Report - test.l1n3.net/tools/Up_Privileges/ReadPwd64.exe

Report Overview

Visitedpublic

2025-03-12 23:22:00

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
test.l1n3.net	unknown	2014-07-02	2019-12-18	2025-03-10	515 B	87 kB	47.75.55.165

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-03-12	medium	test.l1n3.net/tools/Up_Privileges/ReadPwd64.exe	Detects mimikatz icon in PE file

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

test.l1n3.net/tools/Up_Privileges/ReadPwd64.exe

IP / ASN

47.75.55.165

#45102 Alibaba US Technology Co., Ltd.

File Overview

File TypePE32+ executable (console) x86-64, for MS Windows, 5 sections

Size87 kB (87040 bytes)

MD5d6f3fef9e39b7b7f0e7b2d29f6cbb213

SHA104b2fab8b8e44a547b8e55ac51746e8b2eafdd6f

SHA25699ab43bf8a9934d01ba9ec6203c95e3c16e6c0dfc633538ab29795ba979b4adf

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mimikatz icon in PE file
VirusTotal	malicious	VirusTotal - Scan result 55/73
ClamAV	malicious	Win.Malware.Mimikatz-10034728-0

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET test.l1n3.net/tools/Up_Privileges/ReadPwd64.exe

47.75.55.165

200 OK

87 kB

URL User Request GET HTTPS

test.l1n3.net/tools/Up_Privileges/ReadPwd64.exe

IP / ASN

47.75.55.165

#45102 Alibaba US Technology Co., Ltd.

Requested byN/A

Resource Info

File typePE32+ executable (console) x86-64, for MS Windows, 5 sections

First Seen2023-08-10

Last Seen2025-03-12

Times Seen4

Size87 kB (87040 bytes)

MD5d6f3fef9e39b7b7f0e7b2d29f6cbb213

SHA104b2fab8b8e44a547b8e55ac51746e8b2eafdd6f

SHA25699ab43bf8a9934d01ba9ec6203c95e3c16e6c0dfc633538ab29795ba979b4adf

Certificate Info

IssuerLet's Encrypt

Subject*.l1n3.net

Fingerprint36:18:14:93:7A:4F:4D:DC:68:2E:A8:11:C0:0A:1E:34:61:F0:2F:A0

ValidityMon, 03 Mar 2025 15:09:19 GMT - Sun, 01 Jun 2025 15:09:18 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mimikatz icon in PE file
VirusTotal	malicious	VirusTotal - Scan result 55/73
ClamAV	malicious	Win.Malware.Mimikatz-10034728-0

HTTP Headers

GET /tools/Up_Privileges/ReadPwd64.exe HTTP/1.1
Host: test.l1n3.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 12 Mar 2025 23:21:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 05 Apr 2014 17:40:33 GMT
ETag: "15400-4f64f21936640"
Accept-Ranges: bytes
Content-Length: 87040
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program