Report - anadius.su/attachments/sims-4-updater-v1.3.4.zip

Report Overview

Visited public
2024-09-09 09:38:56
Tags
URL
anadius.su/attachments/sims-4-updater-v1.3.4.zip
Finishing URL
about:privatebrowsing
IP / ASN
91.149.227.100
#200508 Sorok76 Ltd
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-08 18:13:16	327 B	887 B	23.36.76.226
anadius.su	unknown	2023-11-07	2023-11-13 23:06:05	2024-04-06 17:37:15	502 B	19 MB	91.149.227.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
anadius.su/attachments/sims-4-updater-v1.3.4.zip
IP
91.149.227.100
ASN
#200508 Sorok76 Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
19 MB (19016677 bytes)
Hash
8125960116e309efe3137455e6d5f6ad
b09d39b9b932774d500626859afa13a917a3e709
ee33e8d26f694622b27162513de9452f299d42fa7d946338c9625499c6de46d6

Archive (2)

Filename

Md5

File type

sims-4-updater-v1.3.4.exe

d34ce38d2811b4014dc5576d7671a780

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

updater_readme.txt

1ffc35a086d51279cedc683c24f033fc

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
VirusTotal	suspicious	VirusTotal - Scan result 1/67

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
010d9d76f2cffcde2776f30737ea6daa
8f2fbd4790c6a38d70f1e6d4be7b34a6cf562d70
5b0f8b959509a0ebd05f4fd4dca127683100ab3c79a154da1b78247ebf21ffda

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5B0F8B959509A0EBD05F4FD4DCA127683100AB3C79A154DA1B78247EBF21FFDA"
Last-Modified: Sat, 07 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7152
Expires: Mon, 09 Sep 2024 11:37:38 GMT
Date: Mon, 09 Sep 2024 09:38:26 GMT
Connection: keep-alive

anadius.su/attachments/sims-4-updater-v1.3.4.zip

91.149.227.100

200 OK

19 MB

URL User Request GET HTTP/2
anadius.su/attachments/sims-4-updater-v1.3.4.zip
IP
91.149.227.100:443
ASN
#200508 Sorok76 Ltd

Certificate
IssuerLet's Encrypt
Subjectanadius.su
Fingerprint40:B6:7B:9D:3A:4E:CE:9B:BF:A2:71:1C:D0:09:51:8F:1E:5E:DF:DF
ValiditySun, 08 Sep 2024 00:42:40 GMT - Sat, 07 Dec 2024 00:42:39 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
19 MB (19016677 bytes)
Hash
8125960116e309efe3137455e6d5f6ad
b09d39b9b932774d500626859afa13a917a3e709
ee33e8d26f694622b27162513de9452f299d42fa7d946338c9625499c6de46d6

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

HTTP Headers

GET /attachments/sims-4-updater-v1.3.4.zip HTTP/1.1
Host: anadius.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 09 Sep 2024 09:38:27 GMT
content-type: application/zip
content-length: 19016677
last-modified: Sun, 08 Sep 2024 21:29:31 GMT
etag: "66de173b-1222be5"
strict-transport-security: max-age=31536000;
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers