Report - performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil

Report Overview

Visited public
2025-02-01 16:58:34
Tags
Submit Tags
URL
performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.199.109.153
#54113 FASTLY
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
performai.evilleaker.com	unknown	2023-11-18	2025-01-26	2025-01-26	581 B	370 kB	185.199.110.153

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip
IP
185.199.110.153
ASN
#54113 FASTLY

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
369 kB (369325 bytes)
Hash
6d783a2450b257a77124d09bd0db9fdb
682326fae65123401287aba5c525b43d284afd29
5707939679a97ee0da5358d5c3407b99fb091f541709da075dda77f31ebabfb3

Archive (21)

Filename

Md5

File type

aime2x.dll

b72af87f2c57d6085611535b07bb17d6

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

aimeio.dll

a127da2637a7d0d055f9a0dd58b794e4

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

aimeio_yubideck.dll

627b5ddb71ba6a7cf1d3cf6be0597acc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

brokenithm.dll

5f13a1bfc4cf8350f6cd0a00eac96caa

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

chuniio-mux.dll

23c537a9f2aadf282a1f6bcede9f349f

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

chuniio.dll

8738f387112714ecca411a7e46be57a9

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

chusanamhook.dll

cb8be0ecab5037deb7865239c105c14f

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

chusanhook.dll

0620f90be9baac4414f65f6e100141f3

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

config_hook.json

992cdd70d3e69a43dc111c3b953b8444

JSON text data

billing.pub

c8bd6174e2da1beae0d94498571c9d09

data

ca.crt

8bac3ec5e141a706c12c76fdd29646c8

Certificate, Version=3

duolinguo.dll

df0ca5b198701ac460987a9d2f1a7b4a

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

inject_x64.exe

8d7b5607c50bed66e8d8a9f61aceaed6

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

inject_x86.exe

44392c4dc62c7383f168753abf03be43

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

readme.txt

abc84a7ca98948eb44124855818d590c

Unicode text, UTF-8 text, with CRLF line terminators

segatools.ini

02012942b3fb5f46f0d1386cfbe06047

ASCII text

start.bat

a80a0bd1dce3005be4ab6aa1a8a5b22f

DOS batch file, ASCII text

StavonaIO.dll

115d7d08a6e44634665bcd2f9d37cff6

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

tasoller.dll

a0b7bd56ec0915befff3dd7ff62f7045

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

tasoller_plus.dll

d27306a64c75c65fc9016449e9516253

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 18 sections

yubideck.dll

c13f8c64cebadbdc013f7fe1c2960aea

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 23/68

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip

185.199.110.153

200 OK

369 kB

URL User Request GET HTTP/2
performai.evilleaker.com/manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip
IP
185.199.110.153:443
ASN
#54113 FASTLY

Certificate
IssuerLet's Encrypt
Subjectperformai.evilleaker.com
Fingerprint34:47:3D:0B:46:0C:B0:1A:8D:A4:E2:11:D0:E4:FD:9C:D0:6B:82:99
ValiditySat, 04 Jan 2025 17:29:31 GMT - Fri, 04 Apr 2025 17:29:30 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
369 kB (369325 bytes)
Hash
6d783a2450b257a77124d09bd0db9fdb
682326fae65123401287aba5c525b43d284afd29
5707939679a97ee0da5358d5c3407b99fb091f541709da075dda77f31ebabfb3

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/68

HTTP Headers

GET /manual/download/files/chusan_segatools_1_0_3_4_by_fufubot_team_release_by_evil_chinese.zip HTTP/1.1
Host: performai.evilleaker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/zip
x-origin-cache: HIT
last-modified: Thu, 30 Jan 2025 16:08:55 GMT
access-control-allow-origin: *
etag: "679ba417-5a2ad"
expires: Sat, 01 Feb 2025 17:08:04 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 8F76:114D:1D57E27:1D9F8A1:679E529C
accept-ranges: bytes
age: 0
date: Sat, 01 Feb 2025 16:58:04 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1738429085.833336,VS0,VE131
vary: Accept-Encoding
x-fastly-request-id: 0dccdf91d0abaff7674b4474c10e51d4f246733e
content-length: 369325
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (21)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers