Report Overview

  1. Submitted URL

    89.197.154.115/Meeting.exe

  2. IP

    89.197.154.115

    ASN

    #47474 Virtual1 Limited

  3. Submitted

    2024-09-05 04:23:17

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  1. urlquery

    0

  2. Network Intrusion Detection

    0

  3. Threat Detection Systems

    14

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
89.197.154.115unknownunknownNo dataNo data
r10.o.lencr.orgunknown2020-06-292024-06-062024-09-04

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium89.197.154.115/Meeting.exeCobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x
medium89.197.154.115/Meeting.exeDetects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
medium89.197.154.115/Meeting.exemeth_peb_parsing
medium89.197.154.115/Meeting.exeWindows.Trojan.Metasploit
medium89.197.154.115/Meeting.exeCobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium89.197.154.115Sinkholed
medium89.197.154.115Sinkholed

ThreatFox

No alerts detected


Files detected

  1. URL

    89.197.154.115/Meeting.exe

  2. IP

    89.197.154.115

  3. ASN

    #47474 Virtual1 Limited

  1. File type

    PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

    Size

    74 kB (73802 bytes)

  2. Hash

    1ebcc328f7d1da17041835b0a960e1fa

    adf1fe6df61d59ca7ac6232de6ed3c07d6656a8c

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Cobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x
    Public Nextron YARA rulesmalware
    Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
    YARAhub by abuse.chmalware
    meth_peb_parsing
    Elastic Security YARA Rulesmalware
    Windows.Trojan.Metasploit
    Google GCTI YARA rulesmalware
    Cobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x

JavaScript (0)

HTTP Transactions (5)

URLIPResponseSize
r10.o.lencr.org/
23.33.119.57 504 B
r10.o.lencr.org/
23.33.119.57 504 B
r10.o.lencr.org/
23.33.119.57 504 B
89.197.154.115/
89.197.154.115 608 B
89.197.154.115/Meeting.exe
89.197.154.115200 OK74 kB