Report Overview
Submitted URL
bitbucket.org/fdfffdfdd/sasa/downloads/crypted.exe
IP
104.192.141.1
ASN
#16509 AMAZON-02
Submitted
2024-04-27 02:16:08
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
bitbucket.org | 13657 | 1997-11-24 | 2012-05-21 | 2024-03-15 | 504 B | 4.6 kB | 104.192.141.1 |
bbuseruploads.s3.amazonaws.com | 419617 | 2005-08-18 | 2014-05-24 | 2024-04-18 | 1.7 kB | 325 kB | 52.216.59.65 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-27 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNKJCGHCTK&Signature=CXlC2SLKaOtY7lTWVvS%2FNQFHRgc%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEIP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCalM91b0czuct3qMt%2FXUcQPGJeJNJcu4u8SZQNeG%2F7RwIgBFYq07V%2BmkcljOIhoW66b9jDJdZJZKek7%2Bb3VQvRlnEqsAIIy%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPMBp%2BecJ9yZX8rH%2FiqEAoyqeSJ6%2Bl68hzlYjiWg2HkocNSmNmeJnsmrpISJQUE28QuFPuEIXoPPLh5W%2F4Fgp54DZMe9FPBDu8sKnRwrketKoiCO5joHBG2HIcF6kLnz7e6rBxDNkahiN%2BVPh4m4ZKnGBV04E%2FRTe0%2B1I2xxcrtPub6iMeeQZ%2BsXImK2LrVT%2FvTQ0fedQIYUbADVj0V%2FO9X91Ojwaq79rnWMY2wpj%2F5EkPvL5FQiTRxqRoKZrGBstiuNi6fPaT9w2iBGa4NmBZ82NAOLF%2F0tztBpyh3FZHOLdkXHVWVIUkXGGDVRjkYgTrhJz%2FRCgQP0AxMHxIeswkprMr5NSHUit62Z0NHbXRehWqYyMN2%2BsbEGOp0B47GItN%2B9scX%2BqMpscRMgXizenk7dX%2Bqh2zz9g08BP2lENaxm%2FNOzRjA%2FHHEaOniPki5p9%2B%2BUsy%2F9zzbQn5FbtzMrKz0sUC19oc59NkRvX4AJBdZhS5q0wJ4Q3DohTxBS5xmwpUkbq%2BTU4vrwEyMRqyzFnjceh7A%2FclOvxguKH9XiyG34%2BwZkZwcPGwoPhLH%2FOHK5LaJmghcICZ%2BpRA%3D%3D&Expires=1714185829 | Detects suspicious file path pointing to the root of a folder easily accessible via environment variables |
2024-04-27 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNKJCGHCTK&Signature=CXlC2SLKaOtY7lTWVvS%2FNQFHRgc%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEIP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCalM91b0czuct3qMt%2FXUcQPGJeJNJcu4u8SZQNeG%2F7RwIgBFYq07V%2BmkcljOIhoW66b9jDJdZJZKek7%2Bb3VQvRlnEqsAIIy%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPMBp%2BecJ9yZX8rH%2FiqEAoyqeSJ6%2Bl68hzlYjiWg2HkocNSmNmeJnsmrpISJQUE28QuFPuEIXoPPLh5W%2F4Fgp54DZMe9FPBDu8sKnRwrketKoiCO5joHBG2HIcF6kLnz7e6rBxDNkahiN%2BVPh4m4ZKnGBV04E%2FRTe0%2B1I2xxcrtPub6iMeeQZ%2BsXImK2LrVT%2FvTQ0fedQIYUbADVj0V%2FO9X91Ojwaq79rnWMY2wpj%2F5EkPvL5FQiTRxqRoKZrGBstiuNi6fPaT9w2iBGa4NmBZ82NAOLF%2F0tztBpyh3FZHOLdkXHVWVIUkXGGDVRjkYgTrhJz%2FRCgQP0AxMHxIeswkprMr5NSHUit62Z0NHbXRehWqYyMN2%2BsbEGOp0B47GItN%2B9scX%2BqMpscRMgXizenk7dX%2Bqh2zz9g08BP2lENaxm%2FNOzRjA%2FHHEaOniPki5p9%2B%2BUsy%2F9zzbQn5FbtzMrKz0sUC19oc59NkRvX4AJBdZhS5q0wJ4Q3DohTxBS5xmwpUkbq%2BTU4vrwEyMRqyzFnjceh7A%2FclOvxguKH9XiyG34%2BwZkZwcPGwoPhLH%2FOHK5LaJmghcICZ%2BpRA%3D%3D&Expires=1714185829 | files - file ~tmp01925d3f.exe |
2024-04-27 | medium | bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNKJCGHCTK&Signature=CXlC2SLKaOtY7lTWVvS%2FNQFHRgc%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEIP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCalM91b0czuct3qMt%2FXUcQPGJeJNJcu4u8SZQNeG%2F7RwIgBFYq07V%2BmkcljOIhoW66b9jDJdZJZKek7%2Bb3VQvRlnEqsAIIy%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPMBp%2BecJ9yZX8rH%2FiqEAoyqeSJ6%2Bl68hzlYjiWg2HkocNSmNmeJnsmrpISJQUE28QuFPuEIXoPPLh5W%2F4Fgp54DZMe9FPBDu8sKnRwrketKoiCO5joHBG2HIcF6kLnz7e6rBxDNkahiN%2BVPh4m4ZKnGBV04E%2FRTe0%2B1I2xxcrtPub6iMeeQZ%2BsXImK2LrVT%2FvTQ0fedQIYUbADVj0V%2FO9X91Ojwaq79rnWMY2wpj%2F5EkPvL5FQiTRxqRoKZrGBstiuNi6fPaT9w2iBGa4NmBZ82NAOLF%2F0tztBpyh3FZHOLdkXHVWVIUkXGGDVRjkYgTrhJz%2FRCgQP0AxMHxIeswkprMr5NSHUit62Z0NHbXRehWqYyMN2%2BsbEGOp0B47GItN%2B9scX%2BqMpscRMgXizenk7dX%2Bqh2zz9g08BP2lENaxm%2FNOzRjA%2FHHEaOniPki5p9%2B%2BUsy%2F9zzbQn5FbtzMrKz0sUC19oc59NkRvX4AJBdZhS5q0wJ4Q3DohTxBS5xmwpUkbq%2BTU4vrwEyMRqyzFnjceh7A%2FclOvxguKH9XiyG34%2BwZkZwcPGwoPhLH%2FOHK5LaJmghcICZ%2BpRA%3D%3D&Expires=1714185829 | Detects win.lumma. |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNKJCGHCTK&Signature=CXlC2SLKaOtY7lTWVvS%2FNQFHRgc%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEIP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCalM91b0czuct3qMt%2FXUcQPGJeJNJcu4u8SZQNeG%2F7RwIgBFYq07V%2BmkcljOIhoW66b9jDJdZJZKek7%2Bb3VQvRlnEqsAIIy%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPMBp%2BecJ9yZX8rH%2FiqEAoyqeSJ6%2Bl68hzlYjiWg2HkocNSmNmeJnsmrpISJQUE28QuFPuEIXoPPLh5W%2F4Fgp54DZMe9FPBDu8sKnRwrketKoiCO5joHBG2HIcF6kLnz7e6rBxDNkahiN%2BVPh4m4ZKnGBV04E%2FRTe0%2B1I2xxcrtPub6iMeeQZ%2BsXImK2LrVT%2FvTQ0fedQIYUbADVj0V%2FO9X91Ojwaq79rnWMY2wpj%2F5EkPvL5FQiTRxqRoKZrGBstiuNi6fPaT9w2iBGa4NmBZ82NAOLF%2F0tztBpyh3FZHOLdkXHVWVIUkXGGDVRjkYgTrhJz%2FRCgQP0AxMHxIeswkprMr5NSHUit62Z0NHbXRehWqYyMN2%2BsbEGOp0B47GItN%2B9scX%2BqMpscRMgXizenk7dX%2Bqh2zz9g08BP2lENaxm%2FNOzRjA%2FHHEaOniPki5p9%2B%2BUsy%2F9zzbQn5FbtzMrKz0sUC19oc59NkRvX4AJBdZhS5q0wJ4Q3DohTxBS5xmwpUkbq%2BTU4vrwEyMRqyzFnjceh7A%2FclOvxguKH9XiyG34%2BwZkZwcPGwoPhLH%2FOHK5LaJmghcICZ%2BpRA%3D%3D&Expires=1714185829
IP
52.216.59.65
ASN
#16509 AMAZON-02
File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
324 kB (324096 bytes)
Hash
cd4121ea74cbd684bdf3a08c0aaf54a4
ee87db3dd134332b815d17d717b1ed36939dfa35
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects suspicious file path pointing to the root of a folder easily accessible via environment variables |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
Malpedia's yara-signator rules | malware | Detects win.lumma. |
VirusTotal | malicious |
JavaScript (0)
HTTP Transactions (2)
URL | IP | Response | Size | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
bitbucket.org/fdfffdfdd/sasa/downloads/crypted.exe | 104.192.141.1 | 302 Found | 0 B | ||||||||||||||||
HTTP Headers
| |||||||||||||||||||
bbuseruploads.s3.amazonaws.com/ea828881-2731-45d0-b810-16081733e9b0/downloads/46f8b9cc-457f-4b3a-bdb4-0cf4e8c77c58/crypted.exe?response-content-disposition=attachment%3B%20filename%3D%22crypted.exe%22&AWSAccessKeyId=ASIA6KOSE3BNKJCGHCTK&Signature=CXlC2SLKaOtY7lTWVvS%2FNQFHRgc%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEIP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCalM91b0czuct3qMt%2FXUcQPGJeJNJcu4u8SZQNeG%2F7RwIgBFYq07V%2BmkcljOIhoW66b9jDJdZJZKek7%2Bb3VQvRlnEqsAIIy%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPMBp%2BecJ9yZX8rH%2FiqEAoyqeSJ6%2Bl68hzlYjiWg2HkocNSmNmeJnsmrpISJQUE28QuFPuEIXoPPLh5W%2F4Fgp54DZMe9FPBDu8sKnRwrketKoiCO5joHBG2HIcF6kLnz7e6rBxDNkahiN%2BVPh4m4ZKnGBV04E%2FRTe0%2B1I2xxcrtPub6iMeeQZ%2BsXImK2LrVT%2FvTQ0fedQIYUbADVj0V%2FO9X91Ojwaq79rnWMY2wpj%2F5EkPvL5FQiTRxqRoKZrGBstiuNi6fPaT9w2iBGa4NmBZ82NAOLF%2F0tztBpyh3FZHOLdkXHVWVIUkXGGDVRjkYgTrhJz%2FRCgQP0AxMHxIeswkprMr5NSHUit62Z0NHbXRehWqYyMN2%2BsbEGOp0B47GItN%2B9scX%2BqMpscRMgXizenk7dX%2Bqh2zz9g08BP2lENaxm%2FNOzRjA%2FHHEaOniPki5p9%2B%2BUsy%2F9zzbQn5FbtzMrKz0sUC19oc59NkRvX4AJBdZhS5q0wJ4Q3DohTxBS5xmwpUkbq%2BTU4vrwEyMRqyzFnjceh7A%2FclOvxguKH9XiyG34%2BwZkZwcPGwoPhLH%2FOHK5LaJmghcICZ%2BpRA%3D%3D&Expires=1714185829 | 52.216.59.65 | 200 OK | 324 kB | ||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||