Report - gcdn.thunderstore.io/live/repository/packages/SkinwalkerModTeam-SkinWalkerMods-1.0.0.zip

Report Overview

Visitedpublic

2024-11-21 23:05:45

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
gcdn.thunderstore.io	595395	2019-04-05	2021-08-08	2024-11-21	542 B	439 kB	185.244.209.62

No alerts detected

No alerts detected

No alerts detected

No alerts detected

No alerts detected

No alerts detected

URL

gcdn.thunderstore.io/live/repository/packages/SkinwalkerModTeam-SkinWalkerMods-1.0.0.zip

IP / ASN

185.244.209.62

#199524 G-Core Labs S.A.

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size438 kB (438047 bytes)

MD519db62c04b1f30a019ac3a6eae94d3b2

SHA1b087bdc48172bb46f8e18183cd04296f1ebc06cf

SHA2565e1923eb965c7cee219817016ce0336f0907f5112f8a28e159620b7e80aa77ce

Archive (4)

Modified	Filename	Size	MD5	File type
2023-12-25 14:24	SkinWalker.dll	2.9 MB	ee9cd8657560c102441d15ac13053c67	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2023-12-25 13:52	icon.png	2.6 kB	fd0f5271a1c1b16218a2632b32d60766	PNG image data, 256 x 256, 8-bit/color RGB, non-interlaced
2023-12-25 14:27	manifest.json	203 B	037524162ae83ce6f08d1598022e053b	JSON text data
2023-12-25 13:51	README.md	0 B	d41d8cd98f00b204e9800998ecf8427e

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)

	URL	IP	Response	Size