Overview

URL103.170.118.35/botminhok.exe
IP 103.170.118.35 (Vietnam)
ASN#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access public lock_open
Report completed2023-05-26 14:09:52 UTC
StatusLoading report..
IDS alerts3
Blocklist alert4
urlquery alerts No alerts detected
Tags None

Domain Summary (1)

Fully Qualifying Domain Name Rank First Seen Last Seen Sent bytes Received bytes IP Comment
103.170.118.35 (2) 0 No data No data 667 102685 103.170.118.35

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2023-05-26 14:09:39 UTC medium Client IP  103.170.118.35 ET INFO Executable Download from dotted-quad Host 
2023-05-26 14:09:40 UTC high  103.170.118.35 Client IP ET POLICY PE EXE or DLL Windows file download HTTP 
2023-05-26 14:09:40 UTC medium  103.170.118.35 Client IP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response 

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2023-05-26 medium 103.170.118.35/ Malware
2023-05-26 medium 103.170.118.35/botminhok.exe Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2023-05-26 medium 103.170.118.35 Sinkholed
2023-05-26 medium 103.170.118.35 Sinkholed

ThreatFox
 No alerts detected

Files

URL 103.170.118.35/botminhok.exe
IP  103.170.118.35
Magic PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size 101888
MD5 81b67629e8ec6b301ca40f22dcf74bdb
SHA1 3fe754e329e017c90d507b49123c07b4a15711b7
SHA256 d1818eed64e65789f2a6452620485e34f6dcb60034bc2640829df9f6346a6c0e
Analyzer Scan Date Verdict Comment
VirusTotal 2023-05-26 47/71  VirusTotal Report

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 103.170.118.35
Date UQ / IDS / BL URL IP
2023-06-02 04:22:46 UTC 0 - 3 - 2 103.170.118.35/sonbot.exe 103.170.118.35
2023-06-02 04:18:01 UTC 0 - 4 - 2 103.170.118.35/tungbot.exe 103.170.118.35
2023-06-01 03:15:03 UTC 0 - 3 - 2 103.170.118.35/botminhok.exe 103.170.118.35
2023-05-31 15:52:06 UTC 0 - 4 - 2 103.170.118.35/tungbot.exe 103.170.118.35
2023-05-30 01:17:19 UTC 0 - 3 - 2 103.170.118.35/botminhok.exe 103.170.118.35


Last 5 reports on ASN: VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
Date UQ / IDS / BL URL IP
2023-06-06 01:06:52 UTC 0 - 0 - 20 103.133.104.112/dashboard/ 103.133.104.112
2023-06-05 22:08:13 UTC 0 - 3 - 2 103.133.104.112/877/hkcmd.exe 103.133.104.112
2023-06-05 22:08:09 UTC 0 - 1 - 2 103.133.104.112/ih/ihihihihihihihihihihihi%23 (...) 103.133.104.112
2023-06-05 16:42:56 UTC 0 - 1 - 1 14.225.254.203/ 14.225.254.203
2023-06-05 16:23:29 UTC 0 - 0 - 2 103.140.251.122/ 103.140.251.122


Last 5 reports on domain: 103.170.118.35
Date UQ / IDS / BL URL IP
2023-06-02 04:22:46 UTC 0 - 3 - 2 103.170.118.35/sonbot.exe 103.170.118.35
2023-06-02 04:18:01 UTC 0 - 4 - 2 103.170.118.35/tungbot.exe 103.170.118.35
2023-06-01 03:15:03 UTC 0 - 3 - 2 103.170.118.35/botminhok.exe 103.170.118.35
2023-05-31 15:52:06 UTC 0 - 4 - 2 103.170.118.35/tungbot.exe 103.170.118.35
2023-05-30 01:17:19 UTC 0 - 3 - 2 103.170.118.35/botminhok.exe 103.170.118.35


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-06-06 06:44:00 UTC 0 - 2 - 0 znbh.com/down/%A1%BA%D6%C7%C4%DC%B1%CA%BB%AD% (...) 154.85.61.245
2023-06-06 06:43:14 UTC 0 - 3 - 1 192.210.215.42/860/cache_cleaner.exe 192.210.215.42
2023-06-06 06:43:10 UTC 0 - 5 - 1 111.39.248.78:100/%E6%9D%A5%E4%BC%98%E5%93%81 (...) 111.39.248.78
2023-06-06 06:43:10 UTC 0 - 5 - 1 45.15.159.27/file1.exe 45.15.159.27
2023-06-06 06:43:08 UTC 0 - 1 - 3 accept-file.com/226lastbuild.exe 45.32.146.65

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (2)


Request Response
 
                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: 103.170.118.35 

                                        
                                    
                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
 

                                        
                                    
                                        
                                             103.170.118.35

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/html 

                                            
                                            
                                            

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
Last-Modified: Fri, 26 May 2023 12:15:42 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "5d4e7cacb8fd91:0" 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
Server: Microsoft-IIS/8.5 

                                            
                                                
X-Powered-By: ASP.NET 

                                            
                                                
Date: Fri, 26 May 2023 14:09:43 GMT 

                                            
                                                
Content-Length: 244 

                                            
                                                
 

                                            
                                            

                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with CRLF line terminators

                                                Size:   244

                                                Md5:    cabdf906bdced8dc4ae3d5262c9fa3c9

                                                Sha1:   a971f2674335fecb961934a2593581ecee22e8be

                                                Sha256: f8cc7436dbdae8d08def10e7613ff846471848abd07d9f731d8bc86c4552e2e4

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

                                                
                                                      - quad9: Sinkholed

                                                
                                            
                                            
                                            

                                        
                                        


                                
                                        
                                            GET /botminhok.exe HTTP/1.1 

                                        
                                            
Host: 103.170.118.35 

                                        
                                    
                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
 

                                        
                                    
                                        
                                             103.170.118.35

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/octet-stream 

                                            
                                            
                                            

                                            
                                                
Last-Modified: Wed, 10 May 2023 15:33:24 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "82f98c25483d91:0" 

                                            
                                                
Server: Microsoft-IIS/8.5 

                                            
                                                
X-Powered-By: ASP.NET 

                                            
                                                
Date: Fri, 26 May 2023 14:09:43 GMT 

                                            
                                                
Content-Length: 101888 

                                            
                                                
 

                                            
                                            

                                                

                                                --- Additional Info ---

                                                Magic:  PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows\012- data

                                                Size:   101888

                                                Md5:    81b67629e8ec6b301ca40f22dcf74bdb

                                                Sha1:   3fe754e329e017c90d507b49123c07b4a15711b7

                                                Sha256: d1818eed64e65789f2a6452620485e34f6dcb60034bc2640829df9f6346a6c0e

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

                                                
                                                      - quad9: Sinkholed

                                                
                                                      - virustotal: 47/71

                                                
                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET INFO Executable Download from dotted-quad Host

                                                
                                                          - ET POLICY PE EXE or DLL Windows file download HTTP

                                                
                                                          - ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response