{"report_id":"da33c358-4631-4954-8edb-a4f324b3b773","version":6,"status":"done","tags":[],"date":"2024-11-29T10:52:35Z","url":{"schema":"http","addr":"updatebrowser.cloud/UpdateBrowserExt.exe","fqdn":"updatebrowser.cloud","domain":"updatebrowser.cloud","tld":"cloud"},"ip":{"addr":"172.67.146.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T10:52:35Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"updatebrowser.cloud","ip":{"addr":"172.67.146.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2024-11-19","domain_rank":0,"first_seen":"2024-11-25T03:19:53.285852Z","last_seen":"2024-11-25T03:19:53.285852Z","alert_count":2,"request_count":1,"received_data":643417,"sent_data":494,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"5d6fed42a4eea8091d4f8b6ba5243377","sha1":"ff6098a81430bd4b52707e94e77fdd9f49a35224","sha256":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","sha512":"eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":642448,"url":{"schema":"https","addr":"updatebrowser.cloud/UpdateBrowserExt.exe","fqdn":"updatebrowser.cloud","domain":"updatebrowser.cloud","tld":"cloud"},"ip":{"addr":"172.67.146.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"updatebrowser.cloud/UpdateBrowserExt.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 4/71","trigger":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","verdict":"suspicious","severity":"","comment":"suspicious - 4/71","link":"https://www.virustotal.com/gui/file/24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"5d6fed42a4eea8091d4f8b6ba5243377","sha1":"ff6098a81430bd4b52707e94e77fdd9f49a35224","sha256":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","sha512":"eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":642448,"url":{"schema":"https","addr":"updatebrowser.cloud/UpdateBrowserExt.exe","fqdn":"updatebrowser.cloud","domain":"updatebrowser.cloud","tld":"cloud"},"ip":{"addr":"172.67.146.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"updatebrowser.cloud/UpdateBrowserExt.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 4/71","trigger":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","verdict":"suspicious","severity":"","comment":"suspicious - 4/71","link":"https://www.virustotal.com/gui/file/24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"updatebrowser.cloud/UpdateBrowserExt.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"updatebrowser.cloud/UpdateBrowserExt.exe","fqdn":"updatebrowser.cloud","domain":"updatebrowser.cloud","tld":"cloud"},"ip":{"addr":"172.67.146.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T10:52:10.326Z","timestamp":1732877530326,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"updatebrowser.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 21 Nov 2024 18:20:42 GMT","end":"Wed, 19 Feb 2025 18:20:41 GMT"},"fingerprint":{"sha1":"E2:E1:C4:1A:DB:0E:FE:F7:19:03:C6:62:7E:EE:85:C8:0A:31:D4:03","sha256":"69:DE:43:94:89:DC:1E:4D:87:73:A0:33:24:21:5D:28:D6:73:8F:60:C9:E3:E4:44:72:D3:3B:AE:38:6D:2A:E3"}}},"request":{"raw":"GET /UpdateBrowserExt.exe HTTP/1.1\r\nHost: updatebrowser.cloud\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 Nov 2024 10:52:11 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 642448\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 21 Nov 2024 06:27:21 GMT\r\netag: W/\"9cd90-1934d676128\"\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tVllG4yWlIHX%2FWq8ve6SJaHoTeqoHtEYYPUIYyBazLFYsIUNyLbn9CS4eFAC0Vg86%2Fn0UWXx4gd8m%2Fix7XBlxmilEtGrOpYf9obmh1S2M7bBKEoABsqVjK7%2FgaxxjQN6SYsgA%2FVq\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8ea20bf4f811b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=21936\u0026min_rtt=16507\u0026rtt_var=12765\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3221\u0026recv_bytes=1135\u0026delivery_rate=260822\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=ca7c06d676aba0f7\u0026ts=723\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":642448,"size_decoded":642448,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"5d6fed42a4eea8091d4f8b6ba5243377","sha1":"ff6098a81430bd4b52707e94e77fdd9f49a35224","sha256":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","sha512":"eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c","ssdeep":"12288:XLQft2pgqmIqZyLPNixqE14mIETkTzvXDT+EuMgZbsBJmh/5rLRhXl:7rgRIqZyLPNcq69O7TSSBJm7vV","tlshash":"70d4f1217a12c433d687027265a4cffd59bca5315ba268cfa3d41b39ef606c25732d2b","first_seen":"2024-11-25T03:19:56.724889Z","last_seen":"2024-12-03T04:18:45.991876Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1346,"timings":{"blocked":70,"dns":14,"connect":17,"send":0,"wait":701,"receive":503,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"files - file ~tmp01925d3f.exe","trigger":"updatebrowser.cloud/UpdateBrowserExt.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 4/71","trigger":"24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","verdict":"suspicious","severity":"","comment":"suspicious - 4/71","link":"https://www.virustotal.com/gui/file/24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a","meta":null}],"urlquery":null}}]}