Report - class1004.dothome.co.kr/ClassTicket.exe

Report Overview

Visitedpublic

2025-05-28 22:03:35

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
class1004.dothome.co.kr	unknown	2004-03-05	2024-10-21	2025-05-28	423 B	1.2 MB	223.26.138.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-28 22:03:05	high	223.26.138.8	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-05-28	medium	class1004.dothome.co.kr/ClassTicket.exe	Detects an XORed URL in an executable

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

class1004.dothome.co.kr/ClassTicket.exe

IP / ASN

223.26.138.8

#38690 HyosungITX

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Size1.2 MB (1182208 bytes)

MD533b2c10781736afc9e2593a2d31a30af

SHA13882bd76493f68c8bf68409a6c2b9ea00b0414f7

SHA256b9a984dfe108a6cb2dc4d728216112bc84b93407449ae790b7de3de457d88170

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects an XORed URL in an executable
VirusTotal	malicious	VirusTotal - Scan result 34/71

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET class1004.dothome.co.kr/ClassTicket.exe

223.26.138.8

200 OK

1.2 MB

URL User Request GET HTTP

class1004.dothome.co.kr/ClassTicket.exe

IP / ASN

223.26.138.8

#38690 HyosungITX

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size1.2 MB (1182208 bytes)

MD533b2c10781736afc9e2593a2d31a30af

SHA13882bd76493f68c8bf68409a6c2b9ea00b0414f7

SHA256b9a984dfe108a6cb2dc4d728216112bc84b93407449ae790b7de3de457d88170

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects an XORed URL in an executable
VirusTotal	malicious	VirusTotal - Scan result 34/71
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /ClassTicket.exe HTTP/1.1
Host: class1004.dothome.co.kr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 28 May 2025 22:03:04 GMT
Server: Apache
Last-Modified: Tue, 29 Apr 2025 04:35:01 GMT
ETag: "120a00-633e352eafe16"
Accept-Ranges: bytes
Content-Length: 1182208
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream