Report - www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip

Report Overview

Submitted URL
www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip
IP
183.111.199.229
ASN
#4766 Korea Telecom
Submitted
2024-03-29 09:35:35
Access
public
Website Title
teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip
Final URL
www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.teamxhaust.com	unknown	unknown	No data	No data	1.6 kB	6.2 MB	183.111.199.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip?ckattempt=1
IP
183.111.199.229
ASN
#4766 Korea Telecom

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.1 MB (6125280 bytes)
Hash
f2d686aa7dbc7ba1e69a75b3ded7810c
496fd063f97124d96cffb464ffe4927f073a9f7b
24b4ee49ad418b525fb6a42a8a62f5c15627c194e53521bf2ba4e764f334c459

Archive (15)

Filename

Md5

File type

WdfCoInstaller01009.dll

4da5da193e0e4f86f6f8fd43ef25329a

PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections

silabenm.sys

8c61b219882c9c9eca09bedb82b0ddb1

PE32+ executable (native) x86-64, for MS Windows, 8 sections

silabser.sys

2641655fad6c1ea0f3677978e2bf28c1

PE32+ executable (native) x86-64, for MS Windows, 10 sections

WdfCoInstaller01009.dll

a9970042be512c7981b36e689c5f3f9f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

silabenm.sys

b1c99e4de2e07926c0fe4e41fde0880d

PE32 executable (native) Intel 80386, for MS Windows, 8 sections

silabser.sys

746a0d649e5c952a3e62ef98ea812090

PE32 executable (native) Intel 80386, for MS Windows, 9 sections

CP210xVCPInstaller_x64.exe

be3c79033fa8302002d9d3a6752f2263

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

CP210xVCPInstaller_x86.exe

30a0afee4aea59772db6434f1c0511ab

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

ReleaseNotes.txt

9db4d7d4fb3970342f2eeb40e73c5633

ASCII text, with CRLF line terminators

SLAB_License_Agreement_VCP_Windows.txt

6278966b61720342cfff6aaafc433928

ASCII text, with very long lines (935), with CRLF line terminators

dpinst.xml

869039ea5bd8ac4d25ffe350e9dc617f

XML 1.0 document, ASCII text, with CRLF line terminators

slabvcp.cat

befe6327722742cd1424b739bc8f5cfa

DER Encoded PKCS#7 Signed Data

slabvcp.inf

33ae925db013d95dd5ea91a9597a8020

Windows setup INFormation

PC_Download V1.0.10.exe

8ceddaca0b661c7c6309a8f5497fcee4

PE32 executable (GUI) Intel 80386, for MS Windows, 9 sections

tgputtylib.dll

cc661ec6f7a2394153f1dc2257b35432

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (2)

	URL	Size	First Seen	Last Seen
	www.teamxhaust.com/cupid.js	45 kB	2023-03-07	2024-04-21
Pretty URL www.teamxhaust.com/cupid.js IP 183.111.199.229 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:02 Last Seen2024-04-21 12:57:13 Times Seen1193 Hash 56f841dd82a8c486ad4e69593e9cf517 be98194094e26c06b01bb375cf00ee89998b9b6d 402622f24d30b687bbe409c14f0063bacbbd765fd3e7c22a8facd1be1c67e159 Loading...

	www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip	728 B	2024-03-29	2024-03-29
Pretty URL www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip IP 183.111.199.229 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:35:45 Last Seen2024-03-29 10:35:45 Times Seen1 Hash 88da79f3a29adbd9d88140e067aee739 053c5b92b124a3b537df4f3eee671d62b27f5e16 0ac568c30eb2cd70d7ab2255fbb49a56250f15a6978e3aa7a6f23ddcb7da8661 Loading...

HTTP Transactions (3)

	URL	IP	Response	Size
	www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip	183.111.199.229	200 OK	808 B
URL User Request GET HTTP/2 www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip IP 183.111.199.229:443 ASN #4766 Korea Telecom Certificate IssuerSectigo Limited Subjectwww.teamxhaust.com FingerprintA6:E8:FE:C1:CB:F1:46:AE:E9:55:F6:EA:85:EB:C9:24:87:23:64:01 ValidityMon, 24 Apr 2023 00:00:00 GMT - Tue, 23 Apr 2024 23:59:59 GMT File type HTML document, ASCII text, with very long lines (808), with no line terminators Size 808 B (808 bytes) Hash 79c26308753b5064cc8ab63b023efca2 2ed1cd7f7159970edf186bc1123e5d06599fe2d1 0d21a86ac35da07c9e33cd5d948e7ed207f163cb9eca18c78a88a0a955d834ed HTTP Headers `GET /wp-content/uploads/2022/03/DLP-V1.0.10.zip HTTP/1.1 Host: www.teamxhaust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Fri, 29 Mar 2024 09:35:08 GMT content-type: text/html content-length: 808 expires: Thu, 01 Jan 1970 00:00:01 GMT cache-control: no-cache X-Firefox-Spdy: h2`

	www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip?ckattempt=1	183.111.199.229	200 OK	6.1 MB
URL User Request GET HTTP/2 www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip?ckattempt=1 IP 183.111.199.229:443 ASN #4766 Korea Telecom Certificate IssuerSectigo Limited Subjectwww.teamxhaust.com FingerprintA6:E8:FE:C1:CB:F1:46:AE:E9:55:F6:EA:85:EB:C9:24:87:23:64:01 ValidityMon, 24 Apr 2023 00:00:00 GMT - Tue, 23 Apr 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 6.1 MB (6125280 bytes) Hash f2d686aa7dbc7ba1e69a75b3ded7810c 496fd063f97124d96cffb464ffe4927f073a9f7b 24b4ee49ad418b525fb6a42a8a62f5c15627c194e53521bf2ba4e764f334c459 HTTP Headers GET /wp-content/uploads/2022/03/DLP-V1.0.10.zip?ckattempt=1 HTTP/1.1 Host: www.teamxhaust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Fri, 29 Mar 2024 09:35:09 GMT content-type: application/zip content-length: 6125280 last-modified: Fri, 17 Jun 2022 09:05:36 GMT etag: "5d76e0-5e1a10eb31aa1" accept-ranges: bytes X-Firefox-Spdy: h2`

	www.teamxhaust.com/cupid.js	183.111.199.229	200 OK	45 kB
URL GET HTTP/2 www.teamxhaust.com/cupid.js IP 183.111.199.229:443 ASN #4766 Korea Telecom Requested by https://www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip Certificate IssuerSectigo Limited Subjectwww.teamxhaust.com FingerprintA6:E8:FE:C1:CB:F1:46:AE:E9:55:F6:EA:85:EB:C9:24:87:23:64:01 ValidityMon, 24 Apr 2023 00:00:00 GMT - Tue, 23 Apr 2024 23:59:59 GMT File type ASCII text Size 45 kB (44871 bytes) Hash 56f841dd82a8c486ad4e69593e9cf517 be98194094e26c06b01bb375cf00ee89998b9b6d 402622f24d30b687bbe409c14f0063bacbbd765fd3e7c22a8facd1be1c67e159 HTTP Headers `GET /cupid.js HTTP/1.1 Host: www.teamxhaust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.teamxhaust.com/wp-content/uploads/2022/03/DLP-V1.0.10.zip Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Fri, 29 Mar 2024 09:35:09 GMT content-type: application/javascript last-modified: Tue, 05 Apr 2016 07:24:47 GMT vary: Accept-Encoding etag: W/"5703683f-af47" content-encoding: gzip X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (15)

Detections

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers