Report Overview
Submitted URL
bitbucket.org/fdfffdfdd/sasa/downloads/crypted.exe
IP
104.192.141.1
ASN
#16509 AMAZON-02
Submitted
2024-04-20 14:22:26
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
bitbucket.org | 13657 | 1997-11-24 | 2012-05-21 | 2024-03-15 | 504 B | 4.6 kB | 104.192.141.1 |
bbuseruploads.s3.amazonaws.com | 419617 | 2005-08-18 | 2014-05-24 | 2024-04-18 | 1.6 kB | 325 kB | 52.216.88.83 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-20 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNAR3LNHX&Signature=w1bMjPMNY%2FGb6nnLMU5ACgUvcQg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGY7hOh%2B0iLcXNXKo6%2FVGe5VlbtpgPKuNvi6ccDq3E1SAiBbCp2czNfe4NHT0g0YV3dqAiN6sZee%2BDHvUSER3ltVhiqnAggvEAAaDDk4NDUyNTEwMTE0NiIMcTt%2B4h3tJ7ZnEWyWKoQCfPtgvbxPeAuy1EAu8RbEmV%2Bzg78ZqHSYxdDZDl7EwDwBSJe5jofAz6hfgB3Mv2B3%2FFj6Q%2BEXJnpyqbbxNn023DBc3WNej6Ax5QlVULQgLloaSRaMB%2FHB4ataasOT8MK0Ktu5mS8LtsdAEVysJgY1ihyEqVVzTWGBl9Y%2FKQdu5C1xzKbNbD7FFfDUk8KeT8KP7AVW8yx1%2BiJuEcaU%2FlPwp5%2FDnsEYB8qMVZtxL41slerKI%2B0zs87IRRytd4QgaJGiBRnWmqGC4s6QWptaDtvHQPOZiZl1nEnwLoo52IlqZOHXvQwhMvrdmhW9MQoVvyLsSUICmYDcCnaGO5RqSLXHyX887VYw052PsQY6ngHiwhJ4KgZTDndu1pVQejHEVvWoxz5kXMvO3OA5hOlL6jELV2TQTenZKmeEKIlhClwhnhZjKBDVPtpgdYSCmsu%2BCYoMycSJQ1HGmVFrc93m%2FIh98kzoOUOOHhYI%2BrwBUyMy6Q0nduSeY5IcaU94lix%2F2ApQp%2F2IuHmQKj5rlD5GELQnttdmfikAwdD%2FR3x8F8V5HbAZkXD6sySXcSDwKg%3D%3D&Expires=1713624539 | Detects suspicious file path pointing to the root of a folder easily accessible via environment variables |
2024-04-20 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNAR3LNHX&Signature=w1bMjPMNY%2FGb6nnLMU5ACgUvcQg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGY7hOh%2B0iLcXNXKo6%2FVGe5VlbtpgPKuNvi6ccDq3E1SAiBbCp2czNfe4NHT0g0YV3dqAiN6sZee%2BDHvUSER3ltVhiqnAggvEAAaDDk4NDUyNTEwMTE0NiIMcTt%2B4h3tJ7ZnEWyWKoQCfPtgvbxPeAuy1EAu8RbEmV%2Bzg78ZqHSYxdDZDl7EwDwBSJe5jofAz6hfgB3Mv2B3%2FFj6Q%2BEXJnpyqbbxNn023DBc3WNej6Ax5QlVULQgLloaSRaMB%2FHB4ataasOT8MK0Ktu5mS8LtsdAEVysJgY1ihyEqVVzTWGBl9Y%2FKQdu5C1xzKbNbD7FFfDUk8KeT8KP7AVW8yx1%2BiJuEcaU%2FlPwp5%2FDnsEYB8qMVZtxL41slerKI%2B0zs87IRRytd4QgaJGiBRnWmqGC4s6QWptaDtvHQPOZiZl1nEnwLoo52IlqZOHXvQwhMvrdmhW9MQoVvyLsSUICmYDcCnaGO5RqSLXHyX887VYw052PsQY6ngHiwhJ4KgZTDndu1pVQejHEVvWoxz5kXMvO3OA5hOlL6jELV2TQTenZKmeEKIlhClwhnhZjKBDVPtpgdYSCmsu%2BCYoMycSJQ1HGmVFrc93m%2FIh98kzoOUOOHhYI%2BrwBUyMy6Q0nduSeY5IcaU94lix%2F2ApQp%2F2IuHmQKj5rlD5GELQnttdmfikAwdD%2FR3x8F8V5HbAZkXD6sySXcSDwKg%3D%3D&Expires=1713624539 | files - file ~tmp01925d3f.exe |
2024-04-20 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNAR3LNHX&Signature=w1bMjPMNY%2FGb6nnLMU5ACgUvcQg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGY7hOh%2B0iLcXNXKo6%2FVGe5VlbtpgPKuNvi6ccDq3E1SAiBbCp2czNfe4NHT0g0YV3dqAiN6sZee%2BDHvUSER3ltVhiqnAggvEAAaDDk4NDUyNTEwMTE0NiIMcTt%2B4h3tJ7ZnEWyWKoQCfPtgvbxPeAuy1EAu8RbEmV%2Bzg78ZqHSYxdDZDl7EwDwBSJe5jofAz6hfgB3Mv2B3%2FFj6Q%2BEXJnpyqbbxNn023DBc3WNej6Ax5QlVULQgLloaSRaMB%2FHB4ataasOT8MK0Ktu5mS8LtsdAEVysJgY1ihyEqVVzTWGBl9Y%2FKQdu5C1xzKbNbD7FFfDUk8KeT8KP7AVW8yx1%2BiJuEcaU%2FlPwp5%2FDnsEYB8qMVZtxL41slerKI%2B0zs87IRRytd4QgaJGiBRnWmqGC4s6QWptaDtvHQPOZiZl1nEnwLoo52IlqZOHXvQwhMvrdmhW9MQoVvyLsSUICmYDcCnaGO5RqSLXHyX887VYw052PsQY6ngHiwhJ4KgZTDndu1pVQejHEVvWoxz5kXMvO3OA5hOlL6jELV2TQTenZKmeEKIlhClwhnhZjKBDVPtpgdYSCmsu%2BCYoMycSJQ1HGmVFrc93m%2FIh98kzoOUOOHhYI%2BrwBUyMy6Q0nduSeY5IcaU94lix%2F2ApQp%2F2IuHmQKj5rlD5GELQnttdmfikAwdD%2FR3x8F8V5HbAZkXD6sySXcSDwKg%3D%3D&Expires=1713624539 | Detects win.lumma. |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNAR3LNHX&Signature=w1bMjPMNY%2FGb6nnLMU5ACgUvcQg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGY7hOh%2B0iLcXNXKo6%2FVGe5VlbtpgPKuNvi6ccDq3E1SAiBbCp2czNfe4NHT0g0YV3dqAiN6sZee%2BDHvUSER3ltVhiqnAggvEAAaDDk4NDUyNTEwMTE0NiIMcTt%2B4h3tJ7ZnEWyWKoQCfPtgvbxPeAuy1EAu8RbEmV%2Bzg78ZqHSYxdDZDl7EwDwBSJe5jofAz6hfgB3Mv2B3%2FFj6Q%2BEXJnpyqbbxNn023DBc3WNej6Ax5QlVULQgLloaSRaMB%2FHB4ataasOT8MK0Ktu5mS8LtsdAEVysJgY1ihyEqVVzTWGBl9Y%2FKQdu5C1xzKbNbD7FFfDUk8KeT8KP7AVW8yx1%2BiJuEcaU%2FlPwp5%2FDnsEYB8qMVZtxL41slerKI%2B0zs87IRRytd4QgaJGiBRnWmqGC4s6QWptaDtvHQPOZiZl1nEnwLoo52IlqZOHXvQwhMvrdmhW9MQoVvyLsSUICmYDcCnaGO5RqSLXHyX887VYw052PsQY6ngHiwhJ4KgZTDndu1pVQejHEVvWoxz5kXMvO3OA5hOlL6jELV2TQTenZKmeEKIlhClwhnhZjKBDVPtpgdYSCmsu%2BCYoMycSJQ1HGmVFrc93m%2FIh98kzoOUOOHhYI%2BrwBUyMy6Q0nduSeY5IcaU94lix%2F2ApQp%2F2IuHmQKj5rlD5GELQnttdmfikAwdD%2FR3x8F8V5HbAZkXD6sySXcSDwKg%3D%3D&Expires=1713624539
IP
52.216.88.83
ASN
#16509 AMAZON-02
File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
324 kB (324096 bytes)
Hash
cd4121ea74cbd684bdf3a08c0aaf54a4
ee87db3dd134332b815d17d717b1ed36939dfa35
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects suspicious file path pointing to the root of a folder easily accessible via environment variables |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
Malpedia's yara-signator rules | malware | Detects win.lumma. |
VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (2)
URL | IP | Response | Size | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
bitbucket.org/fdfffdfdd/sasa/downloads/crypted.exe | 104.192.141.1 | 302 Found | 0 B | ||||||||||||||||
HTTP Headers
| |||||||||||||||||||
bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNAR3LNHX&Signature=w1bMjPMNY%2FGb6nnLMU5ACgUvcQg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIGY7hOh%2B0iLcXNXKo6%2FVGe5VlbtpgPKuNvi6ccDq3E1SAiBbCp2czNfe4NHT0g0YV3dqAiN6sZee%2BDHvUSER3ltVhiqnAggvEAAaDDk4NDUyNTEwMTE0NiIMcTt%2B4h3tJ7ZnEWyWKoQCfPtgvbxPeAuy1EAu8RbEmV%2Bzg78ZqHSYxdDZDl7EwDwBSJe5jofAz6hfgB3Mv2B3%2FFj6Q%2BEXJnpyqbbxNn023DBc3WNej6Ax5QlVULQgLloaSRaMB%2FHB4ataasOT8MK0Ktu5mS8LtsdAEVysJgY1ihyEqVVzTWGBl9Y%2FKQdu5C1xzKbNbD7FFfDUk8KeT8KP7AVW8yx1%2BiJuEcaU%2FlPwp5%2FDnsEYB8qMVZtxL41slerKI%2B0zs87IRRytd4QgaJGiBRnWmqGC4s6QWptaDtvHQPOZiZl1nEnwLoo52IlqZOHXvQwhMvrdmhW9MQoVvyLsSUICmYDcCnaGO5RqSLXHyX887VYw052PsQY6ngHiwhJ4KgZTDndu1pVQejHEVvWoxz5kXMvO3OA5hOlL6jELV2TQTenZKmeEKIlhClwhnhZjKBDVPtpgdYSCmsu%2BCYoMycSJQ1HGmVFrc93m%2FIh98kzoOUOOHhYI%2BrwBUyMy6Q0nduSeY5IcaU94lix%2F2ApQp%2F2IuHmQKj5rlD5GELQnttdmfikAwdD%2FR3x8F8V5HbAZkXD6sySXcSDwKg%3D%3D&Expires=1713624539 | 52.216.88.83 | 200 OK | 324 kB | ||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||