Report - ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi

Report Overview

Visitedpublic

2025-01-28 10:56:49

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ucarecdn.com	76504	2012-08-01	2018-06-24	2025-01-24	525 B	3.0 MB	151.101.2.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-28	medium	ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi	Detects AteraAgent Remote Admin Tool
2025-01-28	medium	ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi	Detect files is `SliverFox` malware
2025-01-28	medium	ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi	Detects AteraAgent Remote Admin Tool

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi

IP / ASN

151.101.2.132

#54113 FASTLY

File Overview

File TypeComposite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2

Size3.0 MB (2994176 bytes)

MD511306357e32d65b70b341e77b172ba31

SHA1fb15da070ba3be85b1b296b48ff3f6ffdb9cd552

SHA2566dd55949c61a22f2ba64a8770d33fc3451c4887eaacb616ff6ee25a36fae6df0

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects AteraAgent Remote Admin Tool
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
YARAhub by abuse.ch	malware	Detects AteraAgent Remote Admin Tool

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi

151.101.2.132

200 OK

3.0 MB

URL

ucarecdn.com/8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi

IP / ASN

151.101.2.132

#54113 FASTLY

Requested byN/A

Resource Info

File typeComposite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2

First Seen2025-01-28

Last Seen2025-01-31

Times Seen2

Size3.0 MB (2994176 bytes)

MD511306357e32d65b70b341e77b172ba31

SHA1fb15da070ba3be85b1b296b48ff3f6ffdb9cd552

SHA2566dd55949c61a22f2ba64a8770d33fc3451c4887eaacb616ff6ee25a36fae6df0

Certificate Info

IssuerCertainly

Subjectucarecdn.com

FingerprintEF:E1:A0:C3:41:5C:B4:D8:B8:D1:45:16:C8:DE:7F:63:48:4A:DD:32

ValidityWed, 15 Jan 2025 10:26:45 GMT - Fri, 14 Feb 2025 10:26:44 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects AteraAgent Remote Admin Tool
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
YARAhub by abuse.ch	malware	Detects AteraAgent Remote Admin Tool

HTTP Headers

GET /8af670d4-cd93-4125-aa83-8a3bc05a51b0/Processo001177536.msi HTTP/1.1
Host: ucarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
cache-control: public, max-age=31556926, immutable
content-disposition: attachment; filename=Processo-0011775-36.msi
etag: "11306357e32d65b70b341e77b172ba31"
last-modified: Mon, 27 Jan 2025 17:43:08 GMT
server: Uploadcare
x-robots-tag: noindex, nofollow, nosnippet, noarchive
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-expose-headers: HEAD, GET, OPTIONS
accept-ranges: bytes
date: Tue, 28 Jan 2025 10:56:25 GMT
age: 61968
x-cache: MISS
content-length: 2994176
X-Firefox-Spdy: h2