{"report_id":"6e445ffc-3a24-4e1f-b414-42efe1dcc993","version":6,"status":"done","tags":[],"date":"2025-04-04T04:57:21Z","url":{"schema":"http","addr":"myautorun.com/download/autorun_setup.exe","fqdn":"myautorun.com","domain":"myautorun.com","tld":"com"},"ip":{"addr":"172.67.179.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-13T04:57:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"myautorun.com","ip":{"addr":"104.21.18.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2004-01-16","domain_rank":0,"first_seen":"2025-04-04T04:57:22.065175Z","last_seen":"2025-04-04T04:57:22.065176Z","alert_count":1,"request_count":1,"received_data":4862390,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"de4ef231c7553c04b5af011156a72f4d","sha1":"a037f6067aea0187fe47a92950300969d6bb6f37","sha256":"c87ee6306b61c217471717751ba63e17cd764332580a9a2d6a4a4bf30f362021","sha512":"eb649c7e71368fe5157c3b26a9870ec8f0e44a5d846ff663b360622d112b8d0aefe871a8c563d3038074996c70e7dd6203d088e2e6e47f0623576725eb6c1f81","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":4861283,"url":{"schema":"https","addr":"myautorun.com/download/autorun_setup.exe","fqdn":"myautorun.com","domain":"myautorun.com","tld":"com"},"ip":{"addr":"104.21.18.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-04","alert":"detect_Redline_Stealer","trigger":"myautorun.com/download/autorun_setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"de4ef231c7553c04b5af011156a72f4d","sha1":"a037f6067aea0187fe47a92950300969d6bb6f37","sha256":"c87ee6306b61c217471717751ba63e17cd764332580a9a2d6a4a4bf30f362021","sha512":"eb649c7e71368fe5157c3b26a9870ec8f0e44a5d846ff663b360622d112b8d0aefe871a8c563d3038074996c70e7dd6203d088e2e6e47f0623576725eb6c1f81","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":4861283,"url":{"schema":"https","addr":"myautorun.com/download/autorun_setup.exe","fqdn":"myautorun.com","domain":"myautorun.com","tld":"com"},"ip":{"addr":"104.21.18.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-04","alert":"detect_Redline_Stealer","trigger":"myautorun.com/download/autorun_setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-04","alert":"detect_Redline_Stealer","trigger":"myautorun.com/download/autorun_setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"myautorun.com/download/autorun_setup.exe","fqdn":"myautorun.com","domain":"myautorun.com","tld":"com"},"ip":{"addr":"104.21.18.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-04T04:56:58.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"myautorun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 03 Apr 2025 10:20:20 GMT","end":"Wed, 02 Jul 2025 11:18:07 GMT"},"fingerprint":{"sha1":"19:8D:7A:64:68:DB:A8:91:C0:27:A4:A0:26:E3:85:A3:47:D2:E0:E3","sha256":"76:E0:2A:FF:3A:30:B1:3A:4F:E5:9D:1D:6D:DB:FD:3A:A5:50:41:02:53:23:5E:37:BA:C2:CB:55:F9:08:F7:63"}}},"request":{"raw":"GET /download/autorun_setup.exe HTTP/1.1\r\nHost: myautorun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":765,"data":"{\"csp-report\":{\"blocked-uri\":\"eval\",\"column-number\":41408,\"disposition\":\"report\",\"document-uri\":\"https://annas-archive.org/slow_download/35a5e762e59a92a4299ad2697742254d/0/1\",\"effective-directive\":\"script-src\",\"line-number\":1,\"original-policy\":\"script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=16ZF_VgqS2mFKBU8vJ_GIW0DWVVvgjIZuKeTgdjMcrI-1743742584-1.0.1.1-qlMMKI9OJumtDf74v5nupM1R7LqW.J.sW2DvKall25u80t6mrcB4Qi7jnNWDf.L8MPIabFf6g66hLiCIR.yMdBjOthLRn0pNaIDR906g0x.5UoZ6Eibrmsl7MitEfx_jtdtnUW3J2jCfFTUh7MPlOfTBQAh2GIPSkRTEXY3Bl58\",\"referrer\":\"\",\"source-file\":\"https://annas-archive.org/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=92ae38117f51b521\",\"status-code\":403,\"violated-directive\":\"script-src\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Apr 2025 04:56:58 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 4861283\r\ncf-ray: 92ae38e34ac11c0e-OSL\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Dec 2024 22:37:10 GMT\r\netag: \"fe16b45e5456db1:0\"\r\nx-powered-by: RJL.ai\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=xQrSJhry5R1S0RxAGfh9r%2BEJlFHjB9cfT77syaUzt0BxTgzci0dl3QwSw09OmDg9in26nB0d46HJHXtdjYslUxgCR7%2FF122nQINVXE7URjSqSZTnnZ9Adpfm42NsWJsb\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfCacheStatus;desc=\"MISS\", cfL4;desc=\"?proto=TCP\u0026rtt=6513\u0026min_rtt=536\u0026rtt_var=11727\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3280\u0026recv_bytes=1269\u0026delivery_rate=7252086\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=60062331b3e8c1c1\u0026ts=633\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4861283,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","md5":"de4ef231c7553c04b5af011156a72f4d","sha1":"a037f6067aea0187fe47a92950300969d6bb6f37","sha256":"c87ee6306b61c217471717751ba63e17cd764332580a9a2d6a4a4bf30f362021","sha512":"eb649c7e71368fe5157c3b26a9870ec8f0e44a5d846ff663b360622d112b8d0aefe871a8c563d3038074996c70e7dd6203d088e2e6e47f0623576725eb6c1f81","ssdeep":"98304:AEeipGb1FLqQF6dWry//DthQiooP2qDAN0mVgSxa872avtYyh8fN354r:WipA1oMuWr45hrr2imVf72alwLG","tlshash":"8f26230a76c50633d096033059abe7222b79fc345bf2921b7785ea6c3d33ae09276757","first_seen":"2023-06-18T05:23:21Z","last_seen":"2025-04-04T04:57:25.358427Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2193,"timings":{"blocked":40,"dns":0,"connect":1,"send":0,"wait":601,"receive":1512,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-04","alert":"detect_Redline_Stealer","trigger":"myautorun.com/download/autorun_setup.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}],"urlquery":null}}]}