{"report_id":"437597ee-65a0-4506-a60a-9ce32efeb8e9","version":6,"status":"done","tags":[],"date":"2024-10-31T20:31:55Z","url":{"schema":"http","addr":"files.getgrass.io/file/grass-extension-upgrades/extension-latest/grass-community-node-windows-4.26.2.zip","fqdn":"files.getgrass.io","domain":"getgrass.io","tld":"io"},"ip":{"addr":"108.157.229.89","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-09T20:31:55Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"files.getgrass.io","ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-03-17","domain_rank":0,"first_seen":"2024-10-17T13:46:17.504088Z","last_seen":"2024-10-27T01:43:25.36673Z","alert_count":0,"request_count":1,"received_data":3579372,"sent_data":558,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"3ed6f504716bfcee19f27a486fd463ac","sha1":"8ea93a2d6be852c480236b673e246e9a5b00cbb3","sha256":"0bfe27f8bfce3e9c6d793beeeb96148c6dccfa9a514c9ff8339f83a94d8377b1","sha512":"01a6f9af125e913df3ac0f0a9d69b146f6a15fb3b21d41ccdd7dda66c1d2735bada91f189b9cd70244355f3994b8df0b54a31d78e7a00c90c59c5a0daefe1ab5","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":3578502,"url":{"schema":"https","addr":"files.getgrass.io/file/grass-extension-upgrades/extension-latest/grass-community-node-windows-4.26.2.zip","fqdn":"files.getgrass.io","domain":"getgrass.io","tld":"io"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"archive":[{"path":"grass_config.exe","filename":"grass_config.exe","modified":"","Modified":"2024-07-25T13:40:32Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":219480,"md5":"cf2090913e8d4a1d955ad19253f2a883","sha1":"207ad19cfa46db208de17b098fc9759a0d44e761","sha256":"badf3ef60577230f0b73cce9d3772dee18d71d5f330cf818f36d91bc1b5baa26","sha512":"119a4055996d07afb680226be9e49ff7149895738d77e793cc83f114df4f8996a20f948490673f5c27affed5577536e9123e6798808cbf1c1758c4a73d3dae9a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-31","alert":"detect_Redline_Stealer","trigger":"grass_config.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]}},{"path":"grass-4.26.2.crx","filename":"grass-4.26.2.crx","modified":"","Modified":"2024-07-25T13:41:20Z","magic":"Google Chrome extension, version 3","size":3458993,"md5":"13d6a9d164017515dc730cb57f740cae","sha1":"5435e8115480d1e6ebb043320715b54b36691c12","sha256":"decfee58db2e3cc8120c70c7630eea519153d409ba86b83dc663341945dc840a","sha512":"3ef16618bfe0d18966c40192c87541161728ecc7bffbc48976b3f3ae5457afe6c6b440b7c8890191947b54c800cbc5a65ee5ad931a0ae0635fc8dbf4abee5531","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-31","alert":"detect_Redline_Stealer","trigger":"grass_config.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"files.getgrass.io/file/grass-extension-upgrades/extension-latest/grass-community-node-windows-4.26.2.zip","fqdn":"files.getgrass.io","domain":"getgrass.io","tld":"io"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-31T20:31:30.058Z","timestamp":1730406690058,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.getgrass.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 25 Apr 2024 00:00:00 GMT","end":"Sun, 25 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"3C:C5:E0:63:F7:72:7E:A9:23:B7:2B:F6:09:C8:A8:C9:DD:57:DE:E9","sha256":"66:25:7F:21:CB:F7:43:B2:3E:A7:28:73:96:7C:53:19:B8:42:17:39:AA:95:79:2C:B3:F6:F1:2C:46:AC:0E:54"}}},"request":{"raw":"GET /file/grass-extension-upgrades/extension-latest/grass-community-node-windows-4.26.2.zip HTTP/1.1\r\nHost: files.getgrass.io\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/zip\r\ncontent-length: 3578502\r\nserver: nginx\r\ndate: Thu, 31 Oct 2024 20:31:30 GMT\r\nstrict-transport-security: max-age=63072000\r\nx-bz-file-name: extension-latest/grass-community-node-windows-4.26.2.zip\r\nx-bz-file-id: 4_zcd4a120b7b00f8738be00317_f103512985eaa0180_d20240725_m134132_c005_v0501022_t0056_u01721914892066\r\nx-bz-content-sha1: 8ea93a2d6be852c480236b673e246e9a5b00cbb3\r\nx-bz-upload-timestamp: 1721914892066\r\naccept-ranges: bytes\r\nx-bz-info-src_last_modified_millis: 1721914881094\r\nx-bz-client-unauthorized-to-read: X-Bz-File-Retention-Mode,X-Bz-File-Retention-Retain-Until-Timestamp,X-Bz-File-Legal-Hold\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: gKpNurMQXiKFCaz-Ygn_tE8HJ2LPU7Zz_VzIEhz-BzEDi5cVyuGxgw==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3578502,"size_decoded":3578502,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"3ed6f504716bfcee19f27a486fd463ac","sha1":"8ea93a2d6be852c480236b673e246e9a5b00cbb3","sha256":"0bfe27f8bfce3e9c6d793beeeb96148c6dccfa9a514c9ff8339f83a94d8377b1","sha512":"01a6f9af125e913df3ac0f0a9d69b146f6a15fb3b21d41ccdd7dda66c1d2735bada91f189b9cd70244355f3994b8df0b54a31d78e7a00c90c59c5a0daefe1ab5","ssdeep":"98304:1iaxiZpMPuHva5LhgmpIcVi5E7EYh/bVmF3k:4MP0+hNVuspV","tlshash":"fff533be77db2672deb3f870254c8c07dae62ceee0f1c455d358a498094bc461e21da9","first_seen":"2024-07-26T21:35:55Z","last_seen":"2024-11-11T01:16:01.569084Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1738,"timings":{"blocked":191,"dns":42,"connect":1,"send":0,"wait":419,"receive":935,"ssl":148},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}