Report Overview
Submitted URL
github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASx64.exe
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-05-01 03:33:06
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
29
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
github.com | 1423 | 2007-10-09 | 2016-07-13 | 2024-03-24 | 1.5 kB | 8.1 kB | 140.82.121.3 |
objects.githubusercontent.com | 134060 | 2014-02-06 | 2021-11-01 | 2024-04-30 | 993 B | 2.4 MB | 185.199.111.133 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Detects .NET red/black-team tools via typelibguid |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.Seatbelt |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
2024-05-01 | medium | objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | Windows.Hacktool.WinPEAS-ng |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream
IP
185.199.111.133
ASN
#54113 FASTLY
File type
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows, 2 sections
Size
2.4 MB (2387456 bytes)
Hash
1f7f204d5ca9437dbb364b7d28eb71a5
5d79c1d2e799596f32a28bb68d966b4efcd608c8
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects .NET red/black-team tools via typelibguid |
YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
Elastic Security YARA Rules | malware | Windows.Hacktool.Seatbelt |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (3)
URL | IP | Response | Size | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASx64.exe | 140.82.121.3 | 302 Found | 0 B | |||||||||||||||||||||||||||||||||||||||||||||||||
HTTP Headers
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
github.com/peass-ng/PEASS-ng/releases/download/20240421-825f642d/winPEASx64.exe | 140.82.121.3 | 302 Found | 0 B | |||||||||||||||||||||||||||||||||||||||||||||||||
HTTP Headers
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
objects.githubusercontent.com/github-production-release-asset-2e65be/165548191/b265de88-cec2-4e72-8383-083aefbb067b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240501T033236Z&X-Amz-Expires=300&X-Amz-Signature=af523e9038b48215baca0b2bee7fb59b69bcb170502a9dcfc4b1a478acd2607d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=165548191&response-content-disposition=attachment%3B%20filename%3DwinPEASx64.exe&response-content-type=application%2Foctet-stream | 185.199.111.133 | 200 OK | 2.4 MB | |||||||||||||||||||||||||||||||||||||||||||||||||
Detections
HTTP Headers
| ||||||||||||||||||||||||||||||||||||||||||||||||||||