Report - loader.colortune.ru/Defender%20Control%20v2.1.zip

Report Overview

Visitedpublic

2025-01-29 22:27:20

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
loader.colortune.ru	unknown	2024-04-15	2025-01-29	2025-01-29	515 B	459 kB	45.130.41.108

No alerts detected

No alerts detected

No alerts detected

No alerts detected

No alerts detected

URL

loader.colortune.ru/Defender%20Control%20v2.1.zip

IP / ASN

45.130.41.108

#198610 Beget LLC

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size459 kB (458899 bytes)

MD5bfdecdb70bff7e8c8e70cc31e52cb4cb

SHA13d318d78cf5690c982eb9e3f229a1a4104dcd5cc

SHA25619165773f3d427afae5e5428d3265bd74262cd6323cee03ba8ff2d37e2f91e66

Archive (4)

Modified	Filename	Size	MD5	File type
2022-03-01 15:30	dControl.exe	458 kB	58008524a6473bdf86c1040a9a9e39c3	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
2022-12-15 11:43	dControl.ini	88 kB	05450ff06366ae22654b63a6e27d1624	Unicode text, UTF-16, little-endian text, with CRLF line terminators
2021-09-10 15:23	Defender_Settings.vbs	313 B	b0bf0a477bcca312021177572311e666	ASCII text, with CRLF line terminators
2022-03-01 17:18	ReadMe.txt	2.7 kB	8dbe87a9bf6342c4e2ea406fa86e76bb	Non-ISO extended-ASCII text, with CRLF line terminators

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects malware by known bad imphash or rich_pe_header_hash
Public InfoSec YARA rules	malware	Identifies Defender Control, used by attackers to disable Windows Defender.
VirusTotal	malicious	VirusTotal - Scan result 47/69

	URL	IP	Response	Size