Report - www.inerttia.es/files/general/AA

Report Overview

Visited public
2024-12-10 00:06:34
Tags
Submit Tags
URL
www.inerttia.es/files/general/AA_v3.exe
Finishing URL
about:privatebrowsing
IP / ASN
90.160.58.114
#12479 Orange Espagne SA
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.inerttia.es	unknown	unknown	2016-02-01	2024-11-25	493 B	735 kB	90.160.58.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-10	medium	www.inerttia.es/files/general/AA_v3.exe	Detects Ammyy remote access tool
2024-12-10	medium	www.inerttia.es/files/general/AA_v3.exe	Detects Ammyy Admin Downloader
2024-12-10	medium	www.inerttia.es/files/general/AA_v3.exe	Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.inerttia.es/files/general/AA_v3.exe
IP
90.160.58.114
ASN
#12479 Orange Espagne SA

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
735 kB (735072 bytes)
Hash
9561c8f7bd981a9eaac23ec6fa9a65e5
519d06745dad2be35d2de25f9739b80ea64e1fdd
0fd5789a6ff2a978eddc093ac89df7192d17fd73825042c44acc844d7aa6517e

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Ammyy remote access tool
Public Nextron YARA rules	malware	Detects Ammyy Admin Downloader
Public Nextron YARA rules	malware	Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe
VirusTotal	malicious	VirusTotal - Scan result 45/72
ClamAV	malicious	Win.Virus.Sality-6823444-0

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.inerttia.es/files/general/AA_v3.exe

90.160.58.114

200 OK

735 kB

URL User Request GET HTTP/1.1
www.inerttia.es/files/general/AA_v3.exe
IP
90.160.58.114:443
ASN
#12479 Orange Espagne SA

Certificate
IssuerLet's Encrypt
Subjectwww.inerttia.es
Fingerprint11:DF:E7:1D:17:7E:0D:B9:5F:50:9E:48:6D:3F:39:CB:45:1E:C0:39
ValidityFri, 08 Nov 2024 09:31:30 GMT - Thu, 06 Feb 2025 09:31:29 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
735 kB (735072 bytes)
Hash
9561c8f7bd981a9eaac23ec6fa9a65e5
519d06745dad2be35d2de25f9739b80ea64e1fdd
0fd5789a6ff2a978eddc093ac89df7192d17fd73825042c44acc844d7aa6517e

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Ammyy remote access tool
Public Nextron YARA rules	malware	Detects Ammyy Admin Downloader
Public Nextron YARA rules	malware	Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe
VirusTotal	malicious	VirusTotal - Scan result 45/72
ClamAV	malicious	Win.Virus.Sality-6823444-0

HTTP Headers

GET /files/general/AA_v3.exe HTTP/1.1
Host: www.inerttia.es
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 10 Dec 2024 00:06:09 GMT
Server: Apache/2.4.52 (Debian)
Last-Modified: Tue, 08 Mar 2022 13:10:40 GMT
ETag: "b3760-5d9b4b52a1062"
Accept-Ranges: bytes
Content-Length: 735072
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers