{"report_id":"68701958-2c9d-40bb-a6bf-946df26d0e2a","version":6,"status":"done","tags":[],"date":"2024-11-29T16:19:08Z","url":{"schema":"http","addr":"breminantores.shop/work/yyy.zip","fqdn":"breminantores.shop","domain":"breminantores.shop","tld":"shop"},"ip":{"addr":"79.141.173.57","port":0,"asn":202015,"as":"HZ Hosting Ltd","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T16:19:08Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"breminantores.shop","ip":{"addr":"79.141.173.57","port":443,"asn":202015,"as":"HZ Hosting Ltd","country":"United States","country_code":"US"},"domain_registered":"2024-03-27","domain_rank":0,"first_seen":"2024-11-29T16:19:09.081233Z","last_seen":"2024-11-29T16:19:09.081233Z","alert_count":1,"request_count":1,"received_data":2835637,"sent_data":485,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"c605708ea216cb2bf2e9eb9d3bc2b169","sha1":"cac029f86f2c6ca4dc6234e0550c08128189fcbb","sha256":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","sha512":"6cab28ecd9800b29421b850a91fa5743fdb2efc5332a6ed2e511d8e3db58638ca38a4a5ac2a787ad775e91a0a4fe68d6719b2ca955c623ab4914d9660e55d052","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2835341,"url":{"schema":"https","addr":"breminantores.shop/work/yyy.zip","fqdn":"breminantores.shop","domain":"breminantores.shop","tld":"shop"},"ip":{"addr":"79.141.173.57","port":443,"asn":202015,"as":"HZ Hosting Ltd","country":"United States","country_code":"US"},"archive":[{"path":"LogoCanary.png","filename":"LogoCanary.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":28016,"md5":"ef8a81d1e1070f20ce809cca75588612","sha1":"2eb8ca5797859d8f6642878215f5a89887964f1c","sha256":"6f2f599bc3e34e11072ce7ddbab2d484371563f0bc79de785df075db5e17ae1b","sha512":"7e94a94b30ce3657d6fd0f4f6078e01c655e13a0b8bce4b0331eb7d50ff2639dad578c059ea5804aa60cd0f7bf181f46cfc9e5a7755405769139065b7bc2b444","alerts":{"urlquery":null,"analyzer":null}},{"path":"LogoDev.png","filename":"LogoDev.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":24504,"md5":"b8f553fbd3dc34b58bc77a705711023d","sha1":"4ab1052f906fda96f877e398426da5646574c878","sha256":"2761c60263a2919b856915bdd2a0604b7f0e56e59d893ab13cccef2b7c967229","sha512":"15a1df0dbb06b4bb64a2b8cd7ad22578292d5ecdec64303350e027f9f87fa8a825cb1cc97f94862d8c235c85b0c79a4feabfb89d9e0b77be62aab25785122a60","alerts":{"urlquery":null,"analyzer":null}},{"path":"msvcr100.dll","filename":"msvcr100.dll","modified":"","Modified":"2015-04-24T02:27:28+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections","size":773968,"md5":"0e37fbfa79d349d672456923ec5fbbe3","sha1":"4e880fc7625ccf8d9ca799d5b94ce2b1e7597335","sha256":"8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18","sha512":"2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630","alerts":{"urlquery":null,"analyzer":null}},{"path":"nskbfltr.inf","filename":"nskbfltr.inf","modified":"","Modified":"2007-07-06T00:07:32+04:00","magic":"Windows setup INFormation","size":328,"md5":"26e28c01461f7e65c402bdf09923d435","sha1":"1d9b5cfcc30436112a7e31d5e4624f52e845c573","sha256":"d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368","sha512":"c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"NSM.ini","filename":"NSM.ini","modified":"","Modified":"2015-04-30T04:47:52+03:00","magic":"Generic INItialization configuration [Features]","size":6458,"md5":"88b1dab8f4fd1ae879685995c90bd902","sha1":"3d23fb4036dc17fa4bee27e3e2a56ff49beed59d","sha256":"60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92","sha512":"4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047","alerts":{"urlquery":null,"analyzer":null}},{"path":"NSM.LIC","filename":"NSM.LIC","modified":"","Modified":"2022-09-27T11:05:33+03:00","magic":"ASCII text, with CRLF line terminators","size":195,"md5":"e9609072de9c29dc1963be208948ba44","sha1":"03bbe27d0d1ba651ff43363587d3d6d2e170060f","sha256":"dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747","sha512":"f0e26aa63b0c7f1b31074b9d6eef88d0cfbc467f86b12205cb539a45b0352e77ce2f99f29baeab58960a197714e72289744143ba17975699d058fe75d978dfd0","alerts":{"urlquery":null,"analyzer":null}},{"path":"nsm_vpro.ini","filename":"nsm_vpro.ini","modified":"","Modified":"2010-04-27T04:26:38+04:00","magic":"ASCII text, with CRLF line terminators","size":46,"md5":"3be27483fdcdbf9ebae93234785235e3","sha1":"360b61fe19cdc1afb2b34d8c25d8b88a4c843a82","sha256":"4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b","sha512":"edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5","alerts":{"urlquery":null,"analyzer":null}},{"path":"pcicapi.dll","filename":"pcicapi.dll","modified":"","Modified":"2016-12-06T22:07:24+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":33144,"md5":"34dfb87e4200d852d1fb45dc48f93cfc","sha1":"35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641","sha256":"2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","sha512":"f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-30","alert":"Scan result 7/73","trigger":"2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","verdict":"suspicious","severity":"","comment":"suspicious - 7/73","link":"https://www.virustotal.com/gui/file/2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","meta":null}]}},{"path":"PCICHEK.DLL","filename":"PCICHEK.DLL","modified":"","Modified":"2016-12-06T22:07:30+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":18808,"md5":"104b30fef04433a2d2fd1d5f99f179fe","sha1":"ecb08e224a2f2772d1e53675bedc4b2c50485a41","sha256":"956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","sha512":"5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-17","alert":"Scan result 6/71","trigger":"956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","verdict":"suspicious","severity":"","comment":"suspicious - 6/71","link":"https://www.virustotal.com/gui/file/956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","meta":null}]}},{"path":"PCICL32.DLL","filename":"PCICL32.DLL","modified":"","Modified":"2016-12-06T22:07:36+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections","size":3740024,"md5":"d3d39180e85700f72aaae25e40c125ff","sha1":"f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15","sha256":"38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","sha512":"471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-30","alert":"Scan result 24/73","trigger":"38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","verdict":"malicious","severity":"","comment":"malicious - 24/73","link":"https://www.virustotal.com/gui/file/38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","meta":null}]}},{"path":"remcmdstub.exe","filename":"remcmdstub.exe","modified":"","Modified":"2016-12-06T22:02:00+03:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":63864,"md5":"6fca49b85aa38ee016e39e14b9f9d6d9","sha1":"b0d689c70e91d5600ccc2a4e533ff89bf4ca388b","sha256":"fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","sha512":"f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-15","alert":"Scan result 24/73","trigger":"fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","verdict":"malicious","severity":"","comment":"malicious - 24/73","link":"https://www.virustotal.com/gui/file/fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","meta":null}]}},{"path":"TCCTL32.DLL","filename":"TCCTL32.DLL","modified":"","Modified":"2016-12-06T22:10:24+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":396664,"md5":"2c88d947a5794cf995d2f465f1cb9d10","sha1":"c0ff9ea43771d712fe1878dbb6b9d7a201759389","sha256":"2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","sha512":"e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-20","alert":"Scan result 4/73","trigger":"2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","verdict":"suspicious","severity":"","comment":"suspicious - 4/73","link":"https://www.virustotal.com/gui/file/2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","meta":null}]}},{"path":"client32.exe","filename":"client32.exe","modified":"","Modified":"2023-10-23T18:32:56+03:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":103824,"md5":"c4f1b50e3111d29774f7525039ff7086","sha1":"57539c95cba0986ec8df0fcdea433e7c71b724c6","sha256":"18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","sha512":"005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-13","alert":"Scan result 28/73","trigger":"18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","verdict":"malicious","severity":"","comment":"malicious - 28/73","link":"https://www.virustotal.com/gui/file/18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","meta":null}]}},{"path":"client32.ini","filename":"client32.ini","modified":"","Modified":"2024-11-21T19:01:23+03:00","magic":"ASCII text, with CRLF line terminators","size":671,"md5":"1f3911aa581f74218174a75d1d44aebe","sha1":"67cac52f8457c77a93338109d6615145d1148e17","sha256":"010dc2cdbdbca9199aca04a93165259b48bbacaafd142d0597e2b168b0c7809e","sha512":"c5d825bcd2c44f8e83ef1b3a0f185f93c23e365cff55051231c676fc5b68dbf50ef7a6a466e1b2fd3b3c942b68270207e08eb18aba04e768226419c8054ad30f","alerts":{"urlquery":null,"analyzer":null}},{"path":"temp/8C071BA874B720F3s","filename":"8C071BA874B720F3s","modified":"","Modified":"2024-11-25T09:46:52+03:00","magic":"data","size":8236,"md5":"309f8bce98c7817958ee879032e1e2d2","sha1":"0a9502655504fba12668121c800eda9b31993c60","sha256":"6d8118143385273472ba114b0443a7b853f49589751454d55b92008ae1bbff83","sha512":"e8c05a47dbf4d588991dab47ea98cd25d3a74c599929cf8973656aaf83ae2e5b5b4383284d20b5f526424a0f95d487672631acb93ebb612c7d7700ea2450ff1e","alerts":{"urlquery":null,"analyzer":null}},{"path":"temp/quit_2.ico","filename":"quit_2.ico","modified":"","Modified":"2024-10-25T09:58:53+03:00","magic":"MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 32x32 with \n- PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","size":1823,"md5":"cf7a50a53e98a83f59afa2c605126a34","sha1":"39ce4058caf1fbecca3661bb5167f5fe7825da01","sha256":"6f1c7082e5d786e1d6da082333a00cf6f0105d976877afd2c39e40bf84be640a","sha512":"312fdedac9538c40ff22f8819cefd0d9ca46009c3bb79970d2c912de0ab18039d335a5f6d146632d8ab06b3e1e99862ab0ca448e05a78648f177f6f4e660463b","alerts":{"urlquery":null,"analyzer":null}},{"path":"cAlient32.ini","filename":"cAlient32.ini","modified":"","Modified":"2024-07-24T20:05:45+03:00","magic":"ASCII text, with CRLF line terminators","size":361,"md5":"5d270b8ddcedf2b95c83b6824fbf9aa0","sha1":"24e9c2d60951b87710c6e6c9572001be57c3e6bc","sha256":"903367aa75a70cfb9d6ac0d985c11a7c7dfbf8c57f480820e869dbeefbcf3363","sha512":"8464d9f3582fcf3312e0f6c8157e56e10fd4651e1e1c8e5240465f44f7cddb70465f50ec6cd40d7c27892d6bddb7e519de5179f5fa17927c359f2ae669e347a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"HTCTL32.DLL","filename":"HTCTL32.DLL","modified":"","Modified":"2016-12-06T22:03:54+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":328056,"md5":"c94005d2dcd2a54e40510344e0bb9435","sha1":"55b4a1620c5d0113811242c20bd9870a1e31d542","sha256":"3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","sha512":"2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-09","alert":"Scan result 8/73","trigger":"3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","verdict":"suspicious","severity":"","comment":"suspicious - 8/73","link":"https://www.virustotal.com/gui/file/3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","meta":null}]}},{"path":"install_state.json","filename":"install_state.json","modified":"","Modified":"2024-06-30T14:09:33+03:00","magic":"ASCII text, with CRLF, LF line terminators","size":1794,"md5":"3f78a0569c858ad26452633157103095","sha1":"8119bcc1d66b17ccd286fef396fa48594188c4d0","sha256":"d53fc339533d39f413ddd29a69ade19f2972383db8fb8938d77d2e79c8573f36","sha512":"89842e39703970108135d71ce4c039df19c18f04c280cb2516409758f9d22e0205567b08dbe527a6fb7c295bda2ea8ee6a368d6fcaf6fb59645d31ef2243ad3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Logo.png","filename":"Logo.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":28131,"md5":"7fd31ab02a460425b02424d88516e231","sha1":"69d6c2e823eb4a4b4714e3e454316cca6465ed9e","sha256":"d5ff2f45dd0e5cdc6fbffd3f5fa9098676d46f8aafd74d6d52d298231d6dc394","sha512":"c02b3a0b99d426ab2b37fd6a97b0f72624622d71af7f923e2057ca533b58cefb006f2562ea7554031fc5eaa779e748918ecf2029779e80a1b73332637c63bab8","alerts":{"urlquery":null,"analyzer":null}},{"path":"LogoBeta.png","filename":"LogoBeta.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":24214,"md5":"550183b3229a2868fe3b6bfd87b2f526","sha1":"a90239bfb7562b868d4a60981c146ec4e12f98d1","sha256":"d172d5ce446919158db1c30a2dc2e215112ae6ec0611ddc3df99476cacf0f16d","sha512":"d3384c5e0d3a51f720b76eddf05dbe5e9de75cca821521a5ecef0ecdc3ee6a19f1584984aaee136c97afe5adac13e73dceab9e76174c7bad4b330b0f8756fff3","alerts":{"urlquery":null,"analyzer":null}},{"path":"ie_to_edge_bho.dll","filename":"ie_to_edge_bho.dll","modified":"","Modified":"2024-11-25T20:52:11+03:00","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":448592,"md5":"c071066e7ea9074f7e951f0f1c9faa9a","sha1":"921bd559e21cbc720dd1e7ab539dc5ce6b676de3","sha256":"9f87977f94a8c48f143af8401845a839484ac0cb58847a693cbb7809c846496f","sha512":"c436b2e4f0e39896a548b12eb6294f38197da7099b712f07fa5b4f44d95b94ab3bc8b1182e4769538a42bdb65931ab94f5ff09650df4cfb13ea3dd30e4becda7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"ie_to_edge_bho_64.dll","filename":"ie_to_edge_bho_64.dll","modified":"","Modified":"2024-11-25T20:52:11+03:00","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":574528,"md5":"c8b97c8af7c0d95242a90528050c2c0b","sha1":"617b9519db8af27eaa8bdb1287c15f648e9d36af","sha256":"487d9995f0fa52154be24c422e74488a059c46b8e9e21e8a751d7d76ab632975","sha512":"33242667f3f59d12f3f4a965f57552981513566dd273869be3a48bca5ad93d18d90261f5752f8ab8b1f801dd59e28deb2787f1bb03a813e16c88e8830bf1d3c8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho_64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho_64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 36/67","trigger":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","verdict":"malicious","severity":"","comment":"malicious - 36/67","link":"https://www.virustotal.com/gui/file/f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"c605708ea216cb2bf2e9eb9d3bc2b169","sha1":"cac029f86f2c6ca4dc6234e0550c08128189fcbb","sha256":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","sha512":"6cab28ecd9800b29421b850a91fa5743fdb2efc5332a6ed2e511d8e3db58638ca38a4a5ac2a787ad775e91a0a4fe68d6719b2ca955c623ab4914d9660e55d052","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2835341,"url":{"schema":"https","addr":"breminantores.shop/work/yyy.zip","fqdn":"breminantores.shop","domain":"breminantores.shop","tld":"shop"},"ip":{"addr":"79.141.173.57","port":443,"asn":202015,"as":"HZ Hosting Ltd","country":"United States","country_code":"US"},"archive":[{"path":"LogoCanary.png","filename":"LogoCanary.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":28016,"md5":"ef8a81d1e1070f20ce809cca75588612","sha1":"2eb8ca5797859d8f6642878215f5a89887964f1c","sha256":"6f2f599bc3e34e11072ce7ddbab2d484371563f0bc79de785df075db5e17ae1b","sha512":"7e94a94b30ce3657d6fd0f4f6078e01c655e13a0b8bce4b0331eb7d50ff2639dad578c059ea5804aa60cd0f7bf181f46cfc9e5a7755405769139065b7bc2b444","alerts":{"urlquery":null,"analyzer":null}},{"path":"LogoDev.png","filename":"LogoDev.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":24504,"md5":"b8f553fbd3dc34b58bc77a705711023d","sha1":"4ab1052f906fda96f877e398426da5646574c878","sha256":"2761c60263a2919b856915bdd2a0604b7f0e56e59d893ab13cccef2b7c967229","sha512":"15a1df0dbb06b4bb64a2b8cd7ad22578292d5ecdec64303350e027f9f87fa8a825cb1cc97f94862d8c235c85b0c79a4feabfb89d9e0b77be62aab25785122a60","alerts":{"urlquery":null,"analyzer":null}},{"path":"msvcr100.dll","filename":"msvcr100.dll","modified":"","Modified":"2015-04-24T02:27:28+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections","size":773968,"md5":"0e37fbfa79d349d672456923ec5fbbe3","sha1":"4e880fc7625ccf8d9ca799d5b94ce2b1e7597335","sha256":"8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18","sha512":"2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630","alerts":{"urlquery":null,"analyzer":null}},{"path":"nskbfltr.inf","filename":"nskbfltr.inf","modified":"","Modified":"2007-07-06T00:07:32+04:00","magic":"Windows setup INFormation","size":328,"md5":"26e28c01461f7e65c402bdf09923d435","sha1":"1d9b5cfcc30436112a7e31d5e4624f52e845c573","sha256":"d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368","sha512":"c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"NSM.ini","filename":"NSM.ini","modified":"","Modified":"2015-04-30T04:47:52+03:00","magic":"Generic INItialization configuration [Features]","size":6458,"md5":"88b1dab8f4fd1ae879685995c90bd902","sha1":"3d23fb4036dc17fa4bee27e3e2a56ff49beed59d","sha256":"60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92","sha512":"4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047","alerts":{"urlquery":null,"analyzer":null}},{"path":"NSM.LIC","filename":"NSM.LIC","modified":"","Modified":"2022-09-27T11:05:33+03:00","magic":"ASCII text, with CRLF line terminators","size":195,"md5":"e9609072de9c29dc1963be208948ba44","sha1":"03bbe27d0d1ba651ff43363587d3d6d2e170060f","sha256":"dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747","sha512":"f0e26aa63b0c7f1b31074b9d6eef88d0cfbc467f86b12205cb539a45b0352e77ce2f99f29baeab58960a197714e72289744143ba17975699d058fe75d978dfd0","alerts":{"urlquery":null,"analyzer":null}},{"path":"nsm_vpro.ini","filename":"nsm_vpro.ini","modified":"","Modified":"2010-04-27T04:26:38+04:00","magic":"ASCII text, with CRLF line terminators","size":46,"md5":"3be27483fdcdbf9ebae93234785235e3","sha1":"360b61fe19cdc1afb2b34d8c25d8b88a4c843a82","sha256":"4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b","sha512":"edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5","alerts":{"urlquery":null,"analyzer":null}},{"path":"pcicapi.dll","filename":"pcicapi.dll","modified":"","Modified":"2016-12-06T22:07:24+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":33144,"md5":"34dfb87e4200d852d1fb45dc48f93cfc","sha1":"35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641","sha256":"2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","sha512":"f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-30","alert":"Scan result 7/73","trigger":"2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","verdict":"suspicious","severity":"","comment":"suspicious - 7/73","link":"https://www.virustotal.com/gui/file/2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703","meta":null}]}},{"path":"PCICHEK.DLL","filename":"PCICHEK.DLL","modified":"","Modified":"2016-12-06T22:07:30+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":18808,"md5":"104b30fef04433a2d2fd1d5f99f179fe","sha1":"ecb08e224a2f2772d1e53675bedc4b2c50485a41","sha256":"956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","sha512":"5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-17","alert":"Scan result 6/71","trigger":"956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","verdict":"suspicious","severity":"","comment":"suspicious - 6/71","link":"https://www.virustotal.com/gui/file/956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd","meta":null}]}},{"path":"PCICL32.DLL","filename":"PCICL32.DLL","modified":"","Modified":"2016-12-06T22:07:36+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections","size":3740024,"md5":"d3d39180e85700f72aaae25e40c125ff","sha1":"f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15","sha256":"38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","sha512":"471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-30","alert":"Scan result 24/73","trigger":"38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","verdict":"malicious","severity":"","comment":"malicious - 24/73","link":"https://www.virustotal.com/gui/file/38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5","meta":null}]}},{"path":"remcmdstub.exe","filename":"remcmdstub.exe","modified":"","Modified":"2016-12-06T22:02:00+03:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":63864,"md5":"6fca49b85aa38ee016e39e14b9f9d6d9","sha1":"b0d689c70e91d5600ccc2a4e533ff89bf4ca388b","sha256":"fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","sha512":"f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-15","alert":"Scan result 24/73","trigger":"fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","verdict":"malicious","severity":"","comment":"malicious - 24/73","link":"https://www.virustotal.com/gui/file/fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814","meta":null}]}},{"path":"TCCTL32.DLL","filename":"TCCTL32.DLL","modified":"","Modified":"2016-12-06T22:10:24+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":396664,"md5":"2c88d947a5794cf995d2f465f1cb9d10","sha1":"c0ff9ea43771d712fe1878dbb6b9d7a201759389","sha256":"2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","sha512":"e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-20","alert":"Scan result 4/73","trigger":"2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","verdict":"suspicious","severity":"","comment":"suspicious - 4/73","link":"https://www.virustotal.com/gui/file/2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e","meta":null}]}},{"path":"client32.exe","filename":"client32.exe","modified":"","Modified":"2023-10-23T18:32:56+03:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":103824,"md5":"c4f1b50e3111d29774f7525039ff7086","sha1":"57539c95cba0986ec8df0fcdea433e7c71b724c6","sha256":"18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","sha512":"005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-13","alert":"Scan result 28/73","trigger":"18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","verdict":"malicious","severity":"","comment":"malicious - 28/73","link":"https://www.virustotal.com/gui/file/18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d","meta":null}]}},{"path":"client32.ini","filename":"client32.ini","modified":"","Modified":"2024-11-21T19:01:23+03:00","magic":"ASCII text, with CRLF line terminators","size":671,"md5":"1f3911aa581f74218174a75d1d44aebe","sha1":"67cac52f8457c77a93338109d6615145d1148e17","sha256":"010dc2cdbdbca9199aca04a93165259b48bbacaafd142d0597e2b168b0c7809e","sha512":"c5d825bcd2c44f8e83ef1b3a0f185f93c23e365cff55051231c676fc5b68dbf50ef7a6a466e1b2fd3b3c942b68270207e08eb18aba04e768226419c8054ad30f","alerts":{"urlquery":null,"analyzer":null}},{"path":"temp/8C071BA874B720F3s","filename":"8C071BA874B720F3s","modified":"","Modified":"2024-11-25T09:46:52+03:00","magic":"data","size":8236,"md5":"309f8bce98c7817958ee879032e1e2d2","sha1":"0a9502655504fba12668121c800eda9b31993c60","sha256":"6d8118143385273472ba114b0443a7b853f49589751454d55b92008ae1bbff83","sha512":"e8c05a47dbf4d588991dab47ea98cd25d3a74c599929cf8973656aaf83ae2e5b5b4383284d20b5f526424a0f95d487672631acb93ebb612c7d7700ea2450ff1e","alerts":{"urlquery":null,"analyzer":null}},{"path":"temp/quit_2.ico","filename":"quit_2.ico","modified":"","Modified":"2024-10-25T09:58:53+03:00","magic":"MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 32x32 with \n- PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","size":1823,"md5":"cf7a50a53e98a83f59afa2c605126a34","sha1":"39ce4058caf1fbecca3661bb5167f5fe7825da01","sha256":"6f1c7082e5d786e1d6da082333a00cf6f0105d976877afd2c39e40bf84be640a","sha512":"312fdedac9538c40ff22f8819cefd0d9ca46009c3bb79970d2c912de0ab18039d335a5f6d146632d8ab06b3e1e99862ab0ca448e05a78648f177f6f4e660463b","alerts":{"urlquery":null,"analyzer":null}},{"path":"cAlient32.ini","filename":"cAlient32.ini","modified":"","Modified":"2024-07-24T20:05:45+03:00","magic":"ASCII text, with CRLF line terminators","size":361,"md5":"5d270b8ddcedf2b95c83b6824fbf9aa0","sha1":"24e9c2d60951b87710c6e6c9572001be57c3e6bc","sha256":"903367aa75a70cfb9d6ac0d985c11a7c7dfbf8c57f480820e869dbeefbcf3363","sha512":"8464d9f3582fcf3312e0f6c8157e56e10fd4651e1e1c8e5240465f44f7cddb70465f50ec6cd40d7c27892d6bddb7e519de5179f5fa17927c359f2ae669e347a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"HTCTL32.DLL","filename":"HTCTL32.DLL","modified":"","Modified":"2016-12-06T22:03:54+03:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":328056,"md5":"c94005d2dcd2a54e40510344e0bb9435","sha1":"55b4a1620c5d0113811242c20bd9870a1e31d542","sha256":"3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","sha512":"2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-09","alert":"Scan result 8/73","trigger":"3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","verdict":"suspicious","severity":"","comment":"suspicious - 8/73","link":"https://www.virustotal.com/gui/file/3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899","meta":null}]}},{"path":"install_state.json","filename":"install_state.json","modified":"","Modified":"2024-06-30T14:09:33+03:00","magic":"ASCII text, with CRLF, LF line terminators","size":1794,"md5":"3f78a0569c858ad26452633157103095","sha1":"8119bcc1d66b17ccd286fef396fa48594188c4d0","sha256":"d53fc339533d39f413ddd29a69ade19f2972383db8fb8938d77d2e79c8573f36","sha512":"89842e39703970108135d71ce4c039df19c18f04c280cb2516409758f9d22e0205567b08dbe527a6fb7c295bda2ea8ee6a368d6fcaf6fb59645d31ef2243ad3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Logo.png","filename":"Logo.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":28131,"md5":"7fd31ab02a460425b02424d88516e231","sha1":"69d6c2e823eb4a4b4714e3e454316cca6465ed9e","sha256":"d5ff2f45dd0e5cdc6fbffd3f5fa9098676d46f8aafd74d6d52d298231d6dc394","sha512":"c02b3a0b99d426ab2b37fd6a97b0f72624622d71af7f923e2057ca533b58cefb006f2562ea7554031fc5eaa779e748918ecf2029779e80a1b73332637c63bab8","alerts":{"urlquery":null,"analyzer":null}},{"path":"LogoBeta.png","filename":"LogoBeta.png","modified":"","Modified":"2024-07-15T20:35:20+03:00","magic":"PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced","size":24214,"md5":"550183b3229a2868fe3b6bfd87b2f526","sha1":"a90239bfb7562b868d4a60981c146ec4e12f98d1","sha256":"d172d5ce446919158db1c30a2dc2e215112ae6ec0611ddc3df99476cacf0f16d","sha512":"d3384c5e0d3a51f720b76eddf05dbe5e9de75cca821521a5ecef0ecdc3ee6a19f1584984aaee136c97afe5adac13e73dceab9e76174c7bad4b330b0f8756fff3","alerts":{"urlquery":null,"analyzer":null}},{"path":"ie_to_edge_bho.dll","filename":"ie_to_edge_bho.dll","modified":"","Modified":"2024-11-25T20:52:11+03:00","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":448592,"md5":"c071066e7ea9074f7e951f0f1c9faa9a","sha1":"921bd559e21cbc720dd1e7ab539dc5ce6b676de3","sha256":"9f87977f94a8c48f143af8401845a839484ac0cb58847a693cbb7809c846496f","sha512":"c436b2e4f0e39896a548b12eb6294f38197da7099b712f07fa5b4f44d95b94ab3bc8b1182e4769538a42bdb65931ab94f5ff09650df4cfb13ea3dd30e4becda7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"ie_to_edge_bho_64.dll","filename":"ie_to_edge_bho_64.dll","modified":"","Modified":"2024-11-25T20:52:11+03:00","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":574528,"md5":"c8b97c8af7c0d95242a90528050c2c0b","sha1":"617b9519db8af27eaa8bdb1287c15f648e9d36af","sha256":"487d9995f0fa52154be24c422e74488a059c46b8e9e21e8a751d7d76ab632975","sha512":"33242667f3f59d12f3f4a965f57552981513566dd273869be3a48bca5ad93d18d90261f5752f8ab8b1f801dd59e28deb2787f1bb03a813e16c88e8830bf1d3c8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho_64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"ie_to_edge_bho_64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 36/67","trigger":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","verdict":"malicious","severity":"","comment":"malicious - 36/67","link":"https://www.virustotal.com/gui/file/f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"breminantores.shop/work/yyy.zip","fqdn":"breminantores.shop","domain":"breminantores.shop","tld":"shop"},"ip":{"addr":"79.141.173.57","port":443,"asn":202015,"as":"HZ Hosting Ltd","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T16:18:42.732Z","timestamp":1732897122732,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"breminantores.shop","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Nov 2024 11:12:43 GMT","end":"Thu, 27 Feb 2025 11:12:42 GMT"},"fingerprint":{"sha1":"34:FA:2F:4C:12:E7:D7:C8:DB:F7:3C:85:CF:ED:72:D4:39:AA:BF:15","sha256":"AC:23:12:9A:F9:89:06:9E:63:91:8D:25:E9:B8:52:A3:7D:47:40:61:10:B2:EF:7A:2A:71:73:35:42:13:48:71"}}},"request":{"raw":"GET /work/yyy.zip HTTP/1.1\r\nHost: breminantores.shop\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 29 Nov 2024 16:18:43 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nLast-Modified: Fri, 29 Nov 2024 13:44:43 GMT\r\nETag: \"2b438d-6280d66bc9c61\"\r\nAccept-Ranges: bytes\r\nContent-Length: 2835341\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2835341,"size_decoded":2835341,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"c605708ea216cb2bf2e9eb9d3bc2b169","sha1":"cac029f86f2c6ca4dc6234e0550c08128189fcbb","sha256":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","sha512":"6cab28ecd9800b29421b850a91fa5743fdb2efc5332a6ed2e511d8e3db58638ca38a4a5ac2a787ad775e91a0a4fe68d6719b2ca955c623ab4914d9660e55d052","ssdeep":"49152:Ylz3lEDThXBJOhHcx6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRpykTS09W:aGFXamhRFY89YYc9jh23redpmQRl1ZGj","tlshash":"9ad533216eaafb6bd1d2f973d47cac029a1864a4b8f736a7453fb273f124111c17e901","first_seen":"2024-11-29T15:45:33.919772Z","last_seen":"2024-12-01T10:48:48.709228Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2067,"timings":{"blocked":455,"dns":1,"connect":130,"send":0,"wait":129,"receive":1018,"ssl":329},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 36/67","trigger":"f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","verdict":"malicious","severity":"","comment":"malicious - 36/67","link":"https://www.virustotal.com/gui/file/f0bb1f455a89c651337ba85515b21bdbdbe915d55747c7c349d8900916e7d8e9","meta":null}],"urlquery":null}}]}