{"report_id":"e14bd344-d3b0-458d-8bcc-9847c1de10ee","version":6,"status":"done","tags":[],"date":"2025-02-18T11:53:38Z","url":{"schema":"http","addr":"xmp.down.sandai.net/kankan/KankanSetup.exe","fqdn":"xmp.down.sandai.net","domain":"sandai.net","tld":"net"},"ip":{"addr":"101.226.28.234","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-29T11:53:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"xmp.down.sandai.net","ip":{"addr":"101.226.27.113","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2003-01-27","domain_rank":792916,"first_seen":"2012-07-21T19:59:11Z","last_seen":"2025-02-15T13:42:16.802159Z","alert_count":1,"request_count":1,"received_data":6933558,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"bbb504701bc497ea6bec288a089662e2","sha1":"0ed6e1b4ac34303a996840e6718887dd59c154f4","sha256":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","sha512":"7f9c1e622a8778c63c49adeea155c59d08bfe5cd08cdb78c26b4c20297a5931b3ecaa1face8af1efc87e72cc860b7a8a12027b59376e8d0ca0b48b058c0a7085","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":6932672,"url":{"schema":"https","addr":"xmp.down.sandai.net/kankan/KankanSetup.exe","fqdn":"xmp.down.sandai.net","domain":"sandai.net","tld":"net"},"ip":{"addr":"101.226.27.113","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-17","alert":"Scan result 4/72","trigger":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"bbb504701bc497ea6bec288a089662e2","sha1":"0ed6e1b4ac34303a996840e6718887dd59c154f4","sha256":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","sha512":"7f9c1e622a8778c63c49adeea155c59d08bfe5cd08cdb78c26b4c20297a5931b3ecaa1face8af1efc87e72cc860b7a8a12027b59376e8d0ca0b48b058c0a7085","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":6932672,"url":{"schema":"https","addr":"xmp.down.sandai.net/kankan/KankanSetup.exe","fqdn":"xmp.down.sandai.net","domain":"sandai.net","tld":"net"},"ip":{"addr":"101.226.27.113","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-17","alert":"Scan result 4/72","trigger":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xmp.down.sandai.net/kankan/KankanSetup.exe","fqdn":"xmp.down.sandai.net","domain":"sandai.net","tld":"net"},"ip":{"addr":"101.226.27.113","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-18T11:53:07.371Z","timestamp":1739879587371,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.down.sandai.net","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 04 Jul 2024 00:00:00 GMT","end":"Mon, 21 Jul 2025 23:59:59 GMT"},"fingerprint":{"sha1":"19:EC:A2:E4:79:96:5C:CC:BA:41:B0:BB:2B:D4:1A:C2:91:AE:6E:54","sha256":"D0:F4:B2:C8:D8:29:75:69:22:01:EB:BF:42:38:D2:D6:1D:6B:00:B5:28:91:8D:7F:F2:F2:2E:40:01:A2:CC:30"}}},"request":{"raw":"GET /kankan/KankanSetup.exe HTTP/1.1\r\nHost: xmp.down.sandai.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/x-msdownload\r\ncontent-length: 6932672\r\ndate: Sat, 01 Feb 2025 04:52:47 GMT\r\nx-oss-request-id: 679DA89FA0DD13333814B3CF\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\netag: \"BBB504701BC497EA6BEC288A089662E2\"\r\nlast-modified: Fri, 09 Apr 2021 08:55:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10073166178134028788\r\nx-oss-storage-class: Standard\r\nx-oss-meta-md5: bbb504701bc497ea6bec288a089662e2\r\nx-oss-server-time: 55\r\nvia: cache2.l2cn1827[0,0,206-0,H], cache14.l2cn1827[1,0], cache14.l2cn1827[1,0], ens-vcache7.cn5923[0,0,200-0,H], ens-vcache24.cn5923[13,0]\r\nage: 1494021\r\nali-swift-global-savetime: 1738385567\r\nx-cache: HIT TCP_HIT dirn:8:407228148 mlen:0\r\nx-swift-savetime: Sat, 01 Feb 2025 09:35:26 GMT\r\nx-swift-cachetime: 2575041\r\ntiming-allow-origin: *\r\neagleid: b4a3cf1d17398795882351546e\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6932672,"size_decoded":6932672,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"bbb504701bc497ea6bec288a089662e2","sha1":"0ed6e1b4ac34303a996840e6718887dd59c154f4","sha256":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","sha512":"7f9c1e622a8778c63c49adeea155c59d08bfe5cd08cdb78c26b4c20297a5931b3ecaa1face8af1efc87e72cc860b7a8a12027b59376e8d0ca0b48b058c0a7085","ssdeep":"98304:6yy9iAjpxwTUSWuS/eBPG/faHyqHE+6wfu3sNx+CHcuraErtP1mTtWGU09XGidIO:6LD8whXWBPJHEUfucNPdEQGUQbmMb","tlshash":"376633c6a177e0c7dd56e67e5af1b62631bf35909ba94123b1bdae8b093120c840cf5c","first_seen":"2023-06-19T12:35:38Z","last_seen":"2025-05-27T17:53:13.227586Z","times_seen":118,"resource_available":false,"data":null}},"time_used":7500,"timings":{"blocked":723,"dns":57,"connect":230,"send":0,"wait":298,"receive":5736,"ssl":453},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-17","alert":"Scan result 4/72","trigger":"75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/75dc066c10ff3630e1b6b34f7fe2dba9d4fe75ce2afed3132a27948ef2514b51","meta":null}],"urlquery":null}}]}