Report Overview

  1. Visited public
    2024-11-01 19:15:28
    Tags
  2. URL

    github.com/PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    140.82.121.3

    #36459 GITHUB

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
github.com14232007-10-092016-07-132024-10-30
objects.githubusercontent.com1340602014-02-062021-11-012024-10-30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Mnemonic Secure DNS

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    objects.githubusercontent.com/github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream

  2. IP

    185.199.108.133

  3. ASN

    #54113 FASTLY

  1. File type

    Zip archive data, at least v2.0 to extract, compression method=deflate

    Size

    7.2 MB (7213104 bytes)

  2. Hash

    4865097c4340b365430e409a282850b8

    60eee6312813a15205758d59e0f7c3918dd9d1f8

  1. Archive (91)

    2. FilenameMd5File type
    stage2.bin
    c976d00ec889926f2ac9fab2fd40ecfa
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    bca7c2f584489f552b37d0867812be2f
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    bca7c2f584489f552b37d0867812be2f
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    bca7c2f584489f552b37d0867812be2f
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    6b954dd1bab01a79c7f7033ae6d1fe71
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    6b954dd1bab01a79c7f7033ae6d1fe71
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    6b954dd1bab01a79c7f7033ae6d1fe71
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    stage2.bin
    0c43112d611c3723adb27010c28a5c52
    		DOS executable (COM), start instruction 0xe96e0700 00534889
    Wait for other FWs
    d41d8cd98f00b204e9800998ecf8427e
    Payload˵��readme.txt
    56812b74f96d715f779fecc5399862fe
    		Unicode text, UTF-8 text, with CRLF line terminators
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    payload.bin
    a09599036497c3554dd6a73fb71f7812
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    aeae08a07e580545066b5e28e208dd4f
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    4c6f0ccc08e5c7d6399d24e7817b7e3f
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    7bc8b565a82eddf7fe70b34311be86ac
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    9bf90ebe4f19699e41eaad1071392c6d
    		DOS executable (COM), start instruction 0xe9661000 00f30f1e
    goldhen.bin
    db7ed7262f90d2f9f8342b1ae57179f5
    		DOS executable (COM), start instruction 0xe9661000 00f30f1e
    GoldHEN vs VTX.png
    5fabbff85db7895beb2018b66d4c2e5a
    		PNG image data, 480 x 550, 8-bit/color RGBA, non-interlaced
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    goldhen.bin
    78c655db47c395434715fce94fa86743
    		DOS executable (COM), start instruction 0xe9861100 00f30f1e
    payload.bin
    259a2fbed349517939de90fd3cf102ca
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    259a2fbed349517939de90fd3cf102ca
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    259a2fbed349517939de90fd3cf102ca
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    bd70d7919dd2e0f8cb8df59c7e7bc413
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    bd70d7919dd2e0f8cb8df59c7e7bc413
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    bd70d7919dd2e0f8cb8df59c7e7bc413
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    db1de0517866663ec98ab0b99d2ce3ab
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    db1de0517866663ec98ab0b99d2ce3ab
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    5ef1339fe2741d12a31d68dd3050e8bd
    		DOS executable (COM), start instruction 0xe9940200 00f30f1e
    payload.bin
    d9f75cf066b06470b7b759f81fa87ef3
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    payload.bin
    540a9e6326a6001207fa3631b1c48275
    		DOS executable (COM), start instruction 0xe9970200 00f30f1e
    stage2.bin
    1ae8c6d283a37ff3168c3401ac4e86a0
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    bfd749cd25b34373ba0184dc16165f3e
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    1ae8c6d283a37ff3168c3401ac4e86a0
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    bfd749cd25b34373ba0184dc16165f3e
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    1ae8c6d283a37ff3168c3401ac4e86a0
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    bfd749cd25b34373ba0184dc16165f3e
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    ca16956520dc8ce111856491aff89917
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    43d399fb566f47eaf0f21ab51893b661
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    ca16956520dc8ce111856491aff89917
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    43d399fb566f47eaf0f21ab51893b661
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    3967e107d97c66571b425377dc90ba2b
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    9da51f25f4f326952350124f6289fa84
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    9da51f25f4f326952350124f6289fa84
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    bf4e3a7df4dd01a29300cb57c0323620
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    stage2.bin
    bf4e3a7df4dd01a29300cb57c0323620
    		DOS executable (COM), start instruction 0xe96e0100 00534889
    PPPwnGo.exe
    1f2e533441f0511252c4505c10143463
    		PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
    CPP_debug.ini
    4af5301123a3a8d83ee2367e8f101e78
    		Unicode text, UTF-8 text, with CRLF line terminators
    README.md
    9f4246fce21dcf5bbeb9df5308cd48eb
    		Unicode text, UTF-8 text
    ˵��.txt
    45fad2b9eb1d96a8380e480c0d3edc4c
    		Unicode text, UTF-8 text
    4.��װpip��˫����.bat
    58194b2a72727206780a3f6f0a1e51ae
    		ASCII text, with CRLF line terminators
    3.��װpython.txt
    e69c776da0a2dda5c3927a1205f05c0f
    		Unicode text, UTF-8 text, with CRLF line terminators
    2.add Python to Path.png
    d6cb744eaec2c33afc6ba4c3ed93a028
    		PNG image data, 400 x 378, 8-bit/color RGB, non-interlaced
    1.��װnpcap.txt
    699cdd28ed8cbc82f5f413bad33941cb
    		Unicode text, UTF-8 text, with CRLF line terminators
    5.��װscapy��˫����.bat
    f75b5994777a0da1a7fdcda28546f454
    		ASCII text, with CRLF, LF line terminators
    pppwn.py
    c1908b4da915c4908f9d35fac921b709
    		Python script, ASCII text executable
    offsets.py
    d2cff007676aa9ba533bb831b9a7dfa6
    		ASCII text
    pppwn.exe
    ba2c3b1abcde339d0597ea0e32619b59
    		PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
    pppwn.exe
    87fd8e2c384052e9bfba97a92e4cd308
    		PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
    pppwn.exe
    520f94f2f218bd549e0dc2fbb9201bc9
    		PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
    pppwn.exe
    199f3d26b818603f961b0995aa5271b4
    		PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
    Go_debug.ini
    415080b598b8e97f7a4da0314da57cd1
    		ASCII text, with CRLF line terminators
    ReadMe.txt
    01c189b3483685952ad05fb01c6400e1
    		Unicode text, UTF-8 text, with CRLF line terminators
    stage1.bin
    99b8083ac07bed4bf555f0ec02a7ffa4
    		data
    stage1.bin
    99b8083ac07bed4bf555f0ec02a7ffa4
    		data
    stage1.bin
    44f3cc05520077899c0cd51422811013
    		data
    stage1.bin
    44f3cc05520077899c0cd51422811013
    		data
    stage1.bin
    44f3cc05520077899c0cd51422811013
    		data
    stage1.bin
    565a3867eb66b0baafdeb812037c95f8
    		data
    stage1.bin
    1da7b4d77bcb45cbfef127c0b2892284
    		data
    stage1.bin
    1da7b4d77bcb45cbfef127c0b2892284
    		data
    stage1.bin
    1da7b4d77bcb45cbfef127c0b2892284
    		data
    stage1.bin
    8f8d7e2777d51905e5b4e15a27a38219
    		data
    stage1.bin
    8f8d7e2777d51905e5b4e15a27a38219
    		data
    stage1.bin
    8f8d7e2777d51905e5b4e15a27a38219
    		data
    stage1.bin
    896e8f979ea9621107546b49ec00ed86
    		data
    stage1.bin
    896e8f979ea9621107546b49ec00ed86
    		data
    stage1.bin
    896e8f979ea9621107546b49ec00ed86
    		data
    stage1.bin
    411aab2f9f2947d66286c9dd8c9b7a63
    		data
    stage1.bin
    411aab2f9f2947d66286c9dd8c9b7a63
    		data
    stage1.bin
    ab7db32dbe6c6e4e8f80d642a41f5d05
    		data
    stage1.bin
    e372c39870ae642dd32c28122f6727c9
    		data
    stage1.bin
    e372c39870ae642dd32c28122f6727c9
    		data
    stage1.bin
    57749fe2519d4b987da8a4291d1d9fd7
    		data
    stage1.bin
    57749fe2519d4b987da8a4291d1d9fd7
    		data
    stage1.bin
    57749fe2519d4b987da8a4291d1d9fd7
    		data

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
    Public Nextron YARA rulesmalware
    Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
    YARAhub by abuse.chmalware
    pe_detect_tls_callbacks
    YARAhub by abuse.chmalware
    pe_detect_tls_callbacks
    VirusTotalmalicious
    VirusTotal - Scan result 23/69

JavaScript (0)

HTTP Transactions (2)

URLIPResponseSize
github.com/PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip
140.82.121.3302 Found0 B
objects.githubusercontent.com/github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream
185.199.108.133200 OK7.2 MB