Report Overview
- Visited public2025-03-03 22:12:26Tags
- URL
anonsharing.com/05c729c528c9033e/REXTH.exe?download_token=93d68576d8d275b525c90867eaeff987178caddccb24f20831e0a73008cab55b
- Finishing URL
about:privatebrowsing
- IP / ASN
104.21.32.1#13335 CLOUDFLARENET
Titleabout:privatebrowsing
Domain Summary
| Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
|---|---|---|---|---|---|---|---|
| anonsharing.com | unknown | 2023-03-28 | 2023-03-28 | 2025-03-03 | 590 B | 493 kB | 104.21.80.1 |
| s3.ca-central-1.wasabisys.com | unknown | 2017-04-07 | 2022-03-03 | 2025-03-03 | 901 B | 492 kB |  38.143.146.101 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| 2025-03-03 22:12:07 | low | Client IP | 38.143.146.101 |
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2025-03-03 | medium | s3.ca-central-1.wasabisys.com/anonsharing/54/54d8422eacb3eb6ad167fe14c1afe02c?response-content-disposition=filename%3DREXTH.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250303%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250303T221206Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=775f645c40218de4edb5c8881e27d0af85947c83edd93d485c60ee195f9c144d | Detects XWorm RAT |
| 2025-03-03 | medium | s3.ca-central-1.wasabisys.com/anonsharing/54/54d8422eacb3eb6ad167fe14c1afe02c?response-content-disposition=filename%3DREXTH.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250303%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250303T221206Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=775f645c40218de4edb5c8881e27d0af85947c83edd93d485c60ee195f9c144d | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
s3.ca-central-1.wasabisys.com/anonsharing/54/54d8422eacb3eb6ad167fe14c1afe02c?response-content-disposition=filename%3DREXTH.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250303%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250303T221206Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=775f645c40218de4edb5c8881e27d0af85947c83edd93d485c60ee195f9c144d
IP
38.143.146.101ASN
#395717 BLUEARCHIVE-ZONE-1
File type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
491 kB (491008 bytes)
Hash
9fa817cc1a25659b0cee0e276d652064
08e3c7f7ea50ae63e4f98876bab54533c3d6ee80
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| RussianPanda public YARA rules | malware | Detects XWorm RAT |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| VirusTotal | malicious | |
| ClamAV | malicious | Win.Packed.njRAT-10002074-1 |
JavaScript (0)
HTTP Transactions (2)
| URL | IP | Response | Size | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET anonsharing.com/05c729c528c9033e/REXTH.exe?download_token=93d68576d8d275b525c90867eaeff987178caddccb24f20831e0a73008cab55b | 104.21.80.1 | 302 Found | 491 kB | ||||||||||||||||
HTTP Headers
| |||||||||||||||||||
GET s3.ca-central-1.wasabisys.com/anonsharing/54/54d8422eacb3eb6ad167fe14c1afe02c?response-content-disposition=filename%3DREXTH.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250303%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250303T221206Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=775f645c40218de4edb5c8881e27d0af85947c83edd93d485c60ee195f9c144d | 38.143.146.101 | 200 OK | 491 kB | ||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||