Report - files.ethermailer.com/macesroomc/files/BI19-AH009-WO-1.zip

Report Overview

Visitedpublic

2024-12-21 17:00:57

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
files.ethermailer.com	unknown	2016-11-08	2017-04-06	2024-12-20	512 B	802 kB	172.67.211.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

files.ethermailer.com/macesroomc/files/BI19-AH009-WO-1.zip

IP / ASN

172.67.211.168

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size801 kB (801233 bytes)

MD5a6ae372e1209c3d4fc5ef7bcbcfaaeea

SHA1b5d0b9f5e0410d253cab3b0d69c1a3f03d9275aa

SHA2567608019d27506d3c7ce39ac4ebae12ce5b44fe1776cb20a51b3747383cb5be4b

Archive (1)

Modified	Filename	Size	MD5	File type
2024-12-18 19:37	BI19-AH009-WO-1.exe	1.3 MB	ec3ba2f9b2d0b8236ac14326f17c2512	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
VirusTotal	malicious	VirusTotal - Scan result 46/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

files.ethermailer.com/macesroomc/files/BI19-AH009-WO-1.zip

172.67.211.168

200 OK

801 kB

URL

files.ethermailer.com/macesroomc/files/BI19-AH009-WO-1.zip

IP / ASN

172.67.211.168

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-12-20

Last Seen2025-01-05

Times Seen4

Size801 kB (801233 bytes)

MD5a6ae372e1209c3d4fc5ef7bcbcfaaeea

SHA1b5d0b9f5e0410d253cab3b0d69c1a3f03d9275aa

SHA2567608019d27506d3c7ce39ac4ebae12ce5b44fe1776cb20a51b3747383cb5be4b

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 46/68

HTTP Headers

GET /macesroomc/files/BI19-AH009-WO-1.zip HTTP/1.1
Host: files.ethermailer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Dec 2024 17:00:33 GMT
content-type: application/zip
content-length: 801233
x-amz-id-2: ix530GtuB87FURZG5GjZ8kd0EQYrehI6xVp5oevkIqIBvx5gW5qmHPhC1G0sp1hBSJosUgGR+3k=
x-amz-request-id: CXE8RYAWEM8AQ466
last-modified: Thu, 19 Dec 2024 03:46:24 GMT
etag: "a6ae372e1209c3d4fc5ef7bcbcfaaeea"
x-amz-server-side-encryption: AES256
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rThpeSOkzWubFj7HUKIS8zuw6Ztabmzm59tuA8zaobnJ13nW8Cn8D1ydfJSYjTyqKjyoWamQ%2Fjyjz%2B7vpHdW5RMN79o9UqVMFc1e%2B5oQHzyQf6wZZiSJskOnHrXnDNGWsVJ4Nb0VllM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f596dd3fdfb56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19428&min_rtt=10601&rtt_var=16422&sent=7&recv=11&lost=0&retrans=0&sent_bytes=2785&recv_bytes=1147&delivery_rate=272975&cwnd=253&unsent_bytes=0&cid=214497aa812d9164&ts=390&x=0"
X-Firefox-Spdy: h2