Report - bm-as.narod.ru/download/rekt.zip

Report Overview

Visited public
2025-01-14 09:56:41
Tags
URL
bm-as.narod.ru/download/rekt.zip
Finishing URL
about:privatebrowsing
IP / ASN
193.109.247.248
#204343 Compubyte Limited
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bm-as.narod.ru	unknown	1999-12-09	2019-02-03	2023-05-21	486 B	750 kB	193.109.247.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
bm-as.narod.ru/download/rekt.zip
IP
193.109.247.248
ASN
#204343 Compubyte Limited

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
750 kB (749677 bytes)
Hash
58dde4ce470241b40074f97875b8c674
b8f6f8769b0bf2a24a4390e0e48f47e4a264a06e
821ac8f20263f3b553d8bab48754e1eefa9550983d7fe110150f70dbd1a572f7

Archive (19)

Filename

Md5

File type

AF.TXT

e75de6312937cfcafcdebc1b28a639d0

CSV ASCII text

DATKOS.TXT

87b251da634e436319cb23869bdbd43f

CSV ASCII text

DATKS.TXT

179bb0249be36bab57f885341e173b2d

ASCII text, with no line terminators

DATSTIH.TXT

086406740564650f67a7301ddfc86a36

ASCII text, with no line terminators

DATVVL.TXT

7eef6ea9b70022a3f37025742708d14b

ASCII text, with no line terminators

DATZNS.TXT

5e3005b902ecefdc542ff09f1b3ab92b

ASCII text, with no line terminators

EKZ.TXT

0a4b12f4ec5f55e274f4d84bdb028244

CSV ASCII text

rekt.exe

f7ed92263d4e2359306be4afee9085b5

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Project5.exe

8fd977bd2098bb3c9cba08703f243938

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Project4.exe

97272fb4412f7030be297ac2ebb0d0a7

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

moon.exe

1b411d53c26ece61c403f50e1788acbe

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Project7.exe

98360268afa060b5308a92c42874a12f

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Project9.exe

9dda1b0d9a41064c2eb6f2e68503641c

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

CHIRON.TXT

bf9e29254757661a0825c12ae727415a

ASCII text, with CRLF line terminators

SWEDLL32.DLL

5102de3b9eb5da1e3250dcedbc22314a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

asp.exe

ea0a0069ac6b11913a89bc45e46dab62

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

A180.EXE

acce36da41e3b8920272a088490b2e79

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

ASPEKT.EXE

fc35b166bd906f8c8c39e34606e50b1c

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

CONJ.EXE

71911170be7bd389a87e62e553bf0beb

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
VirusTotal	malicious	VirusTotal - Scan result 13/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

bm-as.narod.ru/download/rekt.zip

193.109.247.248

200 OK

750 kB

URL User Request GET HTTP/1.1
bm-as.narod.ru/download/rekt.zip
IP
193.109.247.248:443
ASN
#204343 Compubyte Limited

Certificate
IssuerGlobalSign nv-sa
Subject*.narod.ru
Fingerprint98:9D:4A:90:E4:4F:A7:ED:FA:C0:59:5E:E2:0E:3B:53:6D:F8:00:05
ValidityTue, 02 Jul 2024 16:26:05 GMT - Sun, 03 Aug 2025 16:26:04 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
750 kB (749677 bytes)
Hash
58dde4ce470241b40074f97875b8c674
b8f6f8769b0bf2a24a4390e0e48f47e4a264a06e
821ac8f20263f3b553d8bab48754e1eefa9550983d7fe110150f70dbd1a572f7

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 13/61

HTTP Headers

GET /download/rekt.zip HTTP/1.1
Host: bm-as.narod.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jan 2025 09:56:16 GMT
Content-Type: application/zip
Content-Length: 749677
Last-Modified: Sun, 31 Mar 2013 07:32:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5157e69a-b706d"
Expires: Mon, 03 Feb 2025 09:56:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers