Report - tinytask.pro/murgeeautoclicker.exe

Report Overview

Visitedpublic

2023-10-31 11:38:13

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tinytask.pro	unknown	2022-07-27	2022-08-18 08:42:25	2023-08-02 17:49:39	490 B	765 B	159.65.221.58
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12 22:43:53	2023-10-30 13:33:27	680 B	1.8 kB	143.204.53.97
www.murgee.com	unknown	2009-03-14	2016-07-12 13:33:52	2023-10-30 18:00:35	502 B	686 kB	143.204.55.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-10-31	medium	www.murgee.com/auto-clicker/download/setup.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.murgee.com/auto-clicker/download/setup.exe

IP / ASN

143.204.55.100

#16509 AMAZON-02

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows\012- data

Size685 kB (685096 bytes)

MD5f739262c464669b14895350728b20faf

SHA1a6d185e5034672ec83dff2977cc1daf9bb2ac06a

SHA256afba65fc036fb10b4d5333e7846aba0d2eec5a9855865ebafc5d89311ea4ed8f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/71

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

GET tinytask.pro/murgeeautoclicker.exe

159.65.221.58

307 Temporary Redirect

0 B

URL

tinytask.pro/murgeeautoclicker.exe

IP / ASN

159.65.221.58

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607156

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjecttinytask.pro

FingerprintBA:8F:19:E9:FB:7B:E3:02:23:8E:DE:71:83:3C:B3:35:D4:1C:E6:9E

ValiditySat, 28 Oct 2023 19:32:11 GMT - Fri, 26 Jan 2024 19:32:10 GMT

HTTP Headers

GET /murgeeautoclicker.exe HTTP/1.1
Host: tinytask.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
server: nginx
date: Tue, 31 Oct 2023 11:37:55 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.murgee.com/auto-clicker/download/setup.exe
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, s-maxage=2592000
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.4.1 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_10=murgeeautoclicker.exe; expires=Thu, 30-Nov-2023 11:37:55 GMT; Max-Age=2592000; path=/; secure
prli_visitor=6540e713dac66; expires=Wed, 30-Oct-2024 11:37:55 GMT; Max-Age=31536000; path=/; secure
age: 0
x-cache: MISS
X-Firefox-Spdy: h2

ocsp.r2m01.amazontrust.com/

143.204.53.97

471 B

URL

ocsp.r2m01.amazontrust.com/

IP / ASN

143.204.53.97

#16509 AMAZON-02

Requested byN/A

Resource Info

File typedata

First Seen2023-10-31

Last Seen2023-10-31

Times Seen1

Size471 B (471 bytes)

MD502d8c40da0358e63f4dab7b6b89e9bd4

SHA134c0fb9b27d852c17919a3a945838a45fa32edba

SHA2560fbe850991f8a6e49c07d9b68f7d2719a2f4fb7634cc766cdfd956008662e963

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 31 Oct 2023 11:37:56 GMT
Last-Modified: Tue, 31 Oct 2023 09:49:53 GMT
Server: ECAcc (amb/6BDA)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6bmlPgpi4x9mRSX7IwmqvFdmjEpPCEJ9TYCyscjXC5IA-kX6G1g09w==
Age: 6483

GET www.murgee.com/auto-clicker/download/setup.exe

143.204.55.100

200 OK

685 kB

URL

www.murgee.com/auto-clicker/download/setup.exe

IP / ASN

143.204.55.100

#16509 AMAZON-02

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows\012- data

First Seen2023-09-25

Last Seen2023-12-04

Times Seen5

Size685 kB (685096 bytes)

MD5f739262c464669b14895350728b20faf

SHA1a6d185e5034672ec83dff2977cc1daf9bb2ac06a

SHA256afba65fc036fb10b4d5333e7846aba0d2eec5a9855865ebafc5d89311ea4ed8f

Certificate Info

IssuerAmazon

Subjectwww.murgee.com

Fingerprint2D:23:7A:09:4E:DB:02:9D:77:5D:30:40:B4:16:E0:27:04:13:40:A2

ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 02 Jun 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/71

HTTP Headers

GET /auto-clicker/download/setup.exe HTTP/1.1
Host: www.murgee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdownload
content-length: 685096
date: Tue, 31 Oct 2023 08:49:56 GMT
last-modified: Sat, 09 Sep 2023 14:10:48 GMT
etag: "f739262c464669b14895350728b20faf"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 17vezcjWVtg_sXit54kZcGJatKdtyqID3Bv1UBzK-z71gVyec_c9lg==
age: 10081
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
content-security-policy: script-src 'none';require-trusted-types-for 'script';object-src 'none';frame-ancestors 'self';sandbox allow-downloads;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.r2m01.amazontrust.com/

143.204.53.97

471 B

URL

ocsp.r2m01.amazontrust.com/

IP / ASN

143.204.53.97

#16509 AMAZON-02

Requested byN/A

Resource Info

File typedata

First Seen2023-10-31

Last Seen2023-10-31

Times Seen1

Size471 B (471 bytes)

MD502d8c40da0358e63f4dab7b6b89e9bd4

SHA134c0fb9b27d852c17919a3a945838a45fa32edba

SHA2560fbe850991f8a6e49c07d9b68f7d2719a2f4fb7634cc766cdfd956008662e963

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 31 Oct 2023 11:37:56 GMT
Server: ECAcc (amb/6B61)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TGPA9whgpYofezEGDvfBOHO5qJqcUwJnZHYpwbOGR8NAgc81g0lNTg==