Report - www.dongasoft.co.kr/DTZIP/Tradetax.zip

Report Overview

Submitted URL
www.dongasoft.co.kr/DTZIP/Tradetax.zip
IP
211.117.60.49
ASN
#9318 SK Broadband Co Ltd
Submitted
2024-04-18 00:05:40
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.dongasoft.co.kr	unknown	2000-04-28	2022-06-20	2024-04-10	408 B	7.7 MB	211.117.60.49
normandy.cdn.mozilla.net	3562	1998-01-31	2017-01-30	2024-04-17	329 B	1.2 kB	35.201.103.21
classify-client.services.mozilla.com	3824	1994-10-18	2019-01-09	2024-04-17	357 B	344 B	34.98.75.36
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-17	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.dongasoft.co.kr/DTZIP/Tradetax.zip
IP
211.117.60.49
ASN
#9318 SK Broadband Co Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.7 MB (7690627 bytes)
Hash
37ba8db91328760acb386f758754f8a6
3f415490b5f4731e7064fff8f6c9f68560df44dd
e8491f00331d3c8c8d5d7a0bb6dce8ffabdd88b0ac7427b52d7f552ef0620387

Archive (12)

Filename

Md5

File type

BakUpDir.dll

b17f8c83e2a38964c71303d21207a597

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

DlsCalc.dll

7477342bcd58842ba51647a04b1cb5d2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

dlswuser.dll

e172ea07e4a5670a9594828e4945d459

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

DongaZip.dll

50152b84e37d3786b3d37566b5186148

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

dutyuser.dll

f1babe39abdb9c44470ec1c6b7265d41

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

dbxint30.dll

698d1315389c12f97a222078933f6bb9

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

midas.dll

f0812a35f455a95d99115c3578da5d2f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 7 sections

webnotice.dll

ef8cf1d929f703cde9a26cbbd2d1aa75

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

da4388-1.exe

c5cfbe66584692cb3f29ee4950547ebb

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

dSletcomy.dll

98feaf0e8a17439f03a637454f9c4057

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

dutyhelp.cds

0d0826e317221fc4603908630b61ef14

OpenPGP Secret Key

Tradetax.exe

f31cb2b9335c476120aaa80d45428f7c

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	www.dongasoft.co.kr/DTZIP/Tradetax.zip	211.117.60.49	200 OK	7.7 MB
URL User Request GET HTTP/1.1 www.dongasoft.co.kr/DTZIP/Tradetax.zip IP 211.117.60.49:80 ASN #9318 SK Broadband Co Ltd File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.7 MB (7690627 bytes) Hash 37ba8db91328760acb386f758754f8a6 3f415490b5f4731e7064fff8f6c9f68560df44dd e8491f00331d3c8c8d5d7a0bb6dce8ffabdd88b0ac7427b52d7f552ef0620387 HTTP Headers `GET /DTZIP/Tradetax.zip HTTP/1.1 Host: www.dongasoft.co.kr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 00:05:11 GMT Server: Apache/2.4.33 (Unix) PHP/7.4.33 Last-Modified: Thu, 11 Apr 2024 03:03:23 GMT ETag: "755983-615c965ee74c0" Accept-Ranges: bytes Content-Length: 7690627 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip`

	normandy.cdn.mozilla.net/api/v1/	35.201.103.21		598 B
URL normandy.cdn.mozilla.net/api/v1/ IP 35.201.103.21:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type JSON text data Size 598 B (598 bytes) Hash 3076f9a5cb273105528b893ff7111e41 b8990c145fe71b9a2410eea41a60a712b43b82bf 69c578fb0c03a28141a975833f660f4571e7991dc28ae7f9cead37672ee2c9b3 HTTP Headers `GET /api/v1/ HTTP/1.1 Host: normandy.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx content-length: 598 allow: GET, HEAD, OPTIONS content-security-policy: form-action 'self'; base-uri 'none'; default-src 'self' https://normandy.cdn.mozilla.net/; block-all-mixed-content; frame-src 'none'; object-src 'none'; worker-src 'none'; report-uri /__cspreport__ x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000 via: 1.1 google date: Wed, 17 Apr 2024 23:46:23 GMT cache-control: public, max-age=86400 content-type: application/json vary: Accept, Origin age: 1142 alt-svc: clear X-Firefox-Spdy: h2

	classify-client.services.mozilla.com/api/v1/classify_client/	34.98.75.36		64 B
URL classify-client.services.mozilla.com/api/v1/classify_client/ IP 34.98.75.36:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type JSON text data Size 64 B (64 bytes) Hash 36344670914e115ecaaf4f90c8a09565 a48410253516b1b00a739c426b4804e78539c865 2e53451178f40f21be76b3d1f3e9261f0040a24018bad3b978505bb6422254d7 HTTP Headers `GET /api/v1/classify_client/ HTTP/1.1 Host: classify-client.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Thu, 18 Apr 2024 00:05:25 GMT content-type: application/json content-length: 64 cache-control: max-age=0, no-cache, no-store, must-revalidate strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		5.8 kB
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type gzip compressed data, max speed, from Unix Size 5.8 kB (5759 bytes) Hash 52a1e40d3746c76b0167007994950370 6c5838f16f22c0778bc428242b26ca65bf64683c 5ca94e7f36b9452fe67eeaf4a9898c2003278f9f9151c572b2cc6178afff781a HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx date: Thu, 18 Apr 2024 00:05:31 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=6VfWF8dI2w6_bjREd4rtv51NrVC5k-lFTUzwcLvw1oLQckOQIeeCV6sCykvxwYsZh5SrMpkYIncEVsQEtk87BfpBAyFtY8xprjD0rGx6EXOLq0eAplFMkIFpy1zCeWAX strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (12)

Detections

JavaScript (0)

HTTP Transactions (4)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers