Report - public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?

Report Overview

Visited public
2024-07-11 00:42:49
Tags
URL
public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a
Finishing URL
about:privatebrowsing
IP / ASN
85.215.6.79
#6786 Cronon GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-09 18:12:41	2.0 kB	5.3 kB	23.36.77.32
public.od.cm4allbusiness.de	928402	unknown	2014-01-22 09:20:24	2023-12-10 15:32:25	546 B	4.2 MB	85.215.6.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-11	medium	public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a	pe_packer_pecompact2

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a
IP
85.215.6.79
ASN
#6786 Cronon GmbH

File type
PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections
Size
4.2 MB (4199624 bytes)
Hash
279330b6e9ae52bbdea28666dc820f25
3dc233d6d17dda77069ac2aabc6dd8d369a204d7
4bff86cbf06612b378f01687407eb0b61914b878aec0386279ed2a56650a8a17

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	pe_packer_pecompact2

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ee5b6dc3e7ab972df60b36582e3eaaf4
2a5185acc539fcddac9c33895ec74faf552b62dd
be84262bbb3f3aabae368745bc3e85b816e372b16bc37327a1887d3a19992df6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE84262BBB3F3AABAE368745BC3E85B816E372B16BC37327A1887D3A19992DF6"
Last-Modified: Wed, 10 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4410
Expires: Thu, 11 Jul 2024 01:55:52 GMT
Date: Thu, 11 Jul 2024 00:42:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e08576e0904dc9903a9c20fa9e3d15b8
74feff76140500fd4a61e89c7e9d8d0a60df1183
ee690bacddf55fd12ae0c9c39e330e0a1a18776b9edc91b4aa6c5bae28824f1e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EE690BACDDF55FD12AE0C9C39E330E0A1A18776B9EDC91B4AA6C5BAE28824F1E"
Last-Modified: Tue, 09 Jul 2024 15:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14274
Expires: Thu, 11 Jul 2024 04:40:16 GMT
Date: Thu, 11 Jul 2024 00:42:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e7492695b5254a3a63fcffb4f1ee8cec
0361713c6d8129210245347284c7c6babfd28fb7
5d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F"
Last-Modified: Tue, 09 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4788
Expires: Thu, 11 Jul 2024 02:02:11 GMT
Date: Thu, 11 Jul 2024 00:42:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9b556e25e514a3cd5829bc4d938e5517
85eeba07dc1438e7433ce7a145500164d842d5db
22f599883dc87540746708049ea46ec4eb88c81c924ba145a58bebd5ee3199cb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "22F599883DC87540746708049EA46EC4EB88C81C924BA145A58BEBD5EE3199CB"
Last-Modified: Tue, 09 Jul 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8322
Expires: Thu, 11 Jul 2024 03:01:05 GMT
Date: Thu, 11 Jul 2024 00:42:23 GMT
Connection: keep-alive

public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a

85.215.6.79

200 OK

4.2 MB

URL User Request GET HTTP/1.1
public.od.cm4allbusiness.de/.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a
IP
85.215.6.79:443
ASN
#6786 Cronon GmbH

Certificate
IssuerLet's Encrypt
Subject*.od.cm4allbusiness.de
FingerprintEC:EC:4E:88:56:96:E8:43:8D:DF:35:E7:CD:E2:B2:1F:AA:EB:B0:AD
ValidityMon, 03 Jun 2024 13:08:37 GMT - Sun, 01 Sep 2024 13:08:36 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed, 3 sections
Size
4.2 MB (4199624 bytes)
Hash
279330b6e9ae52bbdea28666dc820f25
3dc233d6d17dda77069ac2aabc6dd8d369a204d7
4bff86cbf06612b378f01687407eb0b61914b878aec0386279ed2a56650a8a17

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	pe_packer_pecompact2

HTTP Headers

GET /.cm4all/uro/W4BOD0AVB34H/Daten/mfb-kunde.exe?_=1603abe6f18&cdp=a HTTP/1.1
Host: public.od.cm4allbusiness.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
etag: "83-93020041-5a2bb5df"
content-type: application/x-exe
last-modified: Sat, 09 Dec 2017 10:07:27 GMT
accept-ranges: bytes
server: CM4all Webserver
date: Thu, 11 Jul 2024 00:42:23 GMT
content-disposition: attachment;
content-length: 4199624
Set-Cookie: BIGipServerlxc_STAR_od_cm4allbusiness_de_http=2269295882.17412.0000; path=/; Httponly; Secure

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15755
Expires: Thu, 11 Jul 2024 05:05:00 GMT
Date: Thu, 11 Jul 2024 00:42:25 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15755
Expires: Thu, 11 Jul 2024 05:05:00 GMT
Date: Thu, 11 Jul 2024 00:42:25 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers