Report Overview
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
qu.ax | unknown | 2019-10-23 | 2019-12-22 | 2024-04-16 | 467 B | 4.6 MB | 45.145.42.217 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-16 | medium | qu.ax | Sinkholed |
Quad9 DNS
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-16 | medium | qu.ax | Sinkholed |
ThreatFox
No alerts detected
Files detected
URL
qu.ax/qQYc.7z
IP
45.145.42.217
ASN
#58212 dataforest GmbH
File type
7-zip archive data, version 0.4
Size
4.6 MB (4610398 bytes)
Hash
119db9155df057d6d5939b1f1e8f6d81
38526a361ec7ecdb15f24c0da7f09baa3702904f
Archive (48)
Filename | Md5 | File type | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
adden | d41d8cd98f00b204e9800998ecf8427e | |||||||||||||||||||||||||
Sibille | d41d8cd98f00b204e9800998ecf8427e | |||||||||||||||||||||||||
Base64Gen.csproj.SuggestedBindingRedirects.cache | d41d8cd98f00b204e9800998ecf8427e | |||||||||||||||||||||||||
SimpleDownloader.csproj.SuggestedBindingRedirects.cache | d41d8cd98f00b204e9800998ecf8427e | |||||||||||||||||||||||||
CMichael.zip | 39a68a31e178abd4a35972f991ceeef1
| Zip archive data, at least v5.1 to extract, compression method=AES Encrypted | ||||||||||||||||||||||||
Form1.cs | 0be96a30062e0be7937dc914565ed71a
| C++ source, ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
App.config | 9dbad5517b46f41dbb0d8780b20ab87e | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.csproj | 945d387edf1c148c1d4dc0a07b0fbab3 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.exe.config | 9dbad5517b46f41dbb0d8780b20ab87e | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.pdb | ffeea9fb29621368913b595dea2f9e28 | MSVC program database ver 7.00, 512*43 bytes | ||||||||||||||||||||||||
.NETFramework,Version=v4.7.2.AssemblyAttributes.cs | 896ab120ac6b6af2895fdb71c452b9d3 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.csproj.AssemblyReference.cache | 5b9221dd37e96488b8df8e841b464c48 | VAX-order2 68k Blit mpx/mux executable | ||||||||||||||||||||||||
DesignTimeResolveAssemblyReferencesInput.cache | 1f80e80fd8dcaf784c4b70ec94e65d94 | data | ||||||||||||||||||||||||
.NETFramework,Version=v4.7.2.AssemblyAttributes.cs | 896ab120ac6b6af2895fdb71c452b9d3 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.csproj.AssemblyReference.cache | 5b9221dd37e96488b8df8e841b464c48 | VAX-order2 68k Blit mpx/mux executable | ||||||||||||||||||||||||
Base64Gen.csproj.CoreCompileInputs.cache | 75490d885f714cc95dda906f05358a16 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.csproj.FileListAbsolute.txt | d22a4691d7a63684588d4a263b8f50c4 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.pdb | ffeea9fb29621368913b595dea2f9e28 | MSVC program database ver 7.00, 512*43 bytes | ||||||||||||||||||||||||
DesignTimeResolveAssemblyReferencesInput.cache | 302f71c7661fcff51ad550099645c00d | data | ||||||||||||||||||||||||
Program.cs | 785042df81e4d484b17945ef852e31b0 | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
AssemblyInfo.cs | 7ab19ff36ca48a2099b4d5f0b2950867 | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.sln | f2b22c7e71c41cb655e88cd3cc4b2ac2 | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
Base64Gen.rar | b69cdd9b4b7f33d0a1cbab211ff7d080 | RAR archive data, v5 | ||||||||||||||||||||||||
App.config | 9dbad5517b46f41dbb0d8780b20ab87e | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
.NETFramework,Version=v4.7.2.AssemblyAttributes.cs | 896ab120ac6b6af2895fdb71c452b9d3 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
DesignTimeResolveAssemblyReferencesInput.cache | b5b8a348b4ff7d4ebfa39ea07cc36d90 | data | ||||||||||||||||||||||||
SimpleDownloader.csproj.AssemblyReference.cache | ec799fba32292c0240139687483944e5 | VAX-order2 68k Blit mpx/mux executable | ||||||||||||||||||||||||
.NETFramework,Version=v4.7.2.AssemblyAttributes.cs | 896ab120ac6b6af2895fdb71c452b9d3 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
DesignTimeResolveAssemblyReferencesInput.cache | abbaef5dd879a31d4dcedfb7c44721f2 | data | ||||||||||||||||||||||||
SimpleDownloader.csproj.AssemblyReference.cache | 1c9cb1b9485cf401f3f08803556abcf1 | VAX-order2 68k Blit mpx/mux executable | ||||||||||||||||||||||||
SimpleDownloader.csproj.CoreCompileInputs.cache | 6a92d8e714855f248708c43ffd253ca3 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
SimpleDownloader.csproj.FileListAbsolute.txt | 6816e6e7ee107bdfbf29d2919797d2d2 | ASCII text, with CRLF line terminators | ||||||||||||||||||||||||
SimpleDownloader.pdb | fc98864177e2fae25a0fd2a6964c559f | MSVC program database ver 7.00, 512*43 bytes | ||||||||||||||||||||||||
Program.cs | 9d4f879386c45980606c05fc13e11e74 | C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
AssemblyInfo.cs | c71482733f15db5c01c960b41128d71a | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
SimpleDownloader.csproj | 88d7f68c71781824c6c4b4b39b9b5e51 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
SimpleDownloader.sln | b89df129fbc758f57f586350e944d18c | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | ||||||||||||||||||||||||
SimpleDownloader.rar | a0f9c85b8a1083f64b9b6fac5fddb87f
| RAR archive data, v5 | ||||||||||||||||||||||||
taskhosts.zip | 46098b11f5335c0af50674e27e4972f6
| Zip archive data, at least v2.0 to extract, compression method=deflate | ||||||||||||||||||||||||
SearchHostsProtocol-cleaned.exe | de1dafead994c7e36ec3bf7143c73c44
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
SearchHostsProtocol.exe | 7dfbe85d482ef28e07485b965cb09866 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
Gaming.exe | 6865adb1abc8fda3468fa52a1be09a61
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
MicrosoftAI.exe | 5fc7db89b85994e024d4acaf348ecfd2
| PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections | ||||||||||||||||||||||||
Base64Gen.exe | 278b3e515d61260c72133f38fbc90cd6 | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
Base64Gen.exe | 278b3e515d61260c72133f38fbc90cd6 | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
SimpleDownloader.exe | 7092081a9cfc0db6e06c280bc3f2fd34
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
taskhosts-cleaned.exe | 6e5babe25aad66144dd2e15ab97bd38b
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections | ||||||||||||||||||||||||
taskhosts.exe | 0ce64dbeb75843557664292da5632ecc
| PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects suspicious PowerShell code that downloads from web sites |
YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
Public Nextron YARA rules | malware | Detects Quasar RAT |
Public Nextron YARA rules | malware | Detects Quasar RAT |
Public Nextron YARA rules | malware | Detects QuasarRAT malware |
Public Nextron YARA rules | malware | Detects Vermin Keylogger |
Public Nextron YARA rules | malware | Detects Patchwork malware |
Public Nextron YARA rules | malware | Detects malware from disclosed CN malware set |
Elastic Security YARA Rules | malware | Windows.Trojan.Quasarrat |
Public Nextron YARA rules | malware | Detects Quasar RAT |
JavaScript (0)
No Javascripts found
No Javascripts found
No Javascripts found
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
qu.ax/qQYc.7z | 45.145.42.217 | 200 OK | 4.6 MB | ||||||||||
Detections
HTTP Headers
| |||||||||||||