{"report_id":"8a3cc426-cb88-4635-9a91-2990c21db364","version":6,"status":"done","tags":[],"date":"2024-11-29T19:36:03Z","url":{"schema":"http","addr":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","fqdn":"ebank.zaozhuangbank.com","domain":"zaozhuangbank.com","tld":"com"},"ip":{"addr":"112.253.48.62","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T19:36:03Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ebank.zaozhuangbank.com","ip":{"addr":"112.253.48.62","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2011-09-06","domain_rank":0,"first_seen":"2022-01-10T03:16:01Z","last_seen":"2024-11-22T02:27:38.552069Z","alert_count":2,"request_count":1,"received_data":2818545,"sent_data":529,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"ca7e6cdd35b727095ebc2f66b66872fe","sha1":"e02dc0901a2b112cc8376eac49db02327a595992","sha256":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","sha512":"10453aeac10bdebd5f79ddd385c3d3f41a76fea8cbececcd5db4fcf7dc2f5161831111472f14a3bcead30160c99e969dea63865c40d9c8fc039e755da8ad4022","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":2818176,"url":{"schema":"https","addr":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","fqdn":"ebank.zaozhuangbank.com","domain":"zaozhuangbank.com","tld":"com"},"ip":{"addr":"112.253.48.62","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"RussianPanda public YARA rules","scan_date":"2024-11-29","alert":"Checks currently installed software","trigger":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/RussianPanda95/Yara-Rules","meta":{"author":"RussianPanda","date":"1/14/2024","description":"Checks currently installed software","hash":"db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07","reference":"https://unprotect.it/technique/checking-installed-software/","rule":"check_installed_software"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-10-15","alert":"Scan result 1/72","trigger":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ca7e6cdd35b727095ebc2f66b66872fe","sha1":"e02dc0901a2b112cc8376eac49db02327a595992","sha256":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","sha512":"10453aeac10bdebd5f79ddd385c3d3f41a76fea8cbececcd5db4fcf7dc2f5161831111472f14a3bcead30160c99e969dea63865c40d9c8fc039e755da8ad4022","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":2818176,"url":{"schema":"https","addr":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","fqdn":"ebank.zaozhuangbank.com","domain":"zaozhuangbank.com","tld":"com"},"ip":{"addr":"112.253.48.62","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"RussianPanda public YARA rules","scan_date":"2024-11-29","alert":"Checks currently installed software","trigger":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/RussianPanda95/Yara-Rules","meta":{"author":"RussianPanda","date":"1/14/2024","description":"Checks currently installed software","hash":"db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07","reference":"https://unprotect.it/technique/checking-installed-software/","rule":"check_installed_software"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-10-15","alert":"Scan result 1/72","trigger":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"RussianPanda public YARA rules","scan_date":"2024-11-29","alert":"Checks currently installed software","trigger":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/RussianPanda95/Yara-Rules","meta":{"author":"RussianPanda","date":"1/14/2024","description":"Checks currently installed software","hash":"db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07","reference":"https://unprotect.it/technique/checking-installed-software/","rule":"check_installed_software"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","fqdn":"ebank.zaozhuangbank.com","domain":"zaozhuangbank.com","tld":"com"},"ip":{"addr":"112.253.48.62","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T19:35:38.017Z","timestamp":1732908938017,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ebank.zaozhuangbank.com","organization":"ZAOZHUANG BANK Co.,Ltd"},"issuer":{"commonName":"Secure Site Pro Extended Validation CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 26 Dec 2023 00:00:00 GMT","end":"Fri, 10 Jan 2025 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5F:A8:DA:4E:3C:19:1F:5A:A4:6E:6B:DD:17:9F:CE:2E:5E:DC:62","sha256":"DA:35:64:D9:EC:03:DD:02:0A:23:91:67:98:B2:F1:34:EE:9F:6F:A6:22:14:E8:07:2D:30:18:0D:57:21:BE:51"}}},"request":{"raw":"GET /pbank/app/resource/common/ocx/808/808ServerData.exe HTTP/1.1\r\nHost: ebank.zaozhuangbank.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 29 Nov 2024 19:35:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2818176\r\nLast-Modified: Wed, 03 Nov 2021 09:37:13 GMT\r\nETag: \"61825849-2b0080\"\r\nExpires: Sat, 30 Nov 2024 19:35:40 GMT\r\nCache-Control: max-age=86400\r\nserver_number: PB_V7_s\r\nAccept-Ranges: bytes\r\nConnection: Keep-alive\r\nVia: 1.1 ID-7203207600045244 uproxy-4\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2818176,"size_decoded":2818176,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"ca7e6cdd35b727095ebc2f66b66872fe","sha1":"e02dc0901a2b112cc8376eac49db02327a595992","sha256":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","sha512":"10453aeac10bdebd5f79ddd385c3d3f41a76fea8cbececcd5db4fcf7dc2f5161831111472f14a3bcead30160c99e969dea63865c40d9c8fc039e755da8ad4022","ssdeep":"49152:Vv/JY6q9DNoyyrIjUffmSlRoYMtikGWFQ9xEZzwa+ZIZEUdVaE1LJBOwYVpPXZfC:Vv/1q38rIjUffmYdM8DWQ9azL+mdVaEX","tlshash":"4cd5cf217ba1c076c6333234465ab37da6b9ea611b7452c763901e3dbe34dd3893d22b","first_seen":"2023-09-09T11:19:12Z","last_seen":"2024-12-13T17:03:41.848815Z","times_seen":11,"resource_available":false,"data":null}},"time_used":16960,"timings":{"blocked":2560,"dns":639,"connect":256,"send":0,"wait":536,"receive":11303,"ssl":1664},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"RussianPanda public YARA rules","scan_date":"2024-11-29","alert":"Checks currently installed software","trigger":"ebank.zaozhuangbank.com/pbank/app/resource/common/ocx/808/808ServerData.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/RussianPanda95/Yara-Rules","meta":{"author":"RussianPanda","date":"1/14/2024","description":"Checks currently installed software","hash":"db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07","reference":"https://unprotect.it/technique/checking-installed-software/","rule":"check_installed_software"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-10-15","alert":"Scan result 1/72","trigger":"7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/7b3bab374d7156795bcf6774e767ddb88a8cde94dadfa971ea429957eca60360","meta":null}],"urlquery":null}}]}