Report Overview
Submitted URL
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-16 21:17:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
17
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
cdn.discordapp.com | 2474 | 2015-02-26 | 2015-08-24 | 2024-04-16 | 634 B | 2.4 MB | 162.159.133.233 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.4 MB (2407259 bytes)
Hash
43d94a96b1776bc15a34cd22ca0a31a2
d885eaf096f3bbccae3642d1b6b04fc88b81ba00
Archive (34)
Filename | Md5 | File type | ||||||
---|---|---|---|---|---|---|---|---|
SOLENOID-HWID-SPOOFER.cmd | fa447aa7489f3f8c8d0a1653c7e522f5 | DOS batch file, ASCII text, with CRLF line terminators | ||||||
1. Install TMACv6.0.7_Setup.exe | a7c8cf1d50ebe630a7d0c47686a0abbf
| PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections | ||||||
READ ME PLEASE.txt | d1fb342f3d318e241a1f5a8d2967513d | ASCII text, with CRLF line terminators | ||||||
MMOGA.url | 3146cd554b223f5425f8eeb73ca1fd22 | Generic INItialization configuration [InternetShortcut] | ||||||
MMOGAH.url | f7e17290359b067a5643677da12ca4be | Generic INItialization configuration [InternetShortcut] | ||||||
READ ME PLEASE.txt | 1a48b8b1f2515e9a3191c2f00fe50154 | ASCII text, with CRLF line terminators | ||||||
READ ME PLEASE.txt | 2523e4adbfa0525e4b517e0bebbce1a1 | ASCII text, with CRLF line terminators | ||||||
reset-all.exe | 3d47586c62bf61dac639d8cc1bf43ee7
| PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections | ||||||
restart.exe | 8242ce426ad462eff02edae1487a6949
| PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections | ||||||
restart64.exe | 297aa19bade534a791d053ca190b74ad
| PE32+ executable (GUI) x86-64, for MS Windows, 6 sections | ||||||
READ ME PLEASE.txt | 45c496cc57657e19a9b6fdaa19568a5e | ASCII text, with no line terminators | ||||||
USBDeview.cfg | 919177df19f3e61669dcc1c8f9034aa6 | ASCII text, with very long lines (487), with CRLF line terminators | ||||||
USBDeview.chm | 411e4fba3110e963a85ceaf46e8cedd2 | MS Windows HtmlHelp Data | ||||||
USBDeview.exe | 5c1729d2611fdcaeeadd238c1f0427c7
| PE32+ executable (GUI) x86-64, for MS Windows, 5 sections | ||||||
1. Uninstall the Game & Launcher.url | 1636d3ead6e23281333ceaf20e2a4b22
| Generic INItialization configuration [InternetShortcut] | ||||||
2. Delete Game,Launcher Folders.lnk | 0172d7a6c2810707c634975454c55604 | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Jun 18 20:51:11 2021, mtime=Fri Jul 9 08:02:06 2021, atime=Fri Jul 9 08:02:06 2021, length=8192, window=hide | ||||||
3. Delete Game,Launcher Folders.lnk | 8a417c65b8b4e1bb661f9a3f53409c28 | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Fri Jul 9 07:55:41 2021, atime=Fri Jul 9 07:55:33 2021, length=8192, window=hide | ||||||
4.1Delete Anything Related to Game and Launcher.lnk | 324534bf9c24314767c0721f32bb7c1b
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 06:37:57 2022, atime=Sun Mar 20 20:27:50 2022, length=4096, window=hide | ||||||
4.2 Delete Anything Related to Game and Launcher.lnk | ef5f327d00af23e11e65e946c251f024
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 07:02:13 2022, atime=Fri Mar 25 20:30:57 2022, length=8192, window=hide | ||||||
4.3 Delete Anything Related to Game and Launcher.lnk | bc078dedc8b1c5501a19479759f6dd20 | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:06:06 2022, atime=Mon Apr 4 14:27:04 2022, length=4096, window=hide | ||||||
4.4 Delete Anything Related to Game and Launcher.lnk | 1dc76a8666f8beed0a0a0726b04739d6 | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:06:45 2022, atime=Mon Apr 4 14:27:04 2022, length=12288, window=hide | ||||||
4.5 Delete Anything Related to Game and Launcher.lnk | 08ef09d3aa7edb2be07002d7fbbe0cbe
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 07:05:56 2022, atime=Sun Mar 20 20:27:57 2022, length=4096, window=hide | ||||||
4.6 Delete Anything Related to Game and Launcher.lnk | c52185fcfc800b32df1944a1c67b50e3 | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:07:26 2022, atime=Mon Apr 4 14:27:04 2022, length=12288, window=hide | ||||||
5. Open Registry Edit.lnk | 18e7d9e9256787d48e2f1988aeac01a1
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 6 13:52:34 2021, mtime=Wed Apr 6 16:59:20 2022, atime=Wed Oct 6 13:52:34 2021, length=370176, window=hide | ||||||
5.1 Locations to search in Registry.txt | 8928a7c1a2a575261f7cbd6f7a5b2ebd | ASCII text, with CRLF line terminators | ||||||
READ THIS FILE PLEASE.txt | a509ae973573140f17be5160bef0ff8d | ASCII text, with CRLF line terminators | ||||||
1. Registry Editor.lnk | 0e2092f136d0e7f155a6c688e34533dc
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 6 13:52:34 2021, mtime=Thu Apr 7 12:48:45 2022, atime=Wed Oct 6 13:52:34 2021, length=370176, window=hide | ||||||
2. Locations in Registry.txt | cfa2f0268d39cd32ccf768d315451778 | ASCII text, with CRLF line terminators | ||||||
3. GUID Generator Website.url | dc2726585a60180658c2fb0714e436b8 | Generic INItialization configuration [InternetShortcut] | ||||||
READ ME PLEASE.txt | 488e8a8011a1b78eb97bcb5a6921e575 | ASCII text, with CRLF line terminators | ||||||
1. Download NordVPN.url | 4dea1dbebe681d39c5ce2d2a7c27d0c5 | Generic INItialization configuration [InternetShortcut] | ||||||
READ ME PLEASE.txt | 60693d0f582782efee6c956af8490b06 | ASCII text, with CRLF line terminators | ||||||
1. Change Disk IDs.cmd | bd030282c3cb68b5c05cb962465669c3 | DOS batch file, ASCII text, with CRLF line terminators | ||||||
READ ME PLEASE.txt | 50bc60383c45b15bb32f3168dce065f9 | ASCII text, with CRLF line terminators |
Detections
Analyzer | Verdict | Alert |
---|---|---|
YARAhub by abuse.ch | malware | meth_get_eip |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd& | 162.159.133.233 | 200 OK | 2.4 MB | |||||||
Detections
HTTP Headers
| ||||||||||