{"report_id":"8ccea35f-b0e7-4c4f-9c9b-f3e63e3f3e85","version":6,"status":"done","tags":[],"date":"2025-01-24T10:30:19Z","url":{"schema":"http","addr":"www.estk.me/wp-content/uploads/2024/12/ESTKme-T002V06-3.4.3.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-04T10:30:19Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.estk.me","ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"domain_registered":"2023-09-08","domain_rank":0,"first_seen":"2023-11-08T09:35:37Z","last_seen":"2024-12-27T23:40:55.550588Z","alert_count":1,"request_count":1,"received_data":153495,"sent_data":517,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"ffe344741e8913b49f5b0a56decd566a","sha1":"c27f395e0f5933964795911101e2672032928d7e","sha256":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","sha512":"e8ed556c18ac2bf5b2797d941474f99c5eeaac9738b32e258f43d15b5c9329b70376968726bce99d5a05490d701e7a5701d7a44f3987e1d852903d1722b8b0dd","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":153201,"url":{"schema":"https","addr":"www.estk.me/wp-content/uploads/2024/12/ESTKme-T002V06-3.4.3.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"archive":[{"path":"estkme.app.bin","filename":"estkme.app.bin","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"data","size":51525,"md5":"1b5043070c14e428f192f2a725186368","sha1":"5b0c37724029b1c59f0eb07cd3c44790686d8a15","sha256":"34aa367ee6dfaf5afad958965de4c9c8e0c78f5e117f72a7796e6f800e1f3805","sha512":"2edb90db4fe28c0be2661a9a75947aea3377f9177b26e37f0805684c0bcb06745dc3462548c1dc75bddc77b44e11c79c4f0476469da263b07874970389576431","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.c","filename":"fwupd.c","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"C source, ASCII text","size":10137,"md5":"d2289fbb69c0d79607d8ef2e6c83d599","sha1":"f03aa688519119b1b9259ef75f304ac04a6009e8","sha256":"d9426d1ab96e21c45478d0e36dd503450d6eb8d70932723568c00fca75c0e02d","sha512":"93db33602cf0a341ce8b8f7fc5327288b17eb32d3b4d296b940917063008cab761aeacd4d13d9f436ace0b6b81d7ce7e83fa5d806d5298379a41ea24b845b4c0","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.exe","filename":"fwupd.exe","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 17 sections","size":238112,"md5":"4ead2c3cec9fa4fa13a60c4a1851ec27","sha1":"6c9725efbc6dc3cc053de23e8d564219d81fd2ce","sha256":"465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","sha512":"cd1771beb22219c04f9b54c0def11e5cbcf9eb7eb615130d1b8bb4980bb75fb48df7f4df1434910b617a5c7085ce39cbf2a4163bed36d4d979bf06d0d4d73d32","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 13/72","trigger":"465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","verdict":"malicious","severity":"","comment":"malicious - 13/72","link":"https://www.virustotal.com/gui/file/465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-21","alert":"Scan result 10/66","trigger":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","verdict":"suspicious","severity":"","comment":"suspicious - 10/66","link":"https://www.virustotal.com/gui/file/fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ffe344741e8913b49f5b0a56decd566a","sha1":"c27f395e0f5933964795911101e2672032928d7e","sha256":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","sha512":"e8ed556c18ac2bf5b2797d941474f99c5eeaac9738b32e258f43d15b5c9329b70376968726bce99d5a05490d701e7a5701d7a44f3987e1d852903d1722b8b0dd","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":153201,"url":{"schema":"https","addr":"www.estk.me/wp-content/uploads/2024/12/ESTKme-T002V06-3.4.3.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"archive":[{"path":"estkme.app.bin","filename":"estkme.app.bin","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"data","size":51525,"md5":"1b5043070c14e428f192f2a725186368","sha1":"5b0c37724029b1c59f0eb07cd3c44790686d8a15","sha256":"34aa367ee6dfaf5afad958965de4c9c8e0c78f5e117f72a7796e6f800e1f3805","sha512":"2edb90db4fe28c0be2661a9a75947aea3377f9177b26e37f0805684c0bcb06745dc3462548c1dc75bddc77b44e11c79c4f0476469da263b07874970389576431","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.c","filename":"fwupd.c","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"C source, ASCII text","size":10137,"md5":"d2289fbb69c0d79607d8ef2e6c83d599","sha1":"f03aa688519119b1b9259ef75f304ac04a6009e8","sha256":"d9426d1ab96e21c45478d0e36dd503450d6eb8d70932723568c00fca75c0e02d","sha512":"93db33602cf0a341ce8b8f7fc5327288b17eb32d3b4d296b940917063008cab761aeacd4d13d9f436ace0b6b81d7ce7e83fa5d806d5298379a41ea24b845b4c0","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.exe","filename":"fwupd.exe","modified":"2024-12-20T16:05:57+08:00","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 17 sections","size":238112,"md5":"4ead2c3cec9fa4fa13a60c4a1851ec27","sha1":"6c9725efbc6dc3cc053de23e8d564219d81fd2ce","sha256":"465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","sha512":"cd1771beb22219c04f9b54c0def11e5cbcf9eb7eb615130d1b8bb4980bb75fb48df7f4df1434910b617a5c7085ce39cbf2a4163bed36d4d979bf06d0d4d73d32","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 13/72","trigger":"465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","verdict":"malicious","severity":"","comment":"malicious - 13/72","link":"https://www.virustotal.com/gui/file/465057e731779edb01821488f8dd81272a33e6facc6806abda6e8053123d0a91","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-21","alert":"Scan result 10/66","trigger":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","verdict":"suspicious","severity":"","comment":"suspicious - 10/66","link":"https://www.virustotal.com/gui/file/fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.estk.me/wp-content/uploads/2024/12/ESTKme-T002V06-3.4.3.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-24T10:29:54.480Z","timestamp":1737714594480,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"estk.me","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Jan 2025 09:05:05 GMT","end":"Sat, 05 Apr 2025 09:05:04 GMT"},"fingerprint":{"sha1":"38:3F:17:02:FE:4D:DD:A2:45:78:AE:BF:C5:C7:C2:9A:4A:01:59:63","sha256":"A6:39:9C:13:B9:83:AE:29:70:75:52:91:45:DC:16:82:44:22:59:CB:FE:B4:72:67:63:F5:20:C9:98:A5:73:1E"}}},"request":{"raw":"GET /wp-content/uploads/2024/12/ESTKme-T002V06-3.4.3.zip HTTP/1.1\r\nHost: www.estk.me\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 24 Jan 2025 10:29:55 GMT\r\nServer: Apache/2.4.62 (Debian)\r\nLast-Modified: Fri, 20 Dec 2024 08:09:26 GMT\r\nETag: \"25671-629af2a5182e3\"\r\nAccept-Ranges: bytes\r\nContent-Length: 153201\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":153201,"size_decoded":153201,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"ffe344741e8913b49f5b0a56decd566a","sha1":"c27f395e0f5933964795911101e2672032928d7e","sha256":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","sha512":"e8ed556c18ac2bf5b2797d941474f99c5eeaac9738b32e258f43d15b5c9329b70376968726bce99d5a05490d701e7a5701d7a44f3987e1d852903d1722b8b0dd","ssdeep":"3072:tKcFBEdTTuNUYAoLqXwYgQgnWlBMG0FFGk245lMyDkM4:lwTTWjvLqAYgQsWlWXjAUbQ","tlshash":"70e31285bc289bd2b1661bf92e3550d4e5b04a135be61ffb9c3a8f82c8c441d4c74a7b","first_seen":"2024-12-27T23:40:56.888723Z","last_seen":"2025-01-24T10:30:23.075458Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2177,"timings":{"blocked":572,"dns":10,"connect":257,"send":0,"wait":258,"receive":774,"ssl":302},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-21","alert":"Scan result 10/66","trigger":"fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","verdict":"suspicious","severity":"","comment":"suspicious - 10/66","link":"https://www.virustotal.com/gui/file/fc77732c10ae22ff2dcf1f232005f01875aaabe9109cc5cc97216598a399e2cf","meta":null}],"urlquery":null}}]}