{"report_id":"a3b43856-fa13-4da4-bd08-1f45d7e0c8fe","version":6,"status":"done","tags":[],"date":"2026-03-09T19:40:53Z","url":{"schema":"http","addr":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","fqdn":"local5.yesmessenger.com","domain":"yesmessenger.com","tld":"com"},"ip":{"addr":"163.172.244.138","port":0,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"50c3beacf30e4c1c7780b57548093459","sha1":"48f6ce3535beef5f02c41506c1a51253fc7c68bf","sha256":"36989bcd2f84a675e8a91a9b27084f20ba142fb0b500e85ae8527c87fa3a5b4b","sha512":"4be4f628fcb17766cc07a49e80745099526e2887ff886d17ebebe2b823ee1f27aaa1837a125630c98498cce7af3d2a05eae1732645a961ddea04b6f4d170b94f","ssdeep":"","tlshash":"3b7146a514f1552b18a383a5de817b1bdf926a07cf8d6a807b9e00f22f97d54887f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","fqdn":"local5.yesmessenger.com","domain":"yesmessenger.com","tld":"com"},"ip":{"addr":"163.172.244.138","port":0,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-13T19:40:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-09","alert":"Detect files is `SliverFox` malware","trigger":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null},"summary":[{"fqdn":"local5.yesmessenger.com","ip":{"addr":"163.172.244.138","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"domain_registered":"2007-03-12","domain_rank":0,"first_seen":"2012-08-13T08:59:18Z","last_seen":"2026-01-30T06:51:11.222233Z","alert_count":1,"request_count":1,"received_data":7920170,"sent_data":536,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ec0a28c687fa963a076cd412d02d9674","sha1":"3caa8195bd727c9f4ebbff587afc45a3f8094a54","sha256":"773f9962306530db4a263e268abd785835c4d4746ee4ec389fc7088e9b306306","sha512":"889ba6af5bc65f17932d9c82015afc2d72018f920a40fa1e0944db8fd6820f1217fee61cc8d6617698ce4d37bc0d827993ad3757fbc3d7aa85f8aba806884b99","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":7919904,"url":{"schema":"https","addr":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","fqdn":"local5.yesmessenger.com","domain":"yesmessenger.com","tld":"com"},"ip":{"addr":"163.172.244.138","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-09","alert":"Detect files is `SliverFox` malware","trigger":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","fqdn":"local5.yesmessenger.com","domain":"yesmessenger.com","tld":"com"},"ip":{"addr":"163.172.244.138","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-09T19:40:28.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"local5.yesmessenger.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Feb 2026 12:13:03 GMT","end":"Mon, 04 May 2026 12:13:02 GMT"},"fingerprint":{"sha1":"93:BC:69:3B:23:E6:EB:C7:DD:EB:D7:3D:BF:78:07:AD:B3:CA:C9:6D","sha256":"2E:9A:E4:BA:7F:65:E9:2E:6D:17:68:D6:B4:42:C3:F3:E8:7E:A7:C3:CA:81:FC:6A:44:5A:4C:74:0D:01:0D:6E"}}},"request":{"raw":"GET /messenger/workset/update/4025/setup-4025.exe HTTP/1.1\r\nHost: local5.yesmessenger.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx\r\ndate: Mon, 09 Mar 2026 19:40:28 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 7919904\r\nlast-modified: Wed, 28 Jun 2017 12:10:20 GMT\r\netag: \"59539cac-78d920\"\r\nx-server: php6-9\r\naccept-ranges: bytes\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7919904,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"ec0a28c687fa963a076cd412d02d9674","sha1":"3caa8195bd727c9f4ebbff587afc45a3f8094a54","sha256":"773f9962306530db4a263e268abd785835c4d4746ee4ec389fc7088e9b306306","sha512":"889ba6af5bc65f17932d9c82015afc2d72018f920a40fa1e0944db8fd6820f1217fee61cc8d6617698ce4d37bc0d827993ad3757fbc3d7aa85f8aba806884b99","ssdeep":"24576:xeSkH4j8UFdHHRmXhIcAXQ4SII/Rmhd5tkU+D6P44o0n:xJk4jxFjNy/4pQ4o0n","tlshash":"9c2522213389e51add545bb6d8a2c27443bebf1502b0716b6fd13f2e32370c6d12ab69","first_seen":"2026-03-09T19:41:00.539761Z","last_seen":"2026-03-09T19:41:00.539761Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1178,"timings":{"blocked":84,"dns":18,"connect":28,"send":0,"wait":55,"receive":954,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-09","alert":"Detect files is `SliverFox` malware","trigger":"local5.yesmessenger.com/messenger/workset/update/4025/setup-4025.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}