{"report_id":"9056a1da-9606-4ccb-aeed-a642cfe0b82e","version":6,"status":"done","tags":[],"date":"2023-12-20T18:35:39Z","url":{"schema":"http","addr":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","fqdn":"www.nt-ware.com","domain":"nt-ware.com","tld":"com"},"ip":{"addr":"78.46.35.44","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T07:12:43Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.nt-ware.com","ip":{"addr":"135.181.0.40","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"domain_registered":"1996-11-22","domain_rank":931227,"first_seen":"2017-01-30 14:26:04","last_seen":"2023-11-27 17:56:08","alert_count":1,"request_count":1,"received_data":565986,"sent_data":536,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"319188b2fcfe1b8571f2d2ebfc6167aa","sha1":"273aa0c27c20c75b25d5c59e453e7d342f65b514","sha256":"914d68bd78327c8beeadfc741c8d70b476d000b11023a158d9bb637059e380ae","sha512":"d889a98672de8a0f978b2472e07ec4f1f68688f5d955c2087283b261a03716a48c6440962b560fea0c4636415990108ced590a0d259c7c23f92d4c5b87d067f5","magic":"PE32 executable (GUI) Intel 80386, for MS Windows","size":565336,"url":{"schema":"https","addr":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","fqdn":"www.nt-ware.com","domain":"nt-ware.com","tld":"com"},"ip":{"addr":"135.181.0.40","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2023-12-20","alert":"detect_Redline_Stealer","trigger":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2023-12-20","alert":"detect_Redline_Stealer","trigger":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","fqdn":"www.nt-ware.com","domain":"nt-ware.com","tld":"com"},"ip":{"addr":"135.181.0.40","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-20T18:34:19.890Z","timestamp":1703097259890,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.nt-ware.com","organization":"NT - WARE Systemprogrammierungs-GmbH"},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 02 May 2023 00:00:00 GMT","end":"Sat, 01 Jun 2024 23:59:59 GMT"},"fingerprint":{"sha1":"3B:F9:77:54:28:3B:67:5D:96:CE:5A:E3:8C:92:E2:FF:6B:9E:B8:B3","sha256":"81:92:52:D4:3B:8F:59:FF:11:59:F6:56:67:A0:7B:4D:3A:ED:1F:71:C5:99:B0:57:16:14:B6:55:C6:EB:95:E5"}}},"request":{"raw":"GET /downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe HTTP/1.1\r\nHost: www.nt-ware.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 20 Dec 2023 18:35:14 GMT\r\nServer: Apache\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nAccess-Control-Allow-Methods: GET, OPTIONS\r\nLast-Modified: Thu, 16 Nov 2023 15:03:02 GMT\r\nETag: \"8a058-60a4650f44424\"\r\nAccept-Ranges: bytes\r\nContent-Length: 565336\r\nContent-Security-Policy-Report-Only: default-src 'self'; report-uri https://www.nt-ware.com/contentsecuritypolicyreport/index.php;\r\nKeep-Alive: timeout=15, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/x-msdos-program\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":565336,"size_decoded":565336,"mime_type":"application/x-msdos-program","magic":"PE32 executable (GUI) Intel 80386, for MS Windows","md5":"319188b2fcfe1b8571f2d2ebfc6167aa","sha1":"273aa0c27c20c75b25d5c59e453e7d342f65b514","sha256":"914d68bd78327c8beeadfc741c8d70b476d000b11023a158d9bb637059e380ae","sha512":"d889a98672de8a0f978b2472e07ec4f1f68688f5d955c2087283b261a03716a48c6440962b560fea0c4636415990108ced590a0d259c7c23f92d4c5b87d067f5","ssdeep":"12288:N4ywXy90zbhsFaD+mQiVqaN46GMkmQR+qsw0WEfRDUShJ+L:2lyQsF4+7iEAhGfR6JDPz+L","tlshash":"adc41213bbd85832cca407b054fe23871b367ce10b6807d32b59ac9a5d733c9667667a","first_seen":"2023-12-20T19:35:46Z","last_seen":"2024-08-20T15:25:43.074344Z","times_seen":2,"resource_available":false,"data":null}},"time_used":667,"timings":{"blocked":284,"dns":0,"connect":14,"send":0,"wait":14,"receive":86,"ssl":267},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2023-12-20","alert":"detect_Redline_Stealer","trigger":"www.nt-ware.com/downld/meap/MOMO/devicesetuptool/v1.6.1/DSUStarter.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Varp0s","date":"2023-06-06","rule":"detect_Redline_Stealer","tlp":"WHITE","yarahub_license":"CC0 1.0","yarahub_reference_md5":"554d25724c8f6f53af8721d0ef6b6f42","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"671d6f32-8236-46b5-80e3-057192936607"}}],"urlquery":null}}]}