Report Overview
Visitedpublic
2023-10-03 10:16:56
Tags
Submit Tags
URL
github.com/S3cur3Th1sSh1t/Creds/blob/master/Ghostpack/SafetyKatz.exe?raw=true
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
github.com | 1423 | 2007-10-09 | 2016-07-13 12:28:22 | 2023-09-20 18:48:10 | 1.5 kB | 6.8 kB | 140.82.121.4 | |
raw.githubusercontent.com 4 alert(s) on this Domain | 35802 | 2014-02-06 | 2014-03-01 08:08:08 | 2023-10-02 18:32:49 | 534 B | 2.1 MB | 185.199.110.133 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2023-10-03 | medium | raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/Ghostpack/SafetyKatz.exe | The TypeLibGUID present in a .NET binary maps directly to the ProjectGuid found in the '.csproj' file of a .NET project. This rule looks for .NET PE files that contain the ProjectGuid found in the public SafetyKatz project. |
| 2023-10-03 | medium | raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/Ghostpack/SafetyKatz.exe | Detects c# red/black-team tools via typelibguid |
| 2023-10-03 | medium | raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/Ghostpack/SafetyKatz.exe | Windows.Hacktool.SafetyKatz |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/Ghostpack/SafetyKatz.exe
IP / ASN
185.199.110.133
File Overview
File TypePE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size2.1 MB (2059264 bytes)
MD5e615c10b8676ae8cd10768beae1e41d4
SHA1aee671334f6d7c53be7c0ea2b49ecbe7c204f0d6
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | The TypeLibGUID present in a .NET binary maps directly to the ProjectGuid found in the '.csproj' file of a .NET project. This rule looks for .NET PE files that contain the ProjectGuid found in the public SafetyKatz project. |
| Public Nextron YARA rules | malware | Detects c# red/black-team tools via typelibguid |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SafetyKatz |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (3)
| URL | IP | Response | Size |
|---|