Report - pkg.dl.mail.ru/packages/0_2002134distrib172/LeftToSurvive.exe

Report Overview

Visited public
2023-12-04 18:53:39
Tags
URL
pkg.dl.mail.ru/packages/0_2002134distrib172/LeftToSurvive.exe
Finishing URL
about:privatebrowsing
IP / ASN
178.22.89.141
#47764 Mail.Ru LLC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pkg.dl.mail.ru	unknown	1997-09-27	2014-10-07 16:11:43	2023-12-04 06:01:14	443 B	441 B	178.22.89.142
source.gc.my.games	unknown	2019-02-15	2022-06-02 15:09:23	2023-12-04 06:01:21	474 B	654 kB	178.22.88.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 18:53:29	low	178.22.88.61	Client IP	ET INFO Packed Executable Download
2023-12-04 18:53:29	high	178.22.88.61	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2023-12-04 18:53:29	low	178.22.88.61	Client IP	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	source.gc.my.games/from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
source.gc.my.games/from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe
IP
178.22.88.61
ASN
#47764 Mail.Ru LLC

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
654 kB (653520 bytes)
Hash
b66f86384224cd55e4fa1ee142ef5cc9
ea4b0e03e9069ea01fa619e006b676f86149b34f
59e8bcaea46613be3a1396858302704cd0a29d6c67201beba47d140b0736952e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

pkg.dl.mail.ru/packages/0_2002134distrib172/LeftToSurvive.exe

178.22.89.142

169 B

URL User Request GET
pkg.dl.mail.ru/packages/0_2002134distrib172/LeftToSurvive.exe
IP
178.22.89.142:0
ASN
#47764 Mail.Ru LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751

HTTP Headers

GET /packages/0_2002134distrib172/LeftToSurvive.exe HTTP/1.1
Host: pkg.dl.mail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Mon, 04 Dec 2023 18:53:23 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://source.gc.my.games/from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe

source.gc.my.games/from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe

178.22.88.61

200 OK

654 kB

URL User Request GET HTTP/1.1
source.gc.my.games/from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe
IP
178.22.88.61:80
ASN
#47764 Mail.Ru LLC

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
654 kB (653520 bytes)
Hash
b66f86384224cd55e4fa1ee142ef5cc9
ea4b0e03e9069ea01fa619e006b676f86149b34f
59e8bcaea46613be3a1396858302704cd0a29d6c67201beba47d140b0736952e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

NIDS	Severity	Alert
suricata	low	ET INFO Packed Executable Download
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	low	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

HTTP Headers

GET /from=front-6.pkg.ru.dl.srv/packages/0_2002134distrib172/LeftToSurvive.exe HTTP/1.1
Host: source.gc.my.games
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 04 Dec 2023 18:53:23 GMT
Content-Type: application/octet-stream
Content-Length: 653520
Last-Modified: Tue, 21 Nov 2023 09:19:59 GMT
Connection: keep-alive
ETag: "655c763f-9f8d0"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers