Report - z0mbie.dreamhosters.com/z0mbie4c.zip

Report Overview

Visited public
2024-07-21 20:58:22
Tags
URL
z0mbie.dreamhosters.com/z0mbie4c.zip
Finishing URL
about:privatebrowsing
IP / ASN
67.205.31.22
#26347 DREAMHOST-AS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-21 18:21:45	2.6 kB	7.1 kB	23.36.76.226
z0mbie.dreamhosters.com	unknown	2004-11-03	2022-06-15 04:37:22	2024-03-14 17:18:17	490 B	37 kB	67.205.31.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
z0mbie.dreamhosters.com/z0mbie4c.zip
IP
67.205.31.22
ASN
#26347 DREAMHOST-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
37 kB (36996 bytes)
Hash
d363239a2a4517839c46a6700c4010aa
6ba1cc003122d4d8439535274d00db41bd77d8b6
9ea8e6cc74d22c85f072349ccbae36556c29a9534203b03c266103f466146aae

Archive (13)

Filename

Md5

File type

ASM.BAT

8c3ce4348c5a5885f9e4cddc8058857d

DOS batch file, ASCII text, with CRLF line terminators

DROPCODE.INC

f07de49fcba3bcd3e7d7a847ee31e38f

ASCII text, with CRLF line terminators

IMPORT.INC

b40c36bd2abd62e70121c7d597533618

ASCII text, with CRLF line terminators

KILLAVXD.INC

d6a252f39fe273577d92a48c391fb09d

ASCII text, with CRLF line terminators

KME32.INT

c8c53e34b0d45f741e0a372b73638945

ASCII text, with CRLF line terminators

KME32BIN.INC

902f70ab47c5e98574651433b8cbbd4b

ASCII text, with CRLF line terminators

R0IO.INC

7f5cd34325590c05927121d922881751

ASCII text, with CRLF line terminators

RING3.INC

bd781b87829bd3f93b91dd7eca2aa8b3

JavaScript source, ASCII text, with CRLF line terminators

Z0MBIE4C.INC

45e0b6298d98ccafc805a80201f0e884

ASCII text, with CRLF line terminators

Z0MBIE4C.ASM

b310d7877eeb19791d49167fd84002b5

Generic INItialization configuration [eax]

RUNDLL16.EX$

cbb2ea97a87cc0e0c08281801acbcb2c

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

PBRUSH.EX$

f0158700615db33aca3168c8e9cd93a4

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

FILE_ID.DIZ

82ebf4131c6e9ca97c940a8ef54ac885

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 40/62

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3bd6a6d19bf0ab70e4e0cd3d2833afe1
0dd2ee68cf939d2482a9b30bf767f412eb97e492
23c60c02f8a6f1f7fe01f9f4661cf04a03c046522201927dfa7c51ceba6c5449

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "23C60C02F8A6F1F7FE01F9F4661CF04A03C046522201927DFA7C51CEBA6C5449"
Last-Modified: Sat, 20 Jul 2024 20:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10885
Expires: Sun, 21 Jul 2024 23:59:22 GMT
Date: Sun, 21 Jul 2024 20:57:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2f796f6340ac7eef4fa2891ac8f8aa1a
27bbc7bb6314b31dcab89f198bc258b040593aa7
778d02decabf7dff03bf5ec4c4eb0f03ac789e89bcfe58353c266c9d66c08834

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "778D02DECABF7DFF03BF5EC4C4EB0F03AC789E89BCFE58353C266C9D66C08834"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11031
Expires: Mon, 22 Jul 2024 00:01:48 GMT
Date: Sun, 21 Jul 2024 20:57:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cf41dddde2cb04d4f8b233b01318bde1
f7f9259cebf98c255ea506e7d7f0170c1e6a9604
90a7510dc4acc5716c9a82e10dcbb6074af14f502e3847f8b6c43caef244ca12

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "90A7510DC4ACC5716C9A82E10DCBB6074AF14F502E3847F8B6C43CAEF244CA12"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10916
Expires: Sun, 21 Jul 2024 23:59:53 GMT
Date: Sun, 21 Jul 2024 20:57:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
00accea3155d7ac730285aec633670a9
fee8ca25b96d24d0c10951f7f4ea28389020e88d
9abd3b5f4de73d55417dcec4bbf72b38cc201842360ed32d763a4c65e35819d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9ABD3B5F4DE73D55417DCEC4BBF72B38CC201842360ED32D763A4C65E35819D8"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2371
Expires: Sun, 21 Jul 2024 21:37:28 GMT
Date: Sun, 21 Jul 2024 20:57:57 GMT
Connection: keep-alive

z0mbie.dreamhosters.com/z0mbie4c.zip

67.205.31.22

200 OK

37 kB

URL User Request GET HTTP/2
z0mbie.dreamhosters.com/z0mbie4c.zip
IP
67.205.31.22:443
ASN
#26347 DREAMHOST-AS

Certificate
IssuerThe USERTRUST Network
Subject*.dreamhosters.com
Fingerprint87:D0:65:97:2A:8F:C8:60:04:C6:3C:E8:DE:AA:A6:CB:5A:C1:E8:09
ValidityFri, 15 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
37 kB (36996 bytes)
Hash
d363239a2a4517839c46a6700c4010aa
6ba1cc003122d4d8439535274d00db41bd77d8b6
9ea8e6cc74d22c85f072349ccbae36556c29a9534203b03c266103f466146aae

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 40/62

HTTP Headers

GET /z0mbie4c.zip HTTP/1.1
Host: z0mbie.dreamhosters.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 18 Dec 2016 17:04:26 GMT
etag: "9084-543f1cba13e5b"
accept-ranges: bytes
content-length: 36996
cache-control: max-age=172800
expires: Tue, 23 Jul 2024 20:57:57 GMT
vary: User-Agent
content-type: application/zip
date: Sun, 21 Jul 2024 20:57:57 GMT
server: Apache
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11988
Expires: Mon, 22 Jul 2024 00:17:47 GMT
Date: Sun, 21 Jul 2024 20:57:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11988
Expires: Mon, 22 Jul 2024 00:17:47 GMT
Date: Sun, 21 Jul 2024 20:57:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11988
Expires: Mon, 22 Jul 2024 00:17:47 GMT
Date: Sun, 21 Jul 2024 20:57:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11988
Expires: Mon, 22 Jul 2024 00:17:47 GMT
Date: Sun, 21 Jul 2024 20:57:59 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash