{"report_id":"64bfc436-7cd0-4cfc-9c5a-266d1bc9a407","version":6,"status":"done","tags":[],"date":"2024-11-29T20:58:16Z","url":{"schema":"http","addr":"www.qqqmy.com/GMBuild/V1.1.exe","fqdn":"www.qqqmy.com","domain":"qqqmy.com","tld":"com"},"ip":{"addr":"8.217.48.27","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T20:58:16Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.qqqmy.com","ip":{"addr":"8.217.48.27","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2020-03-11","domain_rank":0,"first_seen":"2021-09-19T03:35:29Z","last_seen":"2024-11-28T01:59:35.444106Z","alert_count":2,"request_count":1,"received_data":2040098,"sent_data":484,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"7b1d21282a65bac0410541f7466c7038","sha1":"9a1010aba1b23ba1e118c8cd29fff8ecd39431d9","sha256":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","sha512":"5a5c4896af0095067e88e0b0d844115df59cc9b25d01d8ee541e88666c15448d1d3dd2dd7796a438616db10016e84450ebd1fd2441b47277f74a3098ed2629c3","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":2039808,"url":{"schema":"https","addr":"www.qqqmy.com/GMBuild/V1.1.exe","fqdn":"www.qqqmy.com","domain":"qqqmy.com","tld":"com"},"ip":{"addr":"8.217.48.27","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","trigger":"www.qqqmy.com/GMBuild/V1.1.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"23.11.14","description":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","hash":"c589e6fd48cfca99d6335e720f516e163f6f3f42","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"ASPack_ASPACK","score":"60"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 54/69","trigger":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","verdict":"malicious","severity":"","comment":"malicious - 54/69","link":"https://www.virustotal.com/gui/file/e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"7b1d21282a65bac0410541f7466c7038","sha1":"9a1010aba1b23ba1e118c8cd29fff8ecd39431d9","sha256":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","sha512":"5a5c4896af0095067e88e0b0d844115df59cc9b25d01d8ee541e88666c15448d1d3dd2dd7796a438616db10016e84450ebd1fd2441b47277f74a3098ed2629c3","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":2039808,"url":{"schema":"https","addr":"www.qqqmy.com/GMBuild/V1.1.exe","fqdn":"www.qqqmy.com","domain":"qqqmy.com","tld":"com"},"ip":{"addr":"8.217.48.27","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","trigger":"www.qqqmy.com/GMBuild/V1.1.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"23.11.14","description":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","hash":"c589e6fd48cfca99d6335e720f516e163f6f3f42","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"ASPack_ASPACK","score":"60"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 54/69","trigger":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","verdict":"malicious","severity":"","comment":"malicious - 54/69","link":"https://www.virustotal.com/gui/file/e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","trigger":"www.qqqmy.com/GMBuild/V1.1.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"23.11.14","description":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","hash":"c589e6fd48cfca99d6335e720f516e163f6f3f42","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"ASPack_ASPACK","score":"60"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.qqqmy.com/GMBuild/V1.1.exe","fqdn":"www.qqqmy.com","domain":"qqqmy.com","tld":"com"},"ip":{"addr":"8.217.48.27","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T20:57:51.120Z","timestamp":1732913871120,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.qqqmy.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Nov 2024 02:06:47 GMT","end":"Sun, 02 Feb 2025 02:06:46 GMT"},"fingerprint":{"sha1":"13:2F:74:EC:1A:7B:4D:4B:21:2E:24:E6:52:43:13:0F:FE:46:FA:A6","sha256":"A4:71:EB:BF:D4:B0:EC:84:69:1A:31:5D:10:63:F2:8D:7A:FD:D6:93:C5:B2:26:E3:EA:86:76:82:E2:6E:02:CA"}}},"request":{"raw":"GET /GMBuild/V1.1.exe HTTP/1.1\r\nHost: www.qqqmy.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 Nov 2024 20:57:52 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 2039808\r\nlast-modified: Thu, 23 Feb 2023 03:37:33 GMT\r\netag: \"63f6df7d-1f2000\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2039808,"size_decoded":2039808,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","md5":"7b1d21282a65bac0410541f7466c7038","sha1":"9a1010aba1b23ba1e118c8cd29fff8ecd39431d9","sha256":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","sha512":"5a5c4896af0095067e88e0b0d844115df59cc9b25d01d8ee541e88666c15448d1d3dd2dd7796a438616db10016e84450ebd1fd2441b47277f74a3098ed2629c3","ssdeep":"49152:1gUnBMcau+dNTDwUdR9xdMG5XedEwymQ+gt9wGP9atvVRVuqjXlPah3vj2vg212R:OBVv39YH43","tlshash":"4d95e05877b3de60c491c63051b396f5aa22ee11c9e257c7a5c07f0c5fbe42cab291ac","first_seen":"2023-04-15T00:55:23Z","last_seen":"2025-01-01T12:22:32.824649Z","times_seen":31,"resource_available":false,"data":null}},"time_used":4865,"timings":{"blocked":1052,"dns":207,"connect":340,"send":0,"wait":679,"receive":2082,"ssl":503},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","trigger":"www.qqqmy.com/GMBuild/V1.1.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"23.11.14","description":"Disclosed hacktool set (old stuff) - file ASPACK.EXE","hash":"c589e6fd48cfca99d6335e720f516e163f6f3f42","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"ASPack_ASPACK","score":"60"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 54/69","trigger":"e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","verdict":"malicious","severity":"","comment":"malicious - 54/69","link":"https://www.virustotal.com/gui/file/e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e","meta":null}],"urlquery":null}}]}