB (1378304 bytes)

MD594259b5ad79024a5b6f5388f18ec061f

SHA1975251f1d30d9e0c41a88ff58eaa98283d0b2c01

SHA256100b97224063dbaea25b4d53672b7e3fc81443aeef10151c47096ffb3c849334

Certificate Info

IssuerDigiCert Inc

Subject*.github.io

Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28

ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 57/72

HTTP Headers

GET /pankoza2-pl/trojan-leaks/main/neptunium.exe HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: W/"5e47eed4c37014d414f61405f694175df43839698b62c3aaa7cd26d102c8bf19"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 63DD:2CB86D:2893CFC:2A99CE3:669A9D1C
accept-ranges: bytes
date: Fri, 19 Jul 2024 17:06:37 GMT
via: 1.1 varnish
x-served-by: cache-hel1410028-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1721408797.047396,VS0,VE260
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3612f962ba578f502bf08a1b53b5d4312a3e14bc
expires: Fri, 19 Jul 2024 17:11:37 GMT
source-age: 0
content-length: 1378304
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen15177

Size504 B (504 bytes)

MD51543efa0b06a3c4484d059961f9cf2d0

SHA11aef10797a9524ff91b70e87f41e935a2dbf1917

SHA256a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7978
Expires: Fri, 19 Jul 2024 19:19:36 GMT
Date: Fri, 19 Jul 2024 17:06:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen15177

Size504 B (504 bytes)

MD51543efa0b06a3c4484d059961f9cf2d0

SHA11aef10797a9524ff91b70e87f41e935a2dbf1917

SHA256a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7978
Expires: Fri, 19 Jul 2024 19:19:36 GMT
Date: Fri, 19 Jul 2024 17:06:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen15177

Size504 B (504 bytes)

MD51543efa0b06a3c4484d059961f9cf2d0

SHA11aef10797a9524ff91b70e87f41e935a2dbf1917

SHA256a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7978
Expires: Fri, 19 Jul 2024 19:19:36 GMT
Date: Fri, 19 Jul 2024 17:06:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen15177

Size504 B (504 bytes)

MD51543efa0b06a3c4484d059961f9cf2d0

SHA11aef10797a9524ff91b70e87f41e935a2dbf1917

SHA256a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12287
Expires: Fri, 19 Jul 2024 20:31:25 GMT
Date: Fri, 19 Jul 2024 17:06:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-18

Last Seen2024-08-19

Times Seen15177

Size504 B (504 bytes)

MD51543efa0b06a3c4484d059961f9cf2d0

SHA11aef10797a9524ff91b70e87f41e935a2dbf1917

SHA256a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12287
Expires: Fri, 19 Jul 2024 20:31:25 GMT
Date: Fri, 19 Jul 2024 17:06:38 GMT
Connection: keep-alive