{"report_id":"3c796394-8844-4389-8ff2-3bf1a0bd86db","version":6,"status":"done","tags":[],"date":"2024-11-06T16:35:47Z","url":{"schema":"http","addr":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup-3.1.95.exe","fqdn":"www.hibitsoft.ir","domain":"hibitsoft.ir","tld":"ir"},"ip":{"addr":"185.159.153.125","port":0,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-15T16:35:47Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.hibitsoft.ir","ip":{"addr":"185.159.153.125","port":443,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2017-11-19T13:36:15Z","last_seen":"2024-10-27T00:55:28.824387Z","alert_count":2,"request_count":2,"received_data":3558607,"sent_data":1035,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"dd05dc5cbbc91d400d5753f50098276e","sha1":"6e03a1a2f8a1437094daf4ea02e5544d74f1c2da","sha256":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","sha512":"ef8519b741e8518dbc409de6028ef7bd00b1ff0ac5f7683c1a3f5079e5d17dac6ae0ad939671219ef525049d87a2a01e1e8e7e95c5ad071dc5c3e325df572ce0","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":3557817,"url":{"schema":"https","addr":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","fqdn":"www.hibitsoft.ir","domain":"hibitsoft.ir","tld":"ir"},"ip":{"addr":"185.159.153.125","port":443,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-06","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-31","alert":"Scan result 1/70","trigger":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"dd05dc5cbbc91d400d5753f50098276e","sha1":"6e03a1a2f8a1437094daf4ea02e5544d74f1c2da","sha256":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","sha512":"ef8519b741e8518dbc409de6028ef7bd00b1ff0ac5f7683c1a3f5079e5d17dac6ae0ad939671219ef525049d87a2a01e1e8e7e95c5ad071dc5c3e325df572ce0","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":3557817,"url":{"schema":"https","addr":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","fqdn":"www.hibitsoft.ir","domain":"hibitsoft.ir","tld":"ir"},"ip":{"addr":"185.159.153.125","port":443,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-06","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-31","alert":"Scan result 1/70","trigger":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-06","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup-3.1.95.exe","fqdn":"www.hibitsoft.ir","domain":"hibitsoft.ir","tld":"ir"},"ip":{"addr":"185.159.153.125","port":443,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:22.658Z","timestamp":1730910922658,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hibitsoft.ir","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 12 Oct 2024 11:58:36 GMT","end":"Fri, 10 Jan 2025 11:58:35 GMT"},"fingerprint":{"sha1":"8A:3E:9B:DF:AF:37:8F:60:09:60:71:07:1C:38:22:E2:62:58:86:9A","sha256":"D8:FB:1E:D7:83:87:67:21:BA:65:00:F8:0D:EB:43:3F:99:C9:B0:C3:9B:CA:0D:30:06:44:D7:58:0D:5C:AE:78"}}},"request":{"raw":"GET /HiBitUninstaller/HiBitUninstaller-setup-3.1.95.exe HTTP/1.1\r\nHost: www.hibitsoft.ir\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:23 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 276\r\nConnection: keep-alive\r\nLocation: https://www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":276,"size_decoded":276,"mime_type":"application/x-msdownload","magic":"HTML document, ASCII text","md5":"fd13cf1f44de6081bdb18e98590872cb","sha1":"0a5216dc53a1f959653f5b3c959f20753e3c8ec7","sha256":"e6fa5fda67cbbb68d4b3abd3f388ab1db9f97f85fb53dc670aff8f29584229b8","sha512":"52d25a16e3641a7b950a73b50fc68953f3b8f49332853d6c86d92234349ae25a36a27df6d2975b0f5b5ff9d35cb5ef2a3bfefcc881aa9f02b65f579b86cc8995","ssdeep":"","tlshash":"4bd02bfc57a210f07f133789699221e1355a20f4959655fb26eb2844c40b57e484a0d9","first_seen":"2023-07-02T18:32:16Z","last_seen":"2024-11-27T02:16:33.658015Z","times_seen":4,"resource_available":false,"data":null}},"time_used":948,"timings":{"blocked":414,"dns":171,"connect":107,"send":0,"wait":105,"receive":1,"ssl":134},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","fqdn":"www.hibitsoft.ir","domain":"hibitsoft.ir","tld":"ir"},"ip":{"addr":"185.159.153.125","port":443,"asn":201999,"as":"Fanavari Serverpars Argham Gostar Company Ltd.","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:23.184Z","timestamp":1730910923184,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hibitsoft.ir","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 12 Oct 2024 11:58:36 GMT","end":"Fri, 10 Jan 2025 11:58:35 GMT"},"fingerprint":{"sha1":"8A:3E:9B:DF:AF:37:8F:60:09:60:71:07:1C:38:22:E2:62:58:86:9A","sha256":"D8:FB:1E:D7:83:87:67:21:BA:65:00:F8:0D:EB:43:3F:99:C9:B0:C3:9B:CA:0D:30:06:44:D7:58:0D:5C:AE:78"}}},"request":{"raw":"GET /HiBitUninstaller/HiBitUninstaller-setup.exe HTTP/1.1\r\nHost: www.hibitsoft.ir\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:23 GMT\r\nContent-Type: application/x-msdownload\r\nContent-Length: 3557817\r\nConnection: keep-alive\r\nLast-Modified: Wed, 25 Sep 2024 12:00:25 GMT\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding,User-Agent\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3557817,"size_decoded":3557817,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","md5":"dd05dc5cbbc91d400d5753f50098276e","sha1":"6e03a1a2f8a1437094daf4ea02e5544d74f1c2da","sha256":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","sha512":"ef8519b741e8518dbc409de6028ef7bd00b1ff0ac5f7683c1a3f5079e5d17dac6ae0ad939671219ef525049d87a2a01e1e8e7e95c5ad071dc5c3e325df572ce0","ssdeep":"49152:4yTXdj9rBwWrs2h25TOx7UVsDYQ9Uy8pl/exME20+AhA+Gb0iiDefQWn1aq:ZThvZY2h2RO44JUDlGDcAhfviqWn1X","tlshash":"b7f5331797f22ab3d6189f327d76698a026bba0c883d04453b9cbefd5b09d40875b7c4","first_seen":"2024-09-25T22:28:31Z","last_seen":"2024-12-28T02:12:56.882854Z","times_seen":7,"resource_available":false,"data":null}},"time_used":978,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":204,"receive":774,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-06","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"www.hibitsoft.ir/HiBitUninstaller/HiBitUninstaller-setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-31","alert":"Scan result 1/70","trigger":"fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/fdb2fc6124b4572a4c7a8905fc428a4be1966288fe17e5d1e04491b1176976ed","meta":null}],"urlquery":null}}]}