Report - m5burner-cdn.m5stack.com/patch/202403071800-win.zip

Report Overview

Submitted URL
m5burner-cdn.m5stack.com/patch/202403071800-win.zip
IP
163.181.157.105
ASN
#24429 Zhejiang Taobao Network Co.,Ltd
Submitted
2024-03-29 07:08:38
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m5burner-cdn.m5stack.com	unknown	2015-12-14	2023-08-07	2023-12-21	505 B	15 MB	163.181.157.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
m5burner-cdn.m5stack.com/patch/202403071800-win.zip
IP
163.181.157.74
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
15 MB (15046290 bytes)
Hash
b0b948da79a468058be82c1ee321ba28
ea7bb696e703092ee95102760d38c866a9328b73
5e86213d439d6da0746372927cbac67d0ff906c2c40af03c3037e89d3384b41e

Archive (53)

Filename

Md5

File type

appVersion.info

5270d699813067b5f5efff8a0c2656fb

ASCII text, with no line terminators

burner_nvs.bin

9ac0cd7828f93947f95689b58ef645fe

data

esp32_board_identify.bin

f3b1b4d7b90c1aa371fe4992af7298cc

data

esptool.exe

b361962212faa57e3f0202ebc7833bc0

PE32+ executable (console) x86-64, for MS Windows, 7 sections

gen_esp32part.exe

85a7860935f410c742f2c57ef9253c39

PE32+ executable (console) x86-64, for MS Windows, 7 sections

3rdpartylicenses.txt

afe9ca64e55ec9b4fb11b4d9931aa961

ASCII text

iconfont.css

dd0f96409a76cc7cf6db69415657b2c5

ASCII text, with very long lines (4557), with CRLF line terminators

iconfont.eot

4cb02fe03a69403a3b12593f1d087e89

Embedded OpenType (EOT), iconfont family

iconfont.js

42591e04e76289f92d03c1bdf000732f

ASCII text, with very long lines (19895), with no line terminators

iconfont.json

a87fd799322234378cfa07394f7c469f

JSON text data

iconfont.svg

17266a98f2b4834b52ed16cc897dc10b

SVG Scalable Vector Graphics image

iconfont.ttf

414fed03b454d34582223b460cf3da22

TrueType Font data, 11 tables, 1st "GSUB", 18 names, Macintosh,

iconfont.woff

13be8e640397dfc4b193df6ab31d7c08

Web Open Font Format, TrueType, length 3992, version 1.0

iconfont.woff2

3d6d99bb05fd4ca7dcda3037ff5ce5e4

Web Open Font Format (Version 2), TrueType, length 3360, version 1.0

airq.png

cd3b9abb48fd480449bfcc5fe25f262e

PNG image data, 130 x 199, 8-bit/color RGBA, non-interlaced

atom.png

6adc55b89a3db4738b167ca65da20f1d

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

atom-matrix.png

4d3d4429838ae89ab37f082bf915b88c

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

atoms3.png

6d3ebdc64284b9d228432c810c754e66

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

capsule.png

c30545ccc8f86f40b894ad0f1b631c67

PNG image data, 200 x 200, 8-bit/color RGBA, interlaced

cardputer.png

2f0433e3f492576f90511788b0b63c39

PNG image data, 313 x 200, 8-bit/color RGBA, non-interlaced

core.png

68e4a48b59bad550d67c6d53296311ee

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

core2.png

a28085f23e9349e8a47059b7fcc1427d

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

coreInk.png

0c8d5de664a5716aaa98d8f7d3dfc4fb

PNG image data, 142 x 200, 8-bit/color RGBA, non-interlaced

cores3.png

1aa51375f231b6e9c9bb53555a13c20c

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

default.png

667349f23239f83ad5bd7fa8abe042c6

PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced

dial.png

9a0703360cdfc200ec3a17f3b4ffd074

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

dinmeter.png

d75b1f6c46cca209d7d6a727cf6d5c6c

PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced

fire.png

49ebc3cd5d07882d261707e447c4b47b

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

logo.png

ac9242e6e8cf6175e549a9f81cbb6869

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

paper.png

99e4d299769f929deca6960129f3e6f8

PNG image data, 114 x 200, 8-bit colormap, non-interlaced

pico.png

0b322c9305f46edf422e0c0ff3c2e28f

PNG image data, 147 x 200, 8-bit/color RGBA, non-interlaced

stamps3.png

9fce3290fc861c74cf596a4dd6ae9aaf

PNG image data, 281 x 400, 8-bit/color RGBA, non-interlaced

station.svg

9f35d764b826b52a0815b3a9544f5f20

SVG Scalable Vector Graphics image

stick-C.png

f57549305b338d27ba6cc9248ae6b8c1

PNG image data, 100 x 200, 8-bit/color RGBA, non-interlaced

stick-C-plus.png

5863909641323c62f5419b968a42f77c

PNG image data, 100 x 200, 8-bit/color RGBA, non-interlaced

stickv.png

351a21306d39c43ebc77682dc826d50e

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

timercam.png

2c7dde52eece3896bacbf8238f140d61

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

t-lite.png

08ac86679591af37e049d977449ea5ea

PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

tough.png

de727d2f38ec4159b2d8dc2f7ce5b2c7

PNG image data, 264 x 200, 8-bit/color RGBA, non-interlaced

uiflow_core.png

49227650d48fbafcf47b7611b9ddce7c

PNG image data, 500 x 400, 8-bit/color RGBA, non-interlaced

user-center.png

b92b9f66c2e602ecec682fb801327b68

PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced

color.dae87a04d07ca92b.png

c7a33805ffda0d32bd2a9904c8b02750

PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced

favicon.ico

6da2eeac432e6f36b31cb67a1ef6b9c2

MS Windows icon resource - 1 icon, 256x256, 32 bits/pixel

hue.8b1818380241e6ac.png

0614c27197fc3ce572e161840d23b2af

PNG image data, 17 x 150, 8-bit/color RGB, non-interlaced

index.html

53ccf8dcdc1b8b2bcee89900d4d82ade

HTML document, ASCII text, with very long lines (3383)

main.5733f2320b3819ea.js

89bbf94787420c0027274c925132aefa

JavaScript source, ASCII text, with very long lines (65536), with no line terminators

polyfills.6cafb2800f437793.js

c2d9a21060355f41c629fa5d4933c0bd

JavaScript source, ASCII text, with very long lines (37100), with no line terminators

primeicons.29151a741d66863a.woff

943c3597cd33be56d53df0d1982fa8ff

Web Open Font Format, TrueType, length 66720, version 1.0

primeicons.5f5d08cd089b4e5d.ttf

b29a888ff7f07091c7e08eb0d991e221

TrueType Font data, 11 tables, 1st "OS/2", 22 names, Macintosh

primeicons.76044b1c189cc4d7.svg

64b5d470af63a67aa9b9d3e8a866a35e

SVG Scalable Vector Graphics image

primeicons.964f445f3ea9db80.eot

e01fd4133bac49cd2ea07ad6f7c45695

Embedded OpenType (EOT), primeicons family

runtime.f3d5ad3484cea927.js

1f3f4994cf4f205c7aa59499a1931993

JavaScript source, ASCII text, with very long lines (1079), with no line terminators

styles.aede1890b543bf5a.css

0b93b3dace56bb223bf522ccd0c45c15

ASCII text, with very long lines (65536), with no line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
VirusTotal	suspicious	VirusTotal - Scan result 1/58

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

m5burner-cdn.m5stack.com/patch/202403071800-win.zip

163.181.157.74

200 OK

15 MB

URL User Request GET HTTP/1.1
m5burner-cdn.m5stack.com/patch/202403071800-win.zip
IP
163.181.157.74:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Certificate
IssuerDigiCert Inc
Subject*.m5stack.com
FingerprintA3:62:D2:94:82:00:6F:97:35:0C:82:BE:02:CF:27:0E:63:7E:60:73
ValidityWed, 07 Feb 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
15 MB (15046290 bytes)
Hash
b0b948da79a468058be82c1ee321ba28
ea7bb696e703092ee95102760d38c866a9328b73
5e86213d439d6da0746372927cbac67d0ff906c2c40af03c3037e89d3384b41e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/58

HTTP Headers

GET /patch/202403071800-win.zip HTTP/1.1
Host: m5burner-cdn.m5stack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/zip
Content-Length: 15046290
Connection: keep-alive
Date: Sun, 24 Mar 2024 09:47:19 GMT
x-oss-request-id: 65FFF6A79935E338378F047E
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "1952280CA2494274CD794148BC246C88-2"
Last-Modified: Thu, 07 Mar 2024 09:50:16 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 4508877797048685795
x-oss-storage-class: Standard
x-oss-server-time: 89
Ali-Swift-Global-Savetime: 1711273639
Via: cache23.l2de2[0,16,200-0,H], cache19.l2de2[19,0], ens-cache8.de7[0,0,200-0,H], ens-cache3.de7[0,0]
Age: 422450
X-Cache: HIT TCP_MEM_HIT dirn:13:122436851
X-Swift-SaveTime: Wed, 27 Mar 2024 22:43:29 GMT
X-Swift-CacheTime: 2286230
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: a3b5839717116960894423769e

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (53)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers