Report - watermelon-muncher.000webhostapp.com/sex.exe

Report Overview

Visitedpublic

2024-07-26 08:50:25

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
watermelon-muncher.000webhostapp.com	unknown	unknown	No data	No data	498 B	5.2 MB	145.14.145.54
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-25 18:12:06	2.3 kB	6.2 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-26	medium	watermelon-muncher.000webhostapp.com/sex.exe	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

watermelon-muncher.000webhostapp.com/sex.exe

IP / ASN

145.14.145.54

#204915 Hostinger International Limited

File Overview

File TypePE32+ executable (GUI) x86-64, for MS Windows, 3 sections

Size5.2 MB (5178368 bytes)

MD5ebfeb52ca8329ec9700ef33c7b5ff39a

SHA1c0d5d52c2d2b68e9fec52ec59270e6bfa5582c0e

SHA25675fc49ea6af2338580e20b1ac25ebfc26c8a290f8cb29aa80f1a3a6d89d95a5e

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 56/73

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen24726

Size504 B (504 bytes)

MD5577f20b1ad1240dc12215f4d93e53b8f

SHA14fb6d79b9c4adb8f712073e9662ceae41a4f097c

SHA256523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0"
Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12963
Expires: Fri, 26 Jul 2024 12:18:48 GMT
Date: Fri, 26 Jul 2024 08:42:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen18914

Size504 B (504 bytes)

MD521fba4953d0a666a4844d872097cb8f4

SHA180ac64ff700d5d02eb9901123ecd64f02c9e3ec2

SHA256f5c60f75b60eb8ef8e42e66fcad10e8df5759fe29bad30a23871fb7c1da61456

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F5C60F75B60EB8EF8E42E66FCAD10E8DF5759FE29BAD30A23871FB7C1DA61456"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21067
Expires: Fri, 26 Jul 2024 14:33:52 GMT
Date: Fri, 26 Jul 2024 08:42:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-24

Last Seen2024-08-19

Times Seen14863

Size504 B (504 bytes)

MD553c120d8bd28a824c423b6b51e6a5f07

SHA18c8f9015ddb4e7bbd18c0b35103ff1e8a0b7d5c1

SHA2560ef528831322336534e6b28ac3db61ac793b2b52f700672aee09ee5b1c92a2c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0EF528831322336534E6B28AC3DB61AC793B2B52F700672AEE09EE5B1C92A2C7"
Last-Modified: Wed, 24 Jul 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3231
Expires: Fri, 26 Jul 2024 09:36:37 GMT
Date: Fri, 26 Jul 2024 08:42:46 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-24

Last Seen2024-08-19

Times Seen20820

Size504 B (504 bytes)

MD5b1e4e1a92df74669a74711c4eaef2acc

SHA1a26f28116849cc857a0e31e3495f659e0cd36ac4

SHA25677f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD"
Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7386
Expires: Fri, 26 Jul 2024 10:45:52 GMT
Date: Fri, 26 Jul 2024 08:42:46 GMT
Connection: keep-alive

GET watermelon-muncher.000webhostapp.com/sex.exe

145.14.145.54

200 OK

5.2 MB

URL

watermelon-muncher.000webhostapp.com/sex.exe

IP / ASN

145.14.145.54

#204915 Hostinger International Limited

Requested byN/A

Resource Info

File typePE32+ executable (GUI) x86-64, for MS Windows, 3 sections

First Seen2024-06-05

Last Seen2024-08-19

Times Seen16

Size5.2 MB (5178368 bytes)

MD5ebfeb52ca8329ec9700ef33c7b5ff39a

SHA1c0d5d52c2d2b68e9fec52ec59270e6bfa5582c0e

SHA25675fc49ea6af2338580e20b1ac25ebfc26c8a290f8cb29aa80f1a3a6d89d95a5e

Certificate Info

IssuerDigiCert Inc

Subject*.000webhostapp.com

FingerprintB0:57:03:97:AE:15:06:79:FC:86:0E:E2:79:B6:B0:9D:37:04:A5:49

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 56/73

HTTP Headers

GET /sex.exe HTTP/1.1
Host: watermelon-muncher.000webhostapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jul 2024 08:42:46 GMT
content-type: application/octet-stream
content-length: 5178368
last-modified: Tue, 04 Jun 2024 16:36:22 GMT
accept-ranges: bytes
server: awex
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-request-id: 9ebe6ba8eeb6afb2a7ce5b52e9681dd8
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Fri, 26 Jul 2024 14:29:48 GMT
Date: Fri, 26 Jul 2024 08:42:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Fri, 26 Jul 2024 14:29:48 GMT
Date: Fri, 26 Jul 2024 08:42:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20820
Expires: Fri, 26 Jul 2024 14:29:48 GMT
Date: Fri, 26 Jul 2024 08:42:48 GMT
Connection: keep-alive