Report - github.com/M2TeamArchived/NSudo/releases/download/9.0-Preview1/NSudo_9.0_Preview1

Report Overview

Visitedpublic

2024-07-28 22:10:19

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
objects.githubusercontent.com	134060	2014-02-06	2021-11-01 22:34:29	2024-07-28 19:42:47	1.0 kB	861 kB	185.199.109.133
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-28 18:17:42	2.9 kB	8.0 kB	23.36.77.32
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-07-28 18:50:23	550 B	4.1 kB	140.82.121.3

Related reports

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-release-asset-2e65be/62206642/3c67cec3-1ee5-4338-ab84-a3e229db25c6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240728%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240728T220953Z&X-Amz-Expires=300&X-Amz-Signature=85e9a221b507870155a7a8864ce6f9ed6ac8a46a28152250e73c8305258c6554&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=62206642&response-content-disposition=attachment%3B%20filename%3DNSudo_9.0_Preview1_9.0.2676.0.zip&response-content-type=application%2Foctet-stream

IP / ASN

185.199.109.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size860 kB (860412 bytes)

MD53eb9aa45beea34797067b8b66038765f

SHA183bc83ca6bd388aec649d5f87be6db9b84cfd94b

SHA2562a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb

Archive (28)

Modified	Filename	Size	MD5	File type
2021-08-28 18:45	MoPlugin.dll	110 kB	4582f73b9581204be3019e79d76b8ea0	PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections
2020-08-03 03:16	NSudo.json	211 B	922322fab45a284dbb248760125dfb1c	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:44	NSudoAPI.dll	32 kB	edb1fd401371bf61a5a4628ecd96c3ab	PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections
2021-08-28 18:44	NSudoAPI.lib	2.1 kB	68014cbe004cc9e606dde1746c0d3891	current ar archive
2021-08-28 18:45	NSudoDM.dll	18 kB	a3a0e2aed7d020cbb4f9d3b26a8e1c8d	PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoLC.exe	108 kB	a025c4afcccf2eed65eaa8198bec1d43	PE32+ executable (console) Aarch64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoLG.exe	127 kB	c023269138388e0b726d805cf8423d10	PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoPluginHost.exe	126 kB	a51cc12a709ab0487800a0fed390b3d0	PE32+ executable (console) Aarch64, for MS Windows, 6 sections
2021-05-14 01:22	License.txt	3.0 kB	e1060bad75d78ac64475b5ec71304a33	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:51	MoPluginReadme.txt	4.7 kB	d3a2e39d0e248b323fdddac19be569e2	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:55	MoPluginReadme.zh-Hans.txt	4.3 kB	a7f9020af6fb39f4c7c96186749b25bf	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-26 20:59	People.txt	2.5 kB	fd31ce73229f35a874d0c9eb00054e0b	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:45	MoPlugin.dll	121 kB	964eb29cab522ed84bfb0fdc83415eee	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2020-08-03 03:16	NSudo.json	211 B	922322fab45a284dbb248760125dfb1c	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:44	NSudoAPI.dll	58 kB	f3b4d339bd862caf762f46ca46012b1a	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2021-08-28 18:44	NSudoAPI.lib	2.2 kB	3da581d1e6e9c850f606a49e440591a5	current ar archive
2021-08-28 18:45	NSudoDM.dll	22 kB	01c05ffcec63e010eec4425c304ed371	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
2021-08-28 18:45	NSudoLC.exe	130 kB	3360efb5c779c805b7d76fd1e1ee558a	PE32 executable (console) Intel 80386, for MS Windows, 5 sections
2021-08-28 18:45	NSudoLG.exe	143 kB	44be11477673baa42c7fa7423e8f4604	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
2021-08-28 18:45	NSudoPluginHost.exe	134 kB	5c37b866005b8be068a770eb43cfdbd0	PE32 executable (console) Intel 80386, for MS Windows, 5 sections
2021-08-28 18:45	MoPlugin.dll	152 kB	6ca5613a2922aa18db0fd8447ce4cb72	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2020-08-03 03:16	NSudo.json	211 B	922322fab45a284dbb248760125dfb1c	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2021-08-28 18:44	NSudoAPI.dll	84 kB	9d9a41e709e9b012b6b26730b534f9f0	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2021-08-28 18:44	NSudoAPI.lib	2.1 kB	43f9401418abfec6f70dc64c031c0be6	current ar archive
2021-08-28 18:45	NSudoDM.dll	29 kB	4405400efe515575ca6f4f254e402826	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoLC.exe	161 kB	e8d3152fbb5c7e8d585ca3adb6caa9a0	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoLG.exe	178 kB	423129ddb24fb923f35b2dd5787b13dd	PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
2021-08-28 18:45	NSudoPluginHost.exe	175 kB	195f5bc708848ebe6eb01b0c4bed3370	PE32+ executable (console) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 11/68

JavaScript (0)

HTTP Transactions (11)

	URL	IP	Response	Size