Report - qu.ax/qQYc.7z

Report Overview

Submitted URL
qu.ax/qQYc.7z
IP
45.145.42.217
ASN
#58212 dataforest GmbH
Submitted
2024-04-16 19:54:17
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
23

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qu.ax	unknown	2019-10-23	2019-12-22	2024-04-16	467 B	4.6 MB	45.145.42.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	qu.ax	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	qu.ax	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
qu.ax/qQYc.7z
IP
45.145.42.217
ASN
#58212 dataforest GmbH

File type
7-zip archive data, version 0.4
Size
4.6 MB (4610398 bytes)
Hash
119db9155df057d6d5939b1f1e8f6d81
38526a361ec7ecdb15f24c0da7f09baa3702904f
935ef7994ad0f2203fcefb534f4376134d2d27893ba49411ce8ec72dba26d384

Archive (48)

Filename

Md5

File type

adden

d41d8cd98f00b204e9800998ecf8427e

Sibille

d41d8cd98f00b204e9800998ecf8427e

Base64Gen.csproj.SuggestedBindingRedirects.cache

d41d8cd98f00b204e9800998ecf8427e

SimpleDownloader.csproj.SuggestedBindingRedirects.cache

d41d8cd98f00b204e9800998ecf8427e

CMichael.zip

39a68a31e178abd4a35972f991ceeef1

Zip archive data, at least v5.1 to extract, compression method=AES Encrypted

Form1.cs

0be96a30062e0be7937dc914565ed71a

C++ source, ASCII text, with CRLF line terminators

App.config

9dbad5517b46f41dbb0d8780b20ab87e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Base64Gen.csproj

945d387edf1c148c1d4dc0a07b0fbab3

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Base64Gen.exe.config

9dbad5517b46f41dbb0d8780b20ab87e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Base64Gen.pdb

ffeea9fb29621368913b595dea2f9e28

MSVC program database ver 7.00, 512*43 bytes

.NETFramework,Version=v4.7.2.AssemblyAttributes.cs

896ab120ac6b6af2895fdb71c452b9d3

ASCII text, with CRLF line terminators

Base64Gen.csproj.AssemblyReference.cache

5b9221dd37e96488b8df8e841b464c48

VAX-order2 68k Blit mpx/mux executable

DesignTimeResolveAssemblyReferencesInput.cache

1f80e80fd8dcaf784c4b70ec94e65d94

data

.NETFramework,Version=v4.7.2.AssemblyAttributes.cs

896ab120ac6b6af2895fdb71c452b9d3

ASCII text, with CRLF line terminators

Base64Gen.csproj.AssemblyReference.cache

5b9221dd37e96488b8df8e841b464c48

VAX-order2 68k Blit mpx/mux executable

Base64Gen.csproj.CoreCompileInputs.cache

75490d885f714cc95dda906f05358a16

ASCII text, with CRLF line terminators

Base64Gen.csproj.FileListAbsolute.txt

d22a4691d7a63684588d4a263b8f50c4

ASCII text, with CRLF line terminators

Base64Gen.pdb

ffeea9fb29621368913b595dea2f9e28

MSVC program database ver 7.00, 512*43 bytes

DesignTimeResolveAssemblyReferencesInput.cache

302f71c7661fcff51ad550099645c00d

data

Program.cs

785042df81e4d484b17945ef852e31b0

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

AssemblyInfo.cs

7ab19ff36ca48a2099b4d5f0b2950867

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Base64Gen.sln

f2b22c7e71c41cb655e88cd3cc4b2ac2

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Base64Gen.rar

b69cdd9b4b7f33d0a1cbab211ff7d080

RAR archive data, v5

App.config

9dbad5517b46f41dbb0d8780b20ab87e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

.NETFramework,Version=v4.7.2.AssemblyAttributes.cs

896ab120ac6b6af2895fdb71c452b9d3

ASCII text, with CRLF line terminators

DesignTimeResolveAssemblyReferencesInput.cache

b5b8a348b4ff7d4ebfa39ea07cc36d90

data

SimpleDownloader.csproj.AssemblyReference.cache

ec799fba32292c0240139687483944e5

VAX-order2 68k Blit mpx/mux executable

.NETFramework,Version=v4.7.2.AssemblyAttributes.cs

896ab120ac6b6af2895fdb71c452b9d3

ASCII text, with CRLF line terminators

DesignTimeResolveAssemblyReferencesInput.cache

abbaef5dd879a31d4dcedfb7c44721f2

data

SimpleDownloader.csproj.AssemblyReference.cache

1c9cb1b9485cf401f3f08803556abcf1

VAX-order2 68k Blit mpx/mux executable

SimpleDownloader.csproj.CoreCompileInputs.cache

6a92d8e714855f248708c43ffd253ca3

ASCII text, with CRLF line terminators

SimpleDownloader.csproj.FileListAbsolute.txt

6816e6e7ee107bdfbf29d2919797d2d2

ASCII text, with CRLF line terminators

SimpleDownloader.pdb

fc98864177e2fae25a0fd2a6964c559f

MSVC program database ver 7.00, 512*43 bytes

Program.cs

9d4f879386c45980606c05fc13e11e74

C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

AssemblyInfo.cs

c71482733f15db5c01c960b41128d71a

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

SimpleDownloader.csproj

88d7f68c71781824c6c4b4b39b9b5e51

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

SimpleDownloader.sln

b89df129fbc758f57f586350e944d18c

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

SimpleDownloader.rar

a0f9c85b8a1083f64b9b6fac5fddb87f

RAR archive data, v5

taskhosts.zip

46098b11f5335c0af50674e27e4972f6

Zip archive data, at least v2.0 to extract, compression method=deflate

SearchHostsProtocol-cleaned.exe

de1dafead994c7e36ec3bf7143c73c44

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SearchHostsProtocol.exe

7dfbe85d482ef28e07485b965cb09866

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Gaming.exe

6865adb1abc8fda3468fa52a1be09a61

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MicrosoftAI.exe

5fc7db89b85994e024d4acaf348ecfd2

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

Base64Gen.exe

278b3e515d61260c72133f38fbc90cd6

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Base64Gen.exe

278b3e515d61260c72133f38fbc90cd6

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SimpleDownloader.exe

7092081a9cfc0db6e06c280bc3f2fd34

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

taskhosts-cleaned.exe

6e5babe25aad66144dd2e15ab97bd38b

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

taskhosts.exe

0ce64dbeb75843557664292da5632ecc

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public Nextron YARA rules	malware	Detects Quasar RAT
Public Nextron YARA rules	malware	Detects Quasar RAT
Public Nextron YARA rules	malware	Detects QuasarRAT malware
Public Nextron YARA rules	malware	Detects Vermin Keylogger
Public Nextron YARA rules	malware	Detects Patchwork malware
Public Nextron YARA rules	malware	Detects malware from disclosed CN malware set
Elastic Security YARA Rules	malware	Windows.Trojan.Quasarrat
Public Nextron YARA rules	malware	Detects Quasar RAT

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

qu.ax/qQYc.7z

45.145.42.217

200 OK

4.6 MB

URL User Request GET HTTP/2
qu.ax/qQYc.7z
IP
45.145.42.217:443
ASN
#58212 dataforest GmbH

Certificate
IssuerLet's Encrypt
Subject*.qu.ax
Fingerprint82:9B:25:4F:F4:5A:4D:E3:20:F2:A0:49:24:38:BA:5B:66:4A:CB:6D
ValidityMon, 18 Mar 2024 05:21:34 GMT - Sun, 16 Jun 2024 05:21:33 GMT

File type
7-zip archive data, version 0.4
Size
4.6 MB (4610398 bytes)
Hash
119db9155df057d6d5939b1f1e8f6d81
38526a361ec7ecdb15f24c0da7f09baa3702904f
935ef7994ad0f2203fcefb534f4376134d2d27893ba49411ce8ec72dba26d384

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qQYc.7z HTTP/1.1
Host: qu.ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 19:51:40 GMT
content-type: application/x-7z-compressed
content-length: 4610398
last-modified: Sat, 24 Jun 2023 11:39:43 GMT
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=604800
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (48)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers