{"report_id":"a594bb8e-58fa-4661-8d51-14ac51abb428","version":6,"status":"done","tags":[],"date":"2024-05-07T09:01:25Z","url":{"schema":"http","addr":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","fqdn":"www.appclickup.online","domain":"appclickup.online","tld":"online"},"ip":{"addr":"67.223.118.47","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T17:40:02Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.appclickup.online","ip":{"addr":"67.223.118.47","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":1,"received_data":18011299,"sent_data":520,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4236ada1b26122047c1a7744fbe8b5ee","sha1":"45bd82e0b09c36a43d93add7f7ea4ef79f36df34","sha256":"30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","sha512":"b1285a1cbdd2794df5896e05d211e5dbb8ea3c3a332f774cc869f96e81e74492850377e3d658a756ef74fe12f692b17edefb383093e4bff2657e29ca90dd5c56","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 9 sections","size":18011043,"url":{"schema":"https","addr":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","fqdn":"www.appclickup.online","domain":"appclickup.online","tld":"online"},"ip":{"addr":"67.223.118.47","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies executable converted using PyInstaller.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies VMProtect packer stub.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-05-01","description":"Identifies VMProtect packer stub.","fingerprint":"60278c38aaf4a92a81cdda628e85dc2670f1e95665fcfbac87f40b225a4a28c2","first_imported":"2021-12-30","id":"2mnOM2GhTL6NcFzr8Jt2RS","last_modified":"2021-12-30","rule":"VMProtectStub","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-05","alert":"Scan result 8/72","trigger":"30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies executable converted using PyInstaller.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies VMProtect packer stub.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-05-01","description":"Identifies VMProtect packer stub.","fingerprint":"60278c38aaf4a92a81cdda628e85dc2670f1e95665fcfbac87f40b225a4a28c2","first_imported":"2021-12-30","id":"2mnOM2GhTL6NcFzr8Jt2RS","last_modified":"2021-12-30","rule":"VMProtectStub","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","fqdn":"www.appclickup.online","domain":"appclickup.online","tld":"online"},"ip":{"addr":"67.223.118.47","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-07T09:00:52.571Z","timestamp":1715072452571,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"appclickup.online","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 03 May 2024 00:00:00 GMT","end":"Sat, 03 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A2:5C:9F:16:35:CC:44:A5:BD:1C:E1:50:AD:9A:72:6F:F9:D2:36:AF","sha256":"1B:47:94:DE:DA:B4:77:3E:66:A7:8F:88:AD:0F:27:40:E8:D8:6A:67:3B:2D:5F:F7:8A:F8:0F:9E:A5:C7:F2:18"}}},"request":{"raw":"GET /ClickUp_Free_Trial_30_day_release_x86_64.exe HTTP/1.1\r\nHost: www.appclickup.online\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/x-msdownload\r\nlast-modified: Thu, 28 Mar 2024 17:12:24 GMT\r\naccept-ranges: bytes\r\ncontent-length: 18011043\r\ndate: Tue, 07 May 2024 09:00:53 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18011043,"size_decoded":18011043,"mime_type":"application/x-msdownload","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 9 sections","md5":"4236ada1b26122047c1a7744fbe8b5ee","sha1":"45bd82e0b09c36a43d93add7f7ea4ef79f36df34","sha256":"30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","sha512":"b1285a1cbdd2794df5896e05d211e5dbb8ea3c3a332f774cc869f96e81e74492850377e3d658a756ef74fe12f692b17edefb383093e4bff2657e29ca90dd5c56","ssdeep":"196608:dDgW8l0sKYu/PaQtsI9iL4FMIZETSkjPePdrQJM93BMJg6x9iGvPoMut/X6e0yc6:W1LQtsTQETSkvJQCJGG4MUXx8AKORb","tlshash":"a20733c3b2a109f2d7a6017c920798585e32bc334b74f6db47f864a91de7594a83ef60","first_seen":"2024-05-04T20:26:36Z","last_seen":"2024-08-20T00:40:16.812592Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3834,"timings":{"blocked":381,"dns":1,"connect":163,"send":0,"wait":162,"receive":2906,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies executable converted using PyInstaller.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-05-07","alert":"Identifies VMProtect packer stub.","trigger":"www.appclickup.online/ClickUp_Free_Trial_30_day_release_x86_64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-05-01","description":"Identifies VMProtect packer stub.","fingerprint":"60278c38aaf4a92a81cdda628e85dc2670f1e95665fcfbac87f40b225a4a28c2","first_imported":"2021-12-30","id":"2mnOM2GhTL6NcFzr8Jt2RS","last_modified":"2021-12-30","rule":"VMProtectStub","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-05","alert":"Scan result 8/72","trigger":"30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/30c6456f3dfd9276ff64508fe45a35c230f0ef72072a3bb91c37802a73fcf732","meta":null}],"urlquery":null}}]}