Report - www.ch-werner.de/sqliteodbc/sqliteodbc.exe

Report Overview

Visited public
2024-08-08 23:48:19
Tags
URL
www.ch-werner.de/sqliteodbc/sqliteodbc.exe
Finishing URL
about:privatebrowsing
IP / ASN
80.150.6.143
#3320 Deutsche Telekom AG
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown				2.6 kB	7.1 kB	23.36.76.226
www.ch-werner.de	unknown				412 B	5.4 MB	80.150.6.143

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-08 23:47:54	high	80.150.6.143	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-08	medium	www.ch-werner.de/sqliteodbc/sqliteodbc.exe	Detect files is `SliverFox` malware

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ch-werner.de/sqliteodbc/sqliteodbc.exe
IP
80.150.6.143
ASN
#3320 Deutsche Telekom AG

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
Size
5.4 MB (5398170 bytes)
Hash
7f2de7ef9ca2e120b3a8d01c7da4dc23
cc64af56be5243d218f48286233d43176e293e2e
3bce566ecc2545a49c0cad1d0c4c62ddafd529b77bdc147c1dcee8eace8acc70

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
19cd88f88651f2e9f42740350df4b4d1
c6c7026e15281db4f24b3bc4ee2cfc2ecc26362c
b41a248824843236c8691934a5dfd24daa01f05cdc8cff81afdb9588dee24946

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B41A248824843236C8691934A5DFD24DAA01F05CDC8CFF81AFDB9588DEE24946"
Last-Modified: Thu, 08 Aug 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17548
Expires: Fri, 09 Aug 2024 04:40:21 GMT
Date: Thu, 08 Aug 2024 23:47:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a7b6b62c40d039614a8e497e28dfcb92
e5883c177b8d622fd5fc7a925e437df4c3fdb984
496d0482a522c54fcea43174ca83c7a72bcb5cfd6c15c02ecd955557ee00eb03

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "496D0482A522C54FCEA43174CA83C7A72BCB5CFD6C15C02ECD955557EE00EB03"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3789
Expires: Fri, 09 Aug 2024 00:51:02 GMT
Date: Thu, 08 Aug 2024 23:47:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5f8acb1f8a25eb19fc33302dc7bf3c26
93ad5ef9e7119c1064e966ea3ab2cade2438d5aa
277c320d7ff9556a6375e996308ba8d893601e14430af41b82904952d477f836

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "277C320D7FF9556A6375E996308BA8D893601E14430AF41B82904952D477F836"
Last-Modified: Thu, 08 Aug 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15916
Expires: Fri, 09 Aug 2024 04:13:09 GMT
Date: Thu, 08 Aug 2024 23:47:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
41f3021c1502428798a392f3c2ef0fc8
c7a61247c753e72345e5c4504056a09889a3916e
cb2873c69274d15b03f8aaa26260d7a2341f2e276f876f444f1fee5679266653

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CB2873C69274D15B03F8AAA26260D7A2341F2E276F876F444F1FEE5679266653"
Last-Modified: Thu, 08 Aug 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5271
Expires: Fri, 09 Aug 2024 01:15:45 GMT
Date: Thu, 08 Aug 2024 23:47:54 GMT
Connection: keep-alive

www.ch-werner.de/sqliteodbc/sqliteodbc.exe

80.150.6.143

200 OK

5.4 MB

URL User Request GET HTTP/1.1
www.ch-werner.de/sqliteodbc/sqliteodbc.exe
IP
80.150.6.143:80
ASN
#3320 Deutsche Telekom AG

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
Size
5.4 MB (5398170 bytes)
Hash
7f2de7ef9ca2e120b3a8d01c7da4dc23
cc64af56be5243d218f48286233d43176e293e2e
3bce566ecc2545a49c0cad1d0c4c62ddafd529b77bdc147c1dcee8eace8acc70

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /sqliteodbc/sqliteodbc.exe HTTP/1.1
Host: www.ch-werner.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
content-length: 5398170
accept-ranges: bytes
date: Thu, 08 Aug 2024 23:47:54 GMT
content-type: application/x-msdos-program
etag: "525e9a-6086282e31000"
last-modified: Mon, 23 Oct 2023 13:50:56 GMT
Set-Cookie: TSf6cbd701027=083c9557bcab20007a42d7344f8889f682d4538e495bc36446b29454d80c8331037f373b3aa8ce9e08bb1c521d1130006c6bdf094ba9ba6e0cc44878119ce93e0f00d8c93a20ad57838e9c862523db88c61c9775df45e78b7db466079e53ade2; Path=/

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16646
Expires: Fri, 09 Aug 2024 04:25:22 GMT
Date: Thu, 08 Aug 2024 23:47:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16646
Expires: Fri, 09 Aug 2024 04:25:22 GMT
Date: Thu, 08 Aug 2024 23:47:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16646
Expires: Fri, 09 Aug 2024 04:25:22 GMT
Date: Thu, 08 Aug 2024 23:47:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16644
Expires: Fri, 09 Aug 2024 04:25:20 GMT
Date: Thu, 08 Aug 2024 23:47:56 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL