{"report_id":"bc7a0ded-7a69-4d20-91b6-299724a7f51d","version":6,"status":"done","tags":[],"date":"2024-05-25T13:28:54Z","url":{"schema":"http","addr":"mimhax.netlify.app/Files/epicclicker.exe","fqdn":"mimhax.netlify.app","domain":"mimhax.netlify.app","tld":"netlify.app"},"ip":{"addr":"35.156.224.161","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T15:38:07Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mimhax.netlify.app","ip":{"addr":"18.192.231.252","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-05-08","domain_rank":0,"first_seen":"2023-02-03 21:00:16","last_seen":"2024-04-11 03:18:25","alert_count":2,"request_count":1,"received_data":520235,"sent_data":494,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0cf5030c9a297b27209f709adfe9fbf4","sha1":"7729225027bc2e541730844706671af4f92f537a","sha256":"ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","sha512":"9f46750c247a57a6a298ce242adba77f30634f2135bdd2c2e252bfd0e805fb28a9d47b83e11e16632c27845aa416de7ea89b19fb75d33c5c517e58578b895c39","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":519756,"url":{"schema":"https","addr":"mimhax.netlify.app/Files/epicclicker.exe","fqdn":"mimhax.netlify.app","domain":"mimhax.netlify.app","tld":"netlify.app"},"ip":{"addr":"18.192.231.252","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-05-25","alert":"files - file ~tmp01925d3f.exe","trigger":"mimhax.netlify.app/Files/epicclicker.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-31","alert":"Scan result 24/70","trigger":"ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","verdict":"malicious","severity":"","comment":"malicious - 24/70","link":"https://www.virustotal.com/gui/file/ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-05-25","alert":"files - file ~tmp01925d3f.exe","trigger":"mimhax.netlify.app/Files/epicclicker.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mimhax.netlify.app/Files/epicclicker.exe","fqdn":"mimhax.netlify.app","domain":"mimhax.netlify.app","tld":"netlify.app"},"ip":{"addr":"18.192.231.252","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-25T13:28:29.169Z","timestamp":1716643709169,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 15 Jan 2024 00:00:00 GMT","end":"Fri, 14 Feb 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B","sha256":"AA:4D:46:AE:95:9D:19:31:CE:8D:DC:9E:B0:3C:C0:53:C0:5E:DB:94:3D:04:AE:CC:96:15:B6:72:B6:07:A4:41"}}},"request":{"raw":"GET /Files/epicclicker.exe HTTP/1.1\r\nHost: mimhax.netlify.app\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 9568\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\ncontent-encoding: br\r\ncontent-type: application/x-dosexec\r\ndate: Sat, 25 May 2024 13:28:29 GMT\r\netag: \"d7a9469c9f972b1381d4f3d583f3866c-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01HYQZ0G8XCXCG09XSK1Y9ADBQ\r\ncontent-length: 519756\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":519756,"size_decoded":883200,"mime_type":"application/x-dosexec","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","md5":"0cf5030c9a297b27209f709adfe9fbf4","sha1":"7729225027bc2e541730844706671af4f92f537a","sha256":"ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","sha512":"9f46750c247a57a6a298ce242adba77f30634f2135bdd2c2e252bfd0e805fb28a9d47b83e11e16632c27845aa416de7ea89b19fb75d33c5c517e58578b895c39","ssdeep":"24576:hgZSDbofbDmWHcDwcWbU5X/55Hou5hZGKYnOiG:90mWHc83b+55HBKnOiG","tlshash":"de156b93f1418951cf1a1e394877bb6792323ce5bf1b838732c876192fb32d15a6d292","first_seen":"2023-07-20T10:19:17Z","last_seen":"2024-12-03T03:07:53.729501Z","times_seen":18,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":35,"dns":1,"connect":21,"send":0,"wait":23,"receive":118,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-05-25","alert":"files - file ~tmp01925d3f.exe","trigger":"mimhax.netlify.app/Files/epicclicker.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-31","alert":"Scan result 24/70","trigger":"ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","verdict":"malicious","severity":"","comment":"malicious - 24/70","link":"https://www.virustotal.com/gui/file/ebb81c4597db39a4f3f1eb518eec00c46db22fffda0ca8c3236b5d8d56cc17cd","meta":null}],"urlquery":null}}]}