Report - dw53.softmany.com/dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe

Report Overview

Visitedpublic

2024-12-17 16:46:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
dw53.softmany.com	unknown	2019-07-23	2024-10-25	2024-11-30	529 B	293 kB	104.25.148.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-17	medium	dw53.softmany.com/dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe	detect_Redline_Stealer

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dw53.softmany.com/dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe

IP / ASN

104.25.148.12

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

Size292 kB (292184 bytes)

MD5bcbb7c0cd9696068988953990ec5bd11

SHA13c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA25634f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET dw53.softmany.com/dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe

104.25.148.12

200 OK

292 kB

URL

dw53.softmany.com/dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe

IP / ASN

104.25.148.12

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

First Seen2023-04-23

Last Seen2025-05-20

Times Seen175

Size292 kB (292184 bytes)

MD5bcbb7c0cd9696068988953990ec5bd11

SHA13c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA25634f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

Certificate Info

IssuerGoogle Trust Services

Subjectdw53.softmany.com

FingerprintDB:F4:85:9A:22:82:61:8F:D9:02:79:56:03:48:DD:56:78:F5:68:A7

ValidityThu, 24 Oct 2024 14:47:53 GMT - Wed, 22 Jan 2025 15:47:50 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer

HTTP Headers

GET /dwnld/329/f9GrVupptL1c9JiFTKE36jlsV2P7JvOd/dxwebsetup.exe HTTP/1.1
Host: dw53.softmany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 17 Dec 2024 16:45:51 GMT
content-type: application/x-dosexec
content-length: 292184
cf-ray: 8f3862cb9a0f5699-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=86400, must-revalidate, post-check=0, pre-check=0
content-disposition: attachment; filename="dxwebsetup.exe"
etag: "5e218e26-47558"
expires: -1
last-modified: Fri, 17 Jan 2020 10:36:22 GMT
vary: Accept-Encoding
cf-apo-via: origin,host
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kYDQtV1QTxwdoOaTqK2Qzn4GCpQMlONg5jNzmJh0kEm84%2BNkwDW9LoiDoXJ5vEY7gIX2D3%2FsRQ1PmNk4sRvDyovJ2A4oqhZYajSghuYUC8E3Nb7ZCixwAohtz854y%2FHEny7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5843&min_rtt=448&rtt_var=10795&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1293&delivery_rate=6118309&cwnd=254&unsent_bytes=0&cid=a7c018c85b749f3b&ts=69&x=0"
X-Firefox-Spdy: h2