Report - osdn.ip-connect.vn.ua/slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip

Report Overview

Submitted URL
osdn.ip-connect.vn.ua/slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip
IP
91.236.251.38
ASN
#57944 IP-Connect LLC
Submitted
2024-05-07 06:58:16
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
15

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
osdn.ip-connect.vn.ua	unknown	2012-02-27	2020-10-06	2024-03-15	526 B	4.0 MB	91.236.251.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
osdn.ip-connect.vn.ua/slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip
IP
91.236.251.35
ASN
#57944 IP-Connect LLC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.0 MB (3975252 bytes)
Hash
2dc0f9ec09d571642f2cd2b796211c06
5f3ba2670a99b2666d4e2cccda5862325d0448d1
d028d4c296be48059ca85476f0d7a3a30dc18492e079acde1b0760ca950fdc81

Archive (13)

Filename

Md5

File type

cpu-capabilities-x64.dll

97e5faa1394da3451e35b827d0d44d23

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 4 sections

cpu-capabilities-x86.dll

a724858f56a2941555ed403a936d5818

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

LICENSE.txt

473a7959b44c2f42c375d904305b6307

ASCII text, with CRLF line terminators

README.html

64e635563b349d850b99f806c45da2ec

HTML document, Unicode text, UTF-8 text, with very long lines (56271), with CRLF line terminators

ndp472-kb4054531-web.exe

b3844d880d71de6d787190d2e378101b

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

post-install-launcher.exe

84f145f0a38d04034525e1ee9e2c4d0a

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

slunkcrypt-cli-arm64.exe

5196133d7ce3268aa7658a5db1f1a81d

PE32+ executable (console) Aarch64, for MS Windows, 6 sections

slunkcrypt-cli-avx2.exe

1e1fb00011a91e6d4d5be37c8e6262b2

PE32+ executable (console) x86-64, for MS Windows, 11 sections

slunkcrypt-cli-i686.exe

462e122348c0e330bd07fd9a2a4dd814

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

slunkcrypt-cli-sse2.exe

e095e86336f4b4777adf81d735e745bb

PE32 executable (console) Intel 80386, for MS Windows, 10 sections

slunkcrypt-cli-x64.exe

7b6e41e8552157c2109416f8f7464737

PE32+ executable (console) x86-64, for MS Windows, 11 sections

slunkcrypt-gui.exe

c08d22709c752e1ee3aa47cf9cc910ec

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

slunkcrypt-gui.exe.config

60fd93aafc939dc8ea62cda0f05db0af

XML 1.0 document, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 5/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

osdn.ip-connect.vn.ua/slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip

91.236.251.35

200 OK

4.0 MB

URL User Request GET HTTP/2
osdn.ip-connect.vn.ua/slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip
IP
91.236.251.35:443
ASN
#57944 IP-Connect LLC

Certificate
IssuerLet's Encrypt
Subjectosdn.ip-connect.vn.ua
Fingerprint0C:C5:C1:BE:4B:58:E7:BF:9E:6C:86:76:0C:75:68:11:71:5F:7D:72
ValidityFri, 26 Apr 2024 12:25:52 GMT - Thu, 25 Jul 2024 12:25:51 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.0 MB (3975252 bytes)
Hash
2dc0f9ec09d571642f2cd2b796211c06
5f3ba2670a99b2666d4e2cccda5862325d0448d1
d028d4c296be48059ca85476f0d7a3a30dc18492e079acde1b0760ca950fdc81

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/65

HTTP Headers

GET /slunkcrypt/78067/slunkcrypt.2022-12-12.windows.zip HTTP/1.1
Host: osdn.ip-connect.vn.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 06:57:50 GMT
content-type: application/zip
content-length: 3975252
last-modified: Mon, 12 Dec 2022 23:16:01 GMT
etag: "6397b631-3ca854"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers