| saratovoblgaz.ru/basterlord.hta | 195.161.68.8 | | 7.8 kB |
URL saratovoblgaz.ru/basterlord.hta IP195.161.68.8:0
File typeHTML document, ASCII text, with very long lines (7677) Hash42c6f779368958f5fb411ca6c1cf01a7 db6d13c981bca8c436eb26302d9ecac61ce90d52 8b03872d6275afacfa858eea752f725298af2859b52b026e5f4cdd1988051b65
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Detects hack tool used in Operation Wilted Tulip - Windows Tasks | Public Nextron YARA rules | malware | Detects suspicious UTF16 and Base64 encoded PowerShell code that starts with a $ sign and a single char variable |
GET /basterlord.hta HTTP/1.1
Host: saratovoblgaz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 11:45:28 GMT
content-length: 7839
server: Apache
last-modified: Wed, 17 Apr 2024 14:18:50 GMT
etag: "1e9f-6164b889a2e9c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
| saratovoblgaz.ru/favicon.ico | 195.161.68.8 | | 894 B |
URL saratovoblgaz.ru/favicon.ico IP195.161.68.8:0
File typeMS Windows icon resource - 1 icon, 16x16, 24 bits/pixel Hash9237b913d3a8b4b2b128a54ec4aa9f60 582b3e3601031aad8fb7ac9c49ce9efa23bff081 d50db7b60de2633b6e2097557aa4cb1f51a6711341fe875e364f6a7102e47cca
GET /favicon.ico HTTP/1.1
Host: saratovoblgaz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://saratovoblgaz.ru/basterlord.hta
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 11:45:29 GMT
content-type: image/vnd.microsoft.icon
content-length: 894
server: Apache
last-modified: Mon, 08 Apr 2024 19:41:14 GMT
etag: "37e-6159afd0af486"
accept-ranges: bytes
X-Firefox-Spdy: h2
|