Report - cdn.discordapp.com/attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916&

Report Overview

Visited public
2024-10-14 23:00:51
Tags
URL
cdn.discordapp.com/attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916&
Finishing URL
about:privatebrowsing
IP / ASN
162.159.129.233
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	unknown	No data	No data	1.3 kB	3.5 kB	23.36.77.32
cdn.discordapp.com	2474	unknown	No data	No data	635 B	1.1 MB	162.159.130.233
r11.o.lencr.org	unknown	unknown	No data	No data	981 B	2.7 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1111676 bytes)
Hash
c3fdccba20c9eeac27fcd7cef443cad4
f607a27ea5946e86525267c9e89a1e9fb2f5a307
3520e71b23327e387b28aa05b31467892d7ce4f1b8a23b6fcc3d0184f294d915

Archive (13)

Modified	Filename	Size	Md5	File type
2024-09-02 19:30	img1.png	754 kB	52e562d3c2d0867acb790f74a0d269ae	PNG image data, 2828 x 778, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	logo.ico	122 kB	f1ddbb5ca3a86816ac40bd423027a3b4	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
2024-09-02 19:30	ss1.png	15 kB	109c2bf6cd281b0352bff0c1d81d5267	PNG image data, 488 x 358, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	ss2.png	85 kB	b4280b32a59023abc4a2c5b0a43d8d5f	PNG image data, 893 x 559, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	ss3.png	104 kB	d95c3ff4874064a005474a74b2a45900	PNG image data, 621 x 826, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	ss4.png	64 kB	305375d7bb907a86327f4335d1120e85	PNG image data, 424 x 628, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	ss5.png	49 kB	efef37db823161665f30b8ee55e397f2	PNG image data, 675 x 328, 8-bit/color RGBA, non-interlaced
2024-09-02 19:30	LICENSE	7.0 kB	65d3616852dbf7b1a6d4b53b00626032	ASCII text
2024-09-02 19:30	README.md	5.0 kB	53df25a55afb6f02cf3b0573ffb536cb	Unicode text, UTF-8 text
2024-09-02 19:30	builder.pyw	2.9 kB	9446706bad747eeeedbc359f874cbe07	Python script, ASCII text executable
2024-09-02 19:30	cstealer.py	57 kB	ea43e227bb696283c4f8264bddf812c9	Python script, Unicode text, UTF-8 text executable, with very long lines (1281)
2024-09-02 19:30	install.bat	49 B	ebeaccf4443e852caac1dd62952d3c43	DOS batch file, ASCII text, with CRLF line terminators
2024-09-02 19:30	requirements.txt	94 B	56ceb4aca5474344f7419d2b20dae66e	ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 24/64

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8c678121da7ea2edc90ea014cf3552af
3d76ebd2a3aba8dab56e3c15310551e9b226e249
1839e2eb73c24c27fda8e6bf4715b73ce52cc1c059bd1dfd9b739e71409cda3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1839E2EB73C24C27FDA8E6BF4715B73CE52CC1C059BD1DFD9B739E71409CDA3B"
Last-Modified: Mon, 14 Oct 2024 08:07:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9185
Expires: Tue, 15 Oct 2024 01:33:28 GMT
Date: Mon, 14 Oct 2024 23:00:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4ef646b0e9b7327e4a942f9294833f80
292c5eafd5f9d4c35b11f0f3d456cdbe77e30c21
eb25c0ba5c8244185a6c004482f85ef91889d1f4f368d44bf009bb957e776f28

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB25C0BA5C8244185A6C004482F85EF91889D1F4F368D44BF009BB957E776F28"
Last-Modified: Sun, 13 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9360
Expires: Tue, 15 Oct 2024 01:36:23 GMT
Date: Mon, 14 Oct 2024 23:00:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
56575c1ee1a13dc9b3b9cbbbeb550407
818d2c9ecafa6e391ce4f19a4bd601b3d5531ccd
10541b95854d95ab545073ed31ff3473355942b1bf0038b86eac59c77d4854eb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "10541B95854D95AB545073ED31FF3473355942B1BF0038B86EAC59C77D4854EB"
Last-Modified: Mon, 14 Oct 2024 14:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9608
Expires: Tue, 15 Oct 2024 01:40:32 GMT
Date: Mon, 14 Oct 2024 23:00:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7d3f40edab25e8d6b700410399e281dd
5abaaed5e9ea61626fd4d67b7c817195302b43a8
5438ee24c6b0170e7fa46e12c21b8a3bac1eb29bc86b1810a267dd3c72ea95ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5438EE24C6B0170E7FA46E12C21B8A3BAC1EB29BC86B1810A267DD3C72EA95AE"
Last-Modified: Mon, 14 Oct 2024 06:24:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9289
Expires: Tue, 15 Oct 2024 01:35:13 GMT
Date: Mon, 14 Oct 2024 23:00:24 GMT
Connection: keep-alive

cdn.discordapp.com/attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916&

162.159.130.233

200 OK

1.1 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdiscordapp.com
FingerprintEB:36:1D:DB:1C:92:75:9E:03:34:F2:FF:41:82:24:82:1A:FF:E5:78
ValidityThu, 19 Sep 2024 03:35:19 GMT - Wed, 18 Dec 2024 03:35:18 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1111676 bytes)
Hash
c3fdccba20c9eeac27fcd7cef443cad4
f607a27ea5946e86525267c9e89a1e9fb2f5a307
3520e71b23327e387b28aa05b31467892d7ce4f1b8a23b6fcc3d0184f294d915

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 24/64

HTTP Headers

GET /attachments/1293030970009845790/1295521405303001209/cstealer-main.zip?ex=670ef3d4&is=670da254&hm=4b7d16bc9bc99168a6db0592f4897c282a61e3b1d934e5748c5547e382b80916& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Oct 2024 23:00:24 GMT
content-type: application/zip
content-length: 1111676
cf-ray: 8d2b2f743fa956bb-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="cstealer-main.zip"
etag: "c3fdccba20c9eeac27fcd7cef443cad4"
expires: Tue, 14 Oct 2025 23:00:24 GMT
last-modified: Mon, 14 Oct 2024 22:59:32 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1728946772712334
x-goog-hash: crc32c=Vhoufw==, md5=w/3MuiDJ7qwn/NfO9EPK1A==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1111676
x-guploader-uploadid: AHmUCY1Q2bxqj8681TOxtexvxuEKwHNFQCkQCZjV0McW4kCqs39BIuMbjto0Urf1GV90xW5eSrY
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tc6cgX5e6SpBEU9nqCkiBWIsucxESZZg5vi%2FGAVfSC%2FWEOw%2BIvKSv9dKBfJWi%2FRolhokQG1ELJOV2B9i90cIBCUtYnCGrG6EaAGFhiat54auONjsaYysgft0Kk36I5ZZi3UGEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=ajHI4b5KcZWur21QPkelCX168WtaiieYwg.faipB68Y-1728946824-1.0.1.1-HHK.2SBM0O2zl.ycoGtxLPi0a3VdPeXe6bjtmGl_7mkZ1x8ZRXoFh9iLjvJ4I3ixDyCz7OeMpKIox8.OtdKhyQ; path=/; expires=Mon, 14-Oct-24 23:30:24 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=C4ocYxVncf5mmg3ppJyamKLc3nLoeeNzvNq8nNxUlvk-1728946824969-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
df561bb5aeeed26ec80dd28ea6ab5558
8dac4b67fdf82b7930ebba64c35208d5ac84c861
8bad15fc800c4a5db18dd22633896b1443d4d691221d6f1662610e51ae6084b1

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8BAD15FC800C4A5DB18DD22633896B1443D4D691221D6F1662610E51AE6084B1"
Last-Modified: Sun, 13 Oct 2024 17:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10712
Expires: Tue, 15 Oct 2024 01:58:57 GMT
Date: Mon, 14 Oct 2024 23:00:25 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
df561bb5aeeed26ec80dd28ea6ab5558
8dac4b67fdf82b7930ebba64c35208d5ac84c861
8bad15fc800c4a5db18dd22633896b1443d4d691221d6f1662610e51ae6084b1

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8BAD15FC800C4A5DB18DD22633896B1443D4D691221D6F1662610E51AE6084B1"
Last-Modified: Sun, 13 Oct 2024 17:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10712
Expires: Tue, 15 Oct 2024 01:58:57 GMT
Date: Mon, 14 Oct 2024 23:00:25 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

200 OK

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
df561bb5aeeed26ec80dd28ea6ab5558
8dac4b67fdf82b7930ebba64c35208d5ac84c861
8bad15fc800c4a5db18dd22633896b1443d4d691221d6f1662610e51ae6084b1

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8BAD15FC800C4A5DB18DD22633896B1443D4D691221D6F1662610E51AE6084B1"
Last-Modified: Sun, 13 Oct 2024 17:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10712
Expires: Tue, 15 Oct 2024 01:58:57 GMT
Date: Mon, 14 Oct 2024 23:00:25 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash