{"report_id":"ad160fe1-d4cb-45ab-ac81-5c5b76ec5780","version":6,"status":"done","tags":[],"date":"2024-02-22T21:59:47Z","url":{"schema":"http","addr":"silica.codes/BedrockReverse/McTools/releases/download/v5/McTools%205.zip","fqdn":"silica.codes","domain":"silica.codes","tld":"codes"},"ip":{"addr":"209.141.61.156","port":0,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T23:28:47Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"silica.codes","ip":{"addr":"209.141.61.156","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"domain_registered":"2022-04-15","domain_rank":0,"first_seen":"2022-06-06 11:57:32","last_seen":"2024-02-11 02:49:21","alert_count":0,"request_count":1,"received_data":280070,"sent_data":526,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d3e6500d7bcd1f3f2ee1b15869e65e5a","sha1":"72cb3dbb8ad73503f2087b832be380b1cd9f3274","sha256":"d448d2f4a3c90cb4345f6661f5a1d25d4ceebf4f70a1f5d3841ed3d9d8d0aa67","sha512":"10330c53402be4072b7e1f20935312d103277cb28cdfcee0c2c94d116b0e1ba1cc05010bae94f68ff61f575789552a28dbc60c983fd140b6726992f4d7c16779","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":279350,"url":{"schema":"https","addr":"silica.codes/BedrockReverse/McTools/releases/download/v5/McTools%205.zip","fqdn":"silica.codes","domain":"silica.codes","tld":"codes"},"ip":{"addr":"209.141.61.156","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"archive":[{"path":"LibMcCrypt.dll","filename":"LibMcCrypt.dll","modified":"","Modified":"2024-01-24T09:22:06+13:00","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":24576,"md5":"ff7187e89821d3c521ea60786e94bbb4","sha1":"1ea097805f2dfe8a4ced4c3bace37cfa73b5b540","sha256":"1dd9aa06765939d8e9cf6dc5abed0661353eb3ed32176f6fd3591815ba2ed3e7","sha512":"e3b139af2e9b0e3e2947c03beca40eae2f2c348b9f8ffcf98e90360e2bc9530b74a32ae383cddc9de98eddf05b2b647292fb9f3a10caf137b02a051930ec6dff","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-02-16","alert":"Scan result 2/66","trigger":"1dd9aa06765939d8e9cf6dc5abed0661353eb3ed32176f6fd3591815ba2ed3e7","verdict":"suspicious","severity":"","comment":"suspicious - 2/66","link":"https://www.virustotal.com/gui/file/1dd9aa06765939d8e9cf6dc5abed0661353eb3ed32176f6fd3591815ba2ed3e7","meta":null}]}},{"path":"McDecryptor.exe","filename":"McDecryptor.exe","modified":"","Modified":"2024-01-24T09:22:06+13:00","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":21504,"md5":"dfc20a2b1716cb9fe01a7a486b62056e","sha1":"b2190233e4bf91e4a2a32648d45aee47396215c6","sha256":"88e0b466efb53673737491b7d66434c2e31d3de9b2d4080ff5b17b14556de588","sha512":"b0b3f45c988884dfc0fd6a71f2e7178af994bf7bf0e6255b6cfddbe428b707ba204956abcdfeee030ad4302e7b23ff1b17bc1ffcdff82539cae8c67d612a62b2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-02-17","alert":"Scan result 2/72","trigger":"88e0b466efb53673737491b7d66434c2e31d3de9b2d4080ff5b17b14556de588","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/88e0b466efb53673737491b7d66434c2e31d3de9b2d4080ff5b17b14556de588","meta":null}]}},{"path":"McEncryptor.exe","filename":"McEncryptor.exe","modified":"","Modified":"2024-01-24T09:21:52+13:00","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":10240,"md5":"d37cc2634caf33f62e1aba9979b104db","sha1":"a1c8254ae1db721b388c8d1690d1e6ff1b01a386","sha256":"7c4dd904441cec36050b9e1b41881855c0283b263c9ee2e7bc340b55a35c57fd","sha512":"8e69258962f47812ded7ee7d8498c0d6105c47b9350ba49faf4f23614300af9a747e75b414c6a9e8e3255e223b69ae1816eea73425c0a62ec66d8abc5080803e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-02-08","alert":"Scan result 1/67","trigger":"7c4dd904441cec36050b9e1b41881855c0283b263c9ee2e7bc340b55a35c57fd","verdict":"suspicious","severity":"","comment":"suspicious - 1/67","link":"https://www.virustotal.com/gui/file/7c4dd904441cec36050b9e1b41881855c0283b263c9ee2e7bc340b55a35c57fd","meta":null}]}},{"path":"Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"","Modified":"2024-01-24T08:31:58+13:00","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":701992,"md5":"081d9558bbb7adce142da153b2d5577a","sha1":"7d0ad03fbda1c24f883116b940717e596073ae96","sha256":"b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3","sha512":"2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"silica.codes/BedrockReverse/McTools/releases/download/v5/McTools%205.zip","fqdn":"silica.codes","domain":"silica.codes","tld":"codes"},"ip":{"addr":"209.141.61.156","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-02-22T21:59:22.477Z","timestamp":1708639162477,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"db.cbps.xyz","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jan 2024 06:39:26 GMT","end":"Mon, 22 Apr 2024 06:39:25 GMT"},"fingerprint":{"sha1":"1B:48:E6:51:D2:C6:2F:6F:18:51:63:C2:E6:9D:DD:8D:45:A5:84:7C","sha256":"E3:8E:22:79:09:7B:3D:A7:0E:EC:3D:86:E6:79:D1:4E:E5:3A:E9:0C:77:BA:8A:A7:C6:77:36:33:36:D0:5A:6C"}}},"request":{"raw":"GET /BedrockReverse/McTools/releases/download/v5/McTools%205.zip HTTP/1.1\r\nHost: silica.codes\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0 (Ubuntu)\r\ndate: Thu, 22 Feb 2024 21:59:22 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 279350\r\naccept-ranges: bytes\r\naccess-control-expose-headers: Content-Disposition\r\ncache-control: private, max-age=300\r\ncontent-disposition: inline; filename=\"McTools 5.zip\"; filename*=UTF-8''McTools%205.zip\r\netag: \"32f70b3d-1aaa-44a6-9289-05c552a60750\"\r\nlast-modified: Tue, 23 Jan 2024 20:24:43 GMT\r\nset-cookie: i_like_gitea=a0e8cdc8f227aa6b; Path=/; HttpOnly; Secure; SameSite=Lax\n_csrf=y6hvCKPtEvwtEeDzryaTNRTDh886MTcwODYzOTE2Mjk3NTgzNzEwMw; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":279350,"size_decoded":279350,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"d3e6500d7bcd1f3f2ee1b15869e65e5a","sha1":"72cb3dbb8ad73503f2087b832be380b1cd9f3274","sha256":"d448d2f4a3c90cb4345f6661f5a1d25d4ceebf4f70a1f5d3841ed3d9d8d0aa67","sha512":"10330c53402be4072b7e1f20935312d103277cb28cdfcee0c2c94d116b0e1ba1cc05010bae94f68ff61f575789552a28dbc60c983fd140b6726992f4d7c16779","ssdeep":"6144:Gx0wQt2pEm57PrwC7h7SjmH9r7mA2Kz233D3ZNXgPn18N:xcGyLuithz233D3v6n18N","tlshash":"ac54230ebd67651ec93c83f21311aa16d30c3fa2d9a12b8af0e444dd1ade694b76c375","first_seen":"2024-08-20T09:07:26.054135Z","last_seen":"2024-08-20T09:07:26.054135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1629,"timings":{"blocked":451,"dns":1,"connect":140,"send":0,"wait":154,"receive":570,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}