{"report_id":"d36106f7-4c27-4ef3-83e2-46d469e6d772","version":6,"status":"done","tags":[],"date":"2025-02-27T13:05:40Z","url":{"schema":"http","addr":"kun-private.top/uploads/kun-public-31.zip","fqdn":"kun-private.top","domain":"kun-private.top","tld":"top"},"ip":{"addr":"104.21.68.119","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-05-08T13:05:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"kun-private.top","ip":{"addr":"172.67.195.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-13","domain_rank":0,"first_seen":"2023-07-11T15:45:47Z","last_seen":"2024-03-04T12:56:21Z","alert_count":1,"request_count":1,"received_data":7336520,"sent_data":507,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"11f75564c084e924ff0efa9fd5fd8879","sha1":"85a780635f60195085299540df5a838883f4c936","sha256":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","sha512":"1445a4c5f9c45cbdc4adedb909ace119f25d89e8909808e92f9a4359f93a8c46479bee764c3548b962ab04b88459661c446493102485f580381d32737c01416f","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":7335595,"url":{"schema":"https","addr":"kun-private.top/uploads/kun-public-31.zip","fqdn":"kun-private.top","domain":"kun-private.top","tld":"top"},"ip":{"addr":"172.67.195.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"KunLauncher.exe","filename":"KunLauncher.exe","modified":"2024-12-11T11:32:46+08:00","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":7468032,"md5":"009b9f450fcbc0fa67b763671172773e","sha1":"a60e79496ca0a8d220c04ddf9395effd58828d24","sha256":"698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","sha512":"aec29338d16ad081514bff91b3a38630fb715b40ca441d3dc70f254aef3de8f53fddef9c4573de8ea30d2d124b648de47783667958891252415b07072d358768","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-04","alert":"Scan result 46/71","trigger":"698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","verdict":"malicious","severity":"","comment":"malicious - 46/71","link":"https://www.virustotal.com/gui/file/698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","meta":null}]}},{"path":"run KunLauncher.exe and F1 show menu.txt","filename":"run KunLauncher.exe and F1 show menu.txt","modified":"2023-02-18T16:55:14+08:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"run KunLauncher.exe with path.bat","filename":"run KunLauncher.exe with path.bat","modified":"2023-07-26T20:17:02+08:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"efd599e9beddc3f0dddf1e70731a3096","sha1":"76d1293a837a453a445725efe4d6fa977726612c","sha256":"27b9c22a69678270f03bb0d7899e416ea3a57a39fd342c8504205a9b23c23ead","sha512":"e61b6fe56b252ef4a0d33e5393f20ebca4addde68021ec493235bb0b5a01b994adf8a45a2fb2f0df1cea54ed790ff571e949ce3cae3b4667f7d8fa3e296f3674","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-27","alert":"Scan result 35/68","trigger":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","verdict":"malicious","severity":"","comment":"malicious - 35/68","link":"https://www.virustotal.com/gui/file/356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"11f75564c084e924ff0efa9fd5fd8879","sha1":"85a780635f60195085299540df5a838883f4c936","sha256":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","sha512":"1445a4c5f9c45cbdc4adedb909ace119f25d89e8909808e92f9a4359f93a8c46479bee764c3548b962ab04b88459661c446493102485f580381d32737c01416f","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":7335595,"url":{"schema":"https","addr":"kun-private.top/uploads/kun-public-31.zip","fqdn":"kun-private.top","domain":"kun-private.top","tld":"top"},"ip":{"addr":"172.67.195.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"KunLauncher.exe","filename":"KunLauncher.exe","modified":"2024-12-11T11:32:46+08:00","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":7468032,"md5":"009b9f450fcbc0fa67b763671172773e","sha1":"a60e79496ca0a8d220c04ddf9395effd58828d24","sha256":"698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","sha512":"aec29338d16ad081514bff91b3a38630fb715b40ca441d3dc70f254aef3de8f53fddef9c4573de8ea30d2d124b648de47783667958891252415b07072d358768","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-04","alert":"Scan result 46/71","trigger":"698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","verdict":"malicious","severity":"","comment":"malicious - 46/71","link":"https://www.virustotal.com/gui/file/698d7eac5bf1215f2bdf6e46b8d5975f0542e0afd7e218baba497b3d68e573d5","meta":null}]}},{"path":"run KunLauncher.exe and F1 show menu.txt","filename":"run KunLauncher.exe and F1 show menu.txt","modified":"2023-02-18T16:55:14+08:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"run KunLauncher.exe with path.bat","filename":"run KunLauncher.exe with path.bat","modified":"2023-07-26T20:17:02+08:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"efd599e9beddc3f0dddf1e70731a3096","sha1":"76d1293a837a453a445725efe4d6fa977726612c","sha256":"27b9c22a69678270f03bb0d7899e416ea3a57a39fd342c8504205a9b23c23ead","sha512":"e61b6fe56b252ef4a0d33e5393f20ebca4addde68021ec493235bb0b5a01b994adf8a45a2fb2f0df1cea54ed790ff571e949ce3cae3b4667f7d8fa3e296f3674","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-27","alert":"Scan result 35/68","trigger":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","verdict":"malicious","severity":"","comment":"malicious - 35/68","link":"https://www.virustotal.com/gui/file/356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kun-private.top/uploads/kun-public-31.zip","fqdn":"kun-private.top","domain":"kun-private.top","tld":"top"},"ip":{"addr":"172.67.195.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-27T13:05:09.695Z","timestamp":1740661509695,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kun-private.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 21 Feb 2025 17:59:44 GMT","end":"Thu, 22 May 2025 18:57:14 GMT"},"fingerprint":{"sha1":"74:4F:61:E9:75:AB:0B:AE:3F:EB:3C:C5:AD:6F:1C:BD:E2:EC:3B:0B","sha256":"F3:B9:8E:DB:AF:EA:3A:EB:26:66:CE:29:A8:8C:DD:AD:89:21:15:48:7E:F1:2F:D6:04:E6:AE:6D:89:EF:A9:E2"}}},"request":{"raw":"GET /uploads/kun-public-31.zip HTTP/1.1\r\nHost: kun-private.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Feb 2025 13:05:10 GMT\r\ncontent-type: application/zip\r\ncontent-length: 7335595\r\nlast-modified: Thu, 12 Dec 2024 03:35:42 GMT\r\netag: \"675a5a0e-6feeab\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=EyaF5m%2BrrTHvBv%2B4skNEa5rns7DnpeM1XevpDhl%2BylOO4EXyV1V5XlRpD0OU0hVEWzGZzB3j86IMSheD7Q9xr9reDE1R9WLiIOAxsDVPNo%2Bd%2FAc%2Fmry8QMRv1Hed6lRHEgY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 91886283cbe31c12-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=5823\u0026min_rtt=547\u0026rtt_var=10587\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3212\u0026recv_bytes=1143\u0026delivery_rate=6819466\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=33fd5abf8af2aef3\u0026ts=1192\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7335595,"size_decoded":7335595,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"11f75564c084e924ff0efa9fd5fd8879","sha1":"85a780635f60195085299540df5a838883f4c936","sha256":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","sha512":"1445a4c5f9c45cbdc4adedb909ace119f25d89e8909808e92f9a4359f93a8c46479bee764c3548b962ab04b88459661c446493102485f580381d32737c01416f","ssdeep":"196608:SvaRA10QpkhNWHuOIYTzpjrXmY3Nfa+41qPZx3ccK:SCRA10QpG4/IYJjCY3Fa+eqPnscK","tlshash":"637633fa7462db230f6d0a52bbc826d57146396017c1965f3231b3b3a93deb93f12162","first_seen":"2025-02-27T13:05:48.764238Z","last_seen":"2025-02-27T13:05:48.764238Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3322,"timings":{"blocked":31,"dns":10,"connect":1,"send":0,"wait":1171,"receive":2085,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-27","alert":"Scan result 35/68","trigger":"356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","verdict":"malicious","severity":"","comment":"malicious - 35/68","link":"https://www.virustotal.com/gui/file/356dbcad80a68d71e7890089f19d85f698b81a49da6ac593088c60b47e6c8a3a","meta":null}],"urlquery":null}}]}