Report - 45.45.238.213:2052/nut.exe

Report Overview

Visitedpublic

2024-08-08 06:58:53

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown				2.3 kB	6.2 kB	23.36.76.226
45.45.238.213:2052	unknown				396 B	3.3 MB	45.45.238.213

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-08 06:58:28	medium	Client IP	45.45.238.213	ET INFO Executable Download from dotted-quad Host
2024-08-08 06:58:28	medium	Client IP	45.45.238.213	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
2024-08-08 06:58:28	high	45.45.238.213	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2024-08-08 06:58:28	medium	45.45.238.213	Client IP	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-08	medium	45.45.238.213:2052/nut.exe	Detects QuasarRAT malware

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-08	medium	45.45.238.213	Sinkholed

ThreatFox

No alerts detected

File detected

URL

45.45.238.213:2052/nut.exe

IP / ASN

45.45.238.213

#400529 INFRALY-LLC

File Overview

File TypePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Size3.3 MB (3266048 bytes)

MD5232e7b89f4be6cbc0c706f8520b1c647

SHA1359e0860271fc42c64f2a94593515c4111be62b0

SHA256df1a4fc766fde3ad56195e192c5f0e33bd0ef088128cca6c95f10e3135669963

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects QuasarRAT malware
VirusTotal	malicious	VirusTotal - Scan result 59/74

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen21118

Size504 B (504 bytes)

MD575efd2f3585f3075b07d7001e610bf02

SHA1afeabc51586d1efe3d02337b8a43741c0d5a79b5

SHA25626b1b697a9cff033ffa5ef52c9261a48313b206b2093d4d0aa6a9d3e9d24ab15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26B1B697A9CFF033FFA5EF52C9261A48313B206B2093D4D0AA6A9D3E9D24AB15"
Last-Modified: Tue, 06 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5824
Expires: Thu, 08 Aug 2024 08:35:31 GMT
Date: Thu, 08 Aug 2024 06:58:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen21501

Size504 B (504 bytes)

MD5364e0d4e7956b61b144a82620b9fee26

SHA18d45d1cf6f1805ae7308ae92b1676839bcc84dc2

SHA256167eb76ed650b4d8ed7747252181955a5803628ec02ca02edfe509b1b403786b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "167EB76ED650B4D8ED7747252181955A5803628EC02CA02EDFE509B1B403786B"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6512
Expires: Thu, 08 Aug 2024 08:46:59 GMT
Date: Thu, 08 Aug 2024 06:58:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen36182

Size504 B (504 bytes)

MD5e7a128439c6dec237227cc4b883a2c99

SHA17794fc9e9bc964823a96cec60a2ec829dbce9919

SHA256f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18707
Expires: Thu, 08 Aug 2024 12:10:14 GMT
Date: Thu, 08 Aug 2024 06:58:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen28445

Size504 B (504 bytes)

MD5ad08a2764470070a728a228f5cca3296

SHA13e8d448130fe3c6ad6e88a0ff3dd170855740e6f

SHA256c508461997b3781963d5494bb2517544c6ad0b2a8029d1a1009a6bb3ff6b0fd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C508461997B3781963D5494BB2517544C6AD0B2A8029D1A1009A6BB3FF6B0FD7"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6522
Expires: Thu, 08 Aug 2024 08:47:09 GMT
Date: Thu, 08 Aug 2024 06:58:27 GMT
Connection: keep-alive

GET 45.45.238.213:2052/nut.exe

45.45.238.213

200 OK

3.3 MB

URL

45.45.238.213:2052/nut.exe

IP / ASN

45.45.238.213

#400529 INFRALY-LLC

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

First Seen2024-08-02

Last Seen2024-08-19

Times Seen4

Size3.3 MB (3266048 bytes)

MD5232e7b89f4be6cbc0c706f8520b1c647

SHA1359e0860271fc42c64f2a94593515c4111be62b0

SHA256df1a4fc766fde3ad56195e192c5f0e33bd0ef088128cca6c95f10e3135669963

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects QuasarRAT malware
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 59/74

HTTP Headers

GET /nut.exe HTTP/1.1
Host: 45.45.238.213:2052
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 06:58:28 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
Last-Modified: Sun, 11 Feb 2024 04:39:54 GMT
ETag: "31d600-61113c0aec93b"
Accept-Ranges: bytes
Content-Length: 3266048
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10178
Expires: Thu, 08 Aug 2024 09:48:07 GMT
Date: Thu, 08 Aug 2024 06:58:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10178
Expires: Thu, 08 Aug 2024 09:48:07 GMT
Date: Thu, 08 Aug 2024 06:58:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10178
Expires: Thu, 08 Aug 2024 09:48:07 GMT
Date: Thu, 08 Aug 2024 06:58:29 GMT
Connection: keep-alive