{"report_id":"4ba70303-9a4f-458e-adc4-df2d6b573906","version":6,"status":"done","tags":[],"date":"2024-10-29T19:38:08Z","url":{"schema":"http","addr":"mi-unlock.tech/build/Unlock-Wizard_1.2.8_x86_en-US.zip","fqdn":"mi-unlock.tech","domain":"mi-unlock.tech","tld":"tech"},"ip":{"addr":"172.67.181.79","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-07T19:38:07Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mi-unlock.tech","ip":{"addr":"104.21.75.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-07-01","domain_rank":0,"first_seen":"2024-10-29T19:38:08.488384Z","last_seen":"2024-10-29T19:38:08.488384Z","alert_count":0,"request_count":1,"received_data":5938743,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"57651de8954eae823c3ad89f00f3a1c5","sha1":"9755234cc74c556e125ab14322960ceec3429134","sha256":"77e7ec9837ed97e793cbbca98d02bc85703da70dde14c88a8bec744a56bbcd79","sha512":"319cf73190d2a739302104657e9a6c6dcac70ecb5a47a91617c3a3a98334bb6caae12c7e0b58f3a04137da977f71e61ee6c89bbb72fab8af8cf1c3de8f610b7d","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":5937788,"url":{"schema":"https","addr":"mi-unlock.tech/build/Unlock-Wizard_1.2.8_x86_en-US.zip","fqdn":"mi-unlock.tech","domain":"mi-unlock.tech","tld":"tech"},"ip":{"addr":"104.21.75.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Unlock-Wizard_1.2.8_x86_en-US.msi","filename":"Unlock-Wizard_1.2.8_x86_en-US.msi","modified":"","Modified":"2024-08-14T15:00:39+03:00","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Unlock-Wizard, Author: unlock-wizard, Keywords: Installer, Comments: This installer database contains the logic and data required to install Unlock-Wizard., Template: Intel;0, Revision Number: {17C743D4-2178-4A3C-B19A-82FB0774992B}, Create Time/Date: Wed Aug 14 12:00:38 2024, Last Saved Time/Date: Wed Aug 14 12:00:38 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2","size":6266880,"md5":"7f7249f0db5c6a56d816702d78193f4b","sha1":"f1e8dac84704b3f8d71d3ce8e06109d2e27db6bf","sha256":"269fde175b7a4eb56584da565490d2b87014af5c4647515784372596fb1607a1","sha512":"7f5ce7042a5089e3899b8205cd44ef9daee50f52d5da2469e79be68857c46eac2672a1d84381cd08d3e3a479cbd676fad15a22f07c26a0a30e4600d1ca703c7c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-29","alert":"Detect files is `SliverFox` malware","trigger":"Unlock-Wizard_1.2.8_x86_en-US.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-29","alert":"Detect files is `SliverFox` malware","trigger":"Unlock-Wizard_1.2.8_x86_en-US.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mi-unlock.tech/build/Unlock-Wizard_1.2.8_x86_en-US.zip","fqdn":"mi-unlock.tech","domain":"mi-unlock.tech","tld":"tech"},"ip":{"addr":"104.21.75.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-29T19:37:42.084Z","timestamp":1730230662084,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mi-unlock.tech","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 27 Oct 2024 18:58:43 GMT","end":"Sat, 25 Jan 2025 18:58:42 GMT"},"fingerprint":{"sha1":"29:66:45:26:4B:08:8C:C6:4E:C8:9C:34:A1:2B:2B:EC:D7:CE:BC:9F","sha256":"ED:BF:2F:63:A5:94:9D:CE:E3:F6:03:ED:3E:B4:15:4F:D9:95:63:54:B6:3C:A4:45:EF:25:26:8A:00:2C:48:12"}}},"request":{"raw":"GET /build/Unlock-Wizard_1.2.8_x86_en-US.zip HTTP/1.1\r\nHost: mi-unlock.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 29 Oct 2024 19:37:42 GMT\r\ncontent-type: application/zip\r\ncontent-length: 5937788\r\nlast-modified: Wed, 14 Aug 2024 12:05:15 GMT\r\nvary: Accept-Encoding\r\netag: \"66bc9d7b-5a9a7c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncf-cache-status: HIT\r\nage: 431941\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=w22lHqqiDHJeYenWqr%2BL%2F%2FgwdfB5onfCLDTTxmQ3GEnqPKAbRxhp8aW8S%2FaQ00Qq2HoYjvrbsVI14F4WZA2QnvkTgAM%2FR775j2KhoLNnDklOuvUA7%2BXn1YvmOZ9PTYT72g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8da59f266f067127-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=16950\u0026sent=7\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3282\u0026recv_bytes=1272\u0026delivery_rate=257804\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=0cd53e20528f36e8\u0026ts=60\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5937788,"size_decoded":5937788,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"57651de8954eae823c3ad89f00f3a1c5","sha1":"9755234cc74c556e125ab14322960ceec3429134","sha256":"77e7ec9837ed97e793cbbca98d02bc85703da70dde14c88a8bec744a56bbcd79","sha512":"319cf73190d2a739302104657e9a6c6dcac70ecb5a47a91617c3a3a98334bb6caae12c7e0b58f3a04137da977f71e61ee6c89bbb72fab8af8cf1c3de8f610b7d","ssdeep":"98304:mvs50Uj3GHGgnQUMfT9TnBDylWowFSuO+8X0soTYOtvJKST+HEq92BrvMwaQgLeN:h+eGHtnng8f0ShpXpGYAwSSHE3FPVgLo","tlshash":"185633ca4601371eb1f1fb1b97ca98969decf3c16212ac71a3dd0ea3a18d478513c65e","first_seen":"2024-10-29T19:38:18.868376Z","last_seen":"2024-10-29T19:38:18.868376Z","times_seen":1,"resource_available":false,"data":null}},"time_used":573,"timings":{"blocked":60,"dns":1,"connect":17,"send":0,"wait":37,"receive":414,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}