Report - raw.githubusercontent.com/pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip

Report Overview

Submitted URL
raw.githubusercontent.com/pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip
IP
185.199.108.133
ASN
#54113 FASTLY
Submitted
2024-04-19 08:52:17
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2024-04-18	560 B	1.8 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.8 MB (1808965 bytes)
Hash
272d3e458250acd2ea839eb24b427ce5
fae7194da5c969f2d8220ed9250aa1de7bf56609
bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3

Archive (25)

Filename

Md5

File type

TrojanRansomCovid29.exe

9f0563f2faaf6b9a0f7b3cf058ac80b6

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

readme.txt

f4f557db9c615c87e524802af8a9992f

ASCII text, with CRLF line terminators

Cov29LockScreen.exe

f724c6da46dc54e6737db821f9b62d77

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Bat_To_Exe_Converter.exe

76d5900a4adf4c1f2ab8dbfd0a450c4a

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

help.chm

ffa8c49b21b077b0dc4b51a1f6f9a753

MS Windows HtmlHelp Data

settings.ini

d3be6c4edea45f5a9a766dd235e4c23a

Generic INItialization configuration [files]

AdvancedOptions.PNG

c5f0f9ab684461c635f551d045e6caa5

PNG image data, 356 x 419, 8-bit/color RGBA, non-interlaced

bg.jpg

108fc794e7171419cf881b4058f88d20

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 700x393, components 3

Chaos Ransomware Builder v4.exe

8b855e56e41a6e10d28522a20c1e0341

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Cov29Cry.exe.death

8bcd083e16af6c15e14520d5a0bd7e6a

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

covid29-is-here.txt

0a9f7b91e7c6beac740c17951e7feecb

ASCII text, with CRLF line terminators

FileExtentions.txt

189eeecf41700ae5ba9ae1a4a1c49e9a

ASCII text, with very long lines (1689), with no line terminators

Options.PNG

cdd3a90a2f2ab81410f356dcb38fc17b

PNG image data, 847 x 544, 8-bit/color RGBA, non-interlaced

23311_lores.jpg

108fc794e7171419cf881b4058f88d20

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 700x393, components 3

Cov29LockScreen.exe

f724c6da46dc54e6737db821f9b62d77

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Cov29LockScreen.vbp

420983daadcf363dee597da26732659d

ASCII text, with CRLF line terminators

Cov29LockScreen.vbw

4bc79d0f731d9f8a6a7648f3f8c7b2ed

ASCII text, with CRLF line terminators

Form1.frm

7bc02ce2aa937dc58733a326b6d6df4e

ASCII text, with CRLF line terminators

Form1.frx

654d48ddcf505d1b7c31817d9b8a91f2

data

Cov29Cry.exe.death

8bcd083e16af6c15e14520d5a0bd7e6a

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

icon.jfif

a09e22b372ad74b3a504798b7d3f87b0

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x168, components 3

mbr.cpp

d20eddecb5625b60d61d80c067537188

C++ source, ASCII text, with CRLF line terminators

mbr.exe.danger

35af6068d91ba1cc6ce21b461f242f94

PE32 executable (GUI) Intel 80386, for MS Windows, 15 sections

TrojanRansomCovid29.bat

57f0432c8e31d4ff4da7962db27ef4e8

DOS batch file, ASCII text, with CRLF line terminators

icon.ico

c2c802b751e5a25b524b9369f583c371

MS Windows icon resource - 1 icon, 256x-113, 32 bits/pixel

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	malicious	VirusTotal - Scan result 55/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

raw.githubusercontent.com/pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip

185.199.110.133

1.8 MB

URL
raw.githubusercontent.com/pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip
IP
185.199.110.133:0
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.8 MB (1808965 bytes)
Hash
272d3e458250acd2ea839eb24b427ce5
fae7194da5c969f2d8220ed9250aa1de7bf56609
bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 55/67

HTTP Headers

GET /pankoza2-pl/malwaredatabase-old/main/Covid29-Ransomware/Covid29%20Ransomware.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"23eb252ff7fe0bd884dc47efff11ec55e3dd1cbbb118037184805764ed462ce9"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 7F0E:21BEAB:40CB23E:44512E3:6622309A
accept-ranges: bytes
date: Fri, 19 Apr 2024 08:51:43 GMT
via: 1.1 varnish
x-served-by: cache-hel1410023-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1713516703.054387,VS0,VE287
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 4a881ce9d0f77dbd9688a5e0494d6fb9b668a065
expires: Fri, 19 Apr 2024 08:56:43 GMT
source-age: 0
content-length: 1808965
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers