Report - downloads.thecrowhillcompany.com/ch-demon-drop-001/release/osx/Demon%20Drop%20001.zip

Report Overview

Submitted URL
downloads.thecrowhillcompany.com/ch-demon-drop-001/release/osx/Demon%20Drop%20001.zip
IP
54.230.111.3
ASN
#16509 AMAZON-02
Submitted
2024-04-26 10:07:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
downloads.thecrowhillcompany.com	unknown	2023-07-02	2023-10-18	2023-12-26	1.1 kB	2.4 MB	54.230.111.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
downloads.thecrowhillcompany.com/ch-demon-drop-001/1.0.0/a8d840a64a75b8c7/release/osx/Demon%20Drop%20001.zip
IP
54.230.111.3
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
2.4 MB (2409696 bytes)
Hash
3fade2d1e1102f0facc58d811780a6f5
d08c2f1af5d0891d0c737dbdde320c9105773922
d33e8100ae329588e5c5a5b644aec48be0a310a62bd60e701a276be1478fbb24

Archive (21)

Filename

Md5

File type

._Crow Hill Demon Drop 001 Downloader.app

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

._Contents

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

CodeResources

5c6d0bd30c1ff5c50c802f26686f2a2a

data

._CodeResources

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

.__CodeSignature

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

._MacOS

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

._Resources

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

Info.plist

98c7b0f97886b48b316c0a051d3f0f73

XML 1.0 document, ASCII text

._Info.plist

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

PkgInfo

23b7d7d024abb0f558420e098800bf27

ASCII text, with no line terminators

._PkgInfo

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

CodeResources

b765d501ee0a873706a310207c20707b

XML 1.0 document, ASCII text

._CodeResources

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

ujam Downloader

73af345915ddc0d85971386272f202ff

Mach-O universal binary with 2 architectures: [x86_64: - Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|PIE>] [ - arm64: - Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|PIE>]

._ujam Downloader

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

Icon.icns

530195071785da4b5e939383ed786d72

Mac OS X icon, 506816 bytes, "ic12" type

._Icon.icns

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

settings.json

df927ceb0aab66832bd75d6d2755ecb0

JSON text data

._settings.json

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

RecentFilesMenuTemplate.nib

4c02dcd43a33b77a74691f99d8f69517

Apple binary property list

._RecentFilesMenuTemplate.nib

288570d289418c85734f18718a8b75aa

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	downloads.thecrowhillcompany.com/ch-demon-drop-001/release/osx/Demon%20Drop%20001.zip	54.230.111.3	307 Temporary Redirect	0 B
URL User Request GET HTTP/2 downloads.thecrowhillcompany.com/ch-demon-drop-001/release/osx/Demon%20Drop%20001.zip IP 54.230.111.3:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjectdownloads.thecrowhillcompany.com Fingerprint2D:E1:F7:F5:33:7A:0C:2D:8D:FB:97:D7:AF:E5:23:CD:94:0B:CE:9B ValidityThu, 31 Aug 2023 00:00:00 GMT - Sat, 28 Sep 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ch-demon-drop-001/release/osx/Demon%20Drop%20001.zip HTTP/1.1 Host: downloads.thecrowhillcompany.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 307 Temporary Redirect content-length: 0 location: https://downloads.thecrowhillcompany.com/ch-demon-drop-001/1.0.0/a8d840a64a75b8c7/release/osx/Demon%20Drop%20001.zip server: CloudFront date: Fri, 26 Apr 2024 10:06:53 GMT x-cache: Miss from cloudfront via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: DdDTJGL4U3_1lPUTt0QUBaSyNmiZ_ycKBxcsoZjTxfrsL1nGEzn3Sg== vary: Origin X-Firefox-Spdy: h2`

	downloads.thecrowhillcompany.com/ch-demon-drop-001/1.0.0/a8d840a64a75b8c7/release/osx/Demon%20Drop%20001.zip	54.230.111.3	200 OK	2.4 MB
URL User Request GET HTTP/2 downloads.thecrowhillcompany.com/ch-demon-drop-001/1.0.0/a8d840a64a75b8c7/release/osx/Demon%20Drop%20001.zip IP 54.230.111.3:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjectdownloads.thecrowhillcompany.com Fingerprint2D:E1:F7:F5:33:7A:0C:2D:8D:FB:97:D7:AF:E5:23:CD:94:0B:CE:9B ValidityThu, 31 Aug 2023 00:00:00 GMT - Sat, 28 Sep 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 2.4 MB (2409696 bytes) Hash 3fade2d1e1102f0facc58d811780a6f5 d08c2f1af5d0891d0c737dbdde320c9105773922 d33e8100ae329588e5c5a5b644aec48be0a310a62bd60e701a276be1478fbb24 HTTP Headers GET /ch-demon-drop-001/1.0.0/a8d840a64a75b8c7/release/osx/Demon%20Drop%20001.zip HTTP/1.1 Host: downloads.thecrowhillcompany.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK content-type: application/octet-stream content-length: 2409696 date: Thu, 25 Apr 2024 20:26:51 GMT last-modified: Wed, 24 Apr 2024 16:34:44 GMT etag: "3fade2d1e1102f0facc58d811780a6f5" x-amz-server-side-encryption: AES256 x-amz-version-id: gFs77bs8B3IFzmvjozz6vtKVDx9v2Jek accept-ranges: bytes server: AmazonS3 x-cache: Hit from cloudfront via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: YyY4dOVZAF-SVw_EdCe7Q7KJjO6OPY5r0M1qpjU6PHnAnufzAVxedA== age: 49204 vary: Origin X-Firefox-Spdy: h2