Report Overview
- Visited public2023-10-03 11:21:21Tags
- URL
raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe
- Finishing URL
about:privatebrowsing
- IP / ASN
185.199.111.133#54113 FASTLY
Titleabout:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11
Domain Summary
| Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
|---|---|---|---|---|---|---|---|
| raw.githubusercontent.com | 35802 | 2014-02-06 | 2014-03-01 08:08:08 | 2023-10-02 18:32:49 | 523 B | 15 kB | 185.199.111.133 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2023-10-03 | medium | raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | Cobalt Strike's resources/artifact32{.dll,.exe,big.exe,big.dll,bigsvc.exe} signature for versions 3.14 to 4.x and resources/artifact32svc.exe for 3.14 to 4.x and resources/artifact32uac.dll for v3.14 and v4.0 |
| 2023-10-03 | medium | raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | Detects different hacktools based on their imphash |
| 2023-10-03 | medium | raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | Windows.Trojan.CobaltStrike |
| 2023-10-03 | medium | raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | Windows.Trojan.CobaltStrike |
| 2023-10-03 | medium | raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | Cobalt Strike's resources/artifact32{.dll,.exe,big.exe,big.dll,bigsvc.exe} signature for versions 3.14 to 4.x and resources/artifact32svc.exe for 3.14 to 4.x and resources/artifact32uac.dll for v3.14 and v4.0 |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe
IP
185.199.111.133ASN
#54113 FASTLY
File type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows\012- data
Size
14 kB (14336 bytes)
Hash
ac32f23e9c96c392ceed9e6c5ee5857d
7a57be8418e06cd4a475c9f3a579bd96f0645b56
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Cobalt Strike's resources/artifact32{.dll,.exe,big.exe,big.dll,bigsvc.exe} signature for versions 3.14 to 4.x and resources/artifact32svc.exe for 3.14 to 4.x and resources/artifact32uac.dll for v3.14 and v4.0 |
| Public Nextron YARA rules | malware | Detects different hacktools based on their imphash |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Google GCTI YARA rules | malware | Cobalt Strike's resources/artifact32{.dll,.exe,big.exe,big.dll,bigsvc.exe} signature for versions 3.14 to 4.x and resources/artifact32svc.exe for 3.14 to 4.x and resources/artifact32uac.dll for v3.14 and v4.0 |
| VirusTotal | malicious |
JavaScript (0)
No Javascripts found
No Javascripts found
No Javascripts found
HTTP Transactions (1)
| URL | IP | Response | Size | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
raw.githubusercontent.com/pip2002/fuzzy-invention/main/qet-test.exe | 185.199.111.133 | 200 OK | 14 kB | ||||||||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||||||||