Report - github.com/svysjghvkshdhhk/qs-bsv-csdv-sdncsdnh/releases/download/hgsdhfgfkshf/BANGER.zip

Report Overview

Visitedpublic

2025-03-26 17:43:21

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
github.com	1423	2007-10-09	2016-07-13	2025-03-26	557 B	2.9 MB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-03-26	967 B	2.9 MB	185.199.111.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-release-asset-2e65be/951118077/6f53c49d-bdee-4efe-8b9b-2fc29f4a252e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T174257Z&X-Amz-Expires=300&X-Amz-Signature=2a9c483ae93f05018d6619625a34a6c9df375c7d87a135d5ecfd6ab9e26a1ee7&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DBANGER.zip&response-content-type=application%2Foctet-stream

IP / ASN

185.199.111.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size2.9 MB (2887902 bytes)

MD5468ed15732330751ff2f626970dfccfd

SHA1df50d86f08e430cadeb9ae136be2fd0e1a4193b9

SHA256397572611621620928337446045227bb706759412241debf016f3d0ef11fa80d

Archive (19)

Modified	Filename	Size	MD5	File type
2024-05-03 05:22	rtkiow10x64.sys	65 kB	96a8b535b5e14b582ca5679a3e2a5946	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2024-12-11 02:19	ss2031.exe	395 kB	206fbc02bfe3a68ee7c9f26555a94d89	PE32+ executable (console) x86-64, for MS Windows, 5 sections
2024-05-03 05:22	SxeaaV1X64.sys	19 kB	785045f8b25cd2e937ddc6b09debe01a	PE32+ executable (native) x86-64, for MS Windows, 5 sections
2024-12-11 02:19	Volumeid64.exe	170 kB	81a45f1a91448313b76d2e6d5308aa7a	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2024-05-03 05:22	AeeccSV1X64.sys	37 kB	9accebd928a8926fecf317f53cd1c44e	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2024-05-03 05:22	AfkzzV1X64.sys	19 kB	785045f8b25cd2e937ddc6b09debe01a	PE32+ executable (native) x86-64, for MS Windows, 5 sections
2024-12-11 02:19	db3289.exe	488 kB	24eba1406ae001c6474e4cab574987f4	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2024-05-03 05:22	db3289.exe.bak	488 kB	24eba1406ae001c6474e4cab574987f4	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2024-12-11 02:19	eu4837.exe	4.8 MB	4325420a99393a6ad6044818ae61f945	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2024-12-11 02:19	fb4953.exe	411 kB	03920d49be940f5a272b264fb1c37c04	PE32+ executable (console) x86-64, for MS Windows, 5 sections
2024-08-26 03:56	i3782.bat	5.6 kB	3847c26e5010cef400a328889a37dc7b	DOS batch file, ASCII text, with CRLF line terminators
2024-05-03 05:22	iqvsw64e.cat	10 kB	93e365f71c2e9c8d61c64f2783fa0868	DER Encoded PKCS#7 Signed Data
2024-05-03 05:22	iqvsw64e.inf	2.4 kB	9fc2029a6ebf64e1af9f656b82fdea1a	Windows setup INFormation
2024-05-03 05:22	iqvsw64e.sys	63 kB	a04fa610c631055c3c7b11df5887fbab	PE32+ executable (native) x86-64, for MS Windows, 8 sections
2025-02-16 21:09	Kernel Spoofer.exe	35 kB	df2c3be4ee2981c9803a60044e4b8cda	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2021-09-27 09:16	Kokuban.dll	30 kB	4e04df2191f5d7c13f86631e206a16eb	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2024-12-11 02:19	rn3987.exe	764 kB	302a86510b5c2a807bfad326224880d1	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2024-05-03 05:22	RTIoLib64.dll	159 kB	23b63b64c57ffe0129af6ee4b38ea7db	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections
2024-05-03 05:22	rtkio64.sys	55 kB	96e10a2904fff9491762a4fb549ad580	PE32+ executable (native) x86-64, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio64.sys
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.Rtkio
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.Amifldrv
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.Amifldrv
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.Rtkio
VirusTotal	malicious	VirusTotal - Scan result 26/68

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size