Report - 192.3.176.138/70/asusns.exe

Report Overview

Visitedpublic

2024-08-29 03:41:57

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-28 18:12:05	2.0 kB	5.3 kB	23.33.119.27
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-28 18:12:07	981 B	2.7 kB	23.33.119.27
192.3.176.138	unknown	unknown	2017-02-07 10:03:22	2021-12-17 16:28:26	397 B	719 kB	192.3.176.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-29 03:41:33	medium	Client IP	192.3.176.138	ET INFO Executable Download from dotted-quad Host
2024-08-29 03:41:33	high	192.3.176.138	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2024-08-29 03:41:33	medium	192.3.176.138	Client IP	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	192.3.176.138/70/asusns.exe	Identify partial Agent Tesla strings

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	192.3.176.138	Sinkholed

ThreatFox

No alerts detected

File detected

URL

192.3.176.138/70/asusns.exe

IP / ASN

192.3.176.138

#36352 AS-COLOCROSSING

File Overview

File TypePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Size718 kB (718336 bytes)

MD50e3ed8b5e5952cffc0e119b6082a6599

SHA1b8275da931abd327fb0ad3b102a5917aa950c636

SHA256e5797ef4bea22b1d24a9147c48726e9960ffa1b5866e04c11de117531483fe9d

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Identify partial Agent Tesla strings
VirusTotal	malicious	VirusTotal - Scan result 57/73

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r11.o.lencr.org/

23.33.119.27

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-29

Times Seen11048

Size504 B (504 bytes)

MD538cbe2bf8b6d9ff466a715bd835ea451

SHA134536bdff6310a8b4ccb1bee5eb1ddd98ed57a0f

SHA2561ae38d2373eb268f96ff536531fdc13ba00a9c4bd66496cd7e434e0d2e68a02f

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1AE38D2373EB268F96FF536531FDC13BA00A9C4BD66496CD7E434E0D2E68A02F"
Last-Modified: Wed, 28 Aug 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9126
Expires: Thu, 29 Aug 2024 06:13:37 GMT
Date: Thu, 29 Aug 2024 03:41:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen15665

Size504 B (504 bytes)

MD5e39dce5ea747184cd9620a6a6cb8835f

SHA1bbc61ed7858f2eb5554561ba25639c1fbe6898f4

SHA2562a600466bc852e883cba5f66b9179846ba7263ea2ef806f62666923a82bb7e8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2A600466BC852E883CBA5F66B9179846BA7263EA2EF806F62666923A82BB7E8D"
Last-Modified: Wed, 28 Aug 2024 14:36:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10617
Expires: Thu, 29 Aug 2024 06:38:28 GMT
Date: Thu, 29 Aug 2024 03:41:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-29

Last Seen2024-08-31

Times Seen14619

Size504 B (504 bytes)

MD5394892113e0ffb33f2ffdbe727637967

SHA16356e0f13c62b88d4f8a3a20336c86b21b9e7b43

SHA2567bfca20b125a7ca370d17340cd1425663c1c6e81f8a0c42aa9703e88e2fa5ebd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7BFCA20B125A7CA370D17340CD1425663C1C6E81F8A0C42AA9703E88E2FA5EBD"
Last-Modified: Wed, 28 Aug 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11981
Expires: Thu, 29 Aug 2024 07:01:13 GMT
Date: Thu, 29 Aug 2024 03:41:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen18617

Size504 B (504 bytes)

MD5fdbea8492a4c466e40797f5c241f80c0

SHA15b54da6a3949155c0e32e21a9c438e255ad71720

SHA256965090df69898508429e57657077a1625c55dd348039f37cbb2451d9460886a0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "965090DF69898508429E57657077A1625C55DD348039F37CBB2451D9460886A0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8395
Expires: Thu, 29 Aug 2024 06:01:27 GMT
Date: Thu, 29 Aug 2024 03:41:32 GMT
Connection: keep-alive

GET 192.3.176.138/70/asusns.exe

192.3.176.138

718 kB

URL

192.3.176.138/70/asusns.exe

IP / ASN

192.3.176.138

#36352 AS-COLOCROSSING

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

First Seen2024-08-15

Last Seen2024-09-19

Times Seen4

Size718 kB (718336 bytes)

MD50e3ed8b5e5952cffc0e119b6082a6599

SHA1b8275da931abd327fb0ad3b102a5917aa950c636

SHA256e5797ef4bea22b1d24a9147c48726e9960ffa1b5866e04c11de117531483fe9d

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Identify partial Agent Tesla strings
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 57/73
suricata	medium	ET INFO Executable Download from dotted-quad Host
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	medium	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

HTTP Headers

GET /70/asusns.exe HTTP/1.1
Host: 192.3.176.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Aug 2024 03:41:33 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Thu, 15 Aug 2024 08:48:02 GMT
ETag: "af600-61fb4e681f070"
Accept-Ranges: bytes
Content-Length: 718336
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/lnk

r11.o.lencr.org/

23.33.119.57

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Thu, 29 Aug 2024 06:07:03 GMT
Date: Thu, 29 Aug 2024 03:41:33 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Thu, 29 Aug 2024 06:07:03 GMT
Date: Thu, 29 Aug 2024 03:41:33 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Thu, 29 Aug 2024 06:07:03 GMT
Date: Thu, 29 Aug 2024 03:41:33 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Thu, 29 Aug 2024 06:07:03 GMT
Date: Thu, 29 Aug 2024 03:41:33 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Thu, 29 Aug 2024 06:07:03 GMT
Date: Thu, 29 Aug 2024 03:41:33 GMT
Connection: keep-alive