Report - dl.lyl.gg/LyL-Launcher.exe

Report Overview

Visited public
2024-08-17 10:40:09
Tags
URL
dl.lyl.gg/LyL-Launcher.exe
Finishing URL
about:privatebrowsing
IP / ASN
104.26.4.5
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
dl.lyl.gg	unknown	480 B	140 kB	172.67.70.147
r11.o.lencr.org	unknown	654 B	1.8 kB	23.36.76.226
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-17	medium	dl.lyl.gg/LyL-Launcher.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl.lyl.gg/LyL-Launcher.exe
IP
172.67.70.147
ASN
#13335 CLOUDFLARENET

File type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
140 kB (139768 bytes)
Hash
928fa58ba97fbe9baeb259fdd46fbdcf
250972595a8af89021cefb5180302607ab33f154
4446fc2580873a1a35fff0c52c19e7a5b8946fff1fe7e34d11a2cce478707dc8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/74

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
219f59137337a0ee601729cab5ec83f6
85f2e3496820405559fd526b44b9a915e0009a4f
f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3894
Expires: Sat, 17 Aug 2024 11:44:37 GMT
Date: Sat, 17 Aug 2024 10:39:43 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2df91286f49e58e16a376311a3bd4a11
f91a1585d976cf80ae4702b607130dc84e095e81
b6aa8b353b34cd929b75a9baf0f9953435f07d0118004f1e0bf72e5e15498fe4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6AA8B353B34CD929B75A9BAF0F9953435F07D0118004F1E0BF72E5E15498FE4"
Last-Modified: Fri, 16 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14275
Expires: Sat, 17 Aug 2024 14:37:38 GMT
Date: Sat, 17 Aug 2024 10:39:43 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d209e16679910b467c26590a0073236
ddd59fa6902b498e9c0cfb22e342757f954789d0
9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5"
Last-Modified: Wed, 14 Aug 2024 21:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11340
Expires: Sat, 17 Aug 2024 13:48:43 GMT
Date: Sat, 17 Aug 2024 10:39:43 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2ae189346fbf1c4db44f325fbc27cdd1
3bfaab5d83d905673ff9ca4dd91d7c2cb34ddb76
9d811dddbb6915131e8f2a84ab84709f47697ebdf51b0fe839150f95c924c0ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9D811DDDBB6915131E8F2A84AB84709F47697EBDF51B0FE839150F95C924C0AE"
Last-Modified: Fri, 16 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10994
Expires: Sat, 17 Aug 2024 13:42:57 GMT
Date: Sat, 17 Aug 2024 10:39:43 GMT
Connection: keep-alive

dl.lyl.gg/LyL-Launcher.exe

172.67.70.147

200 OK

140 kB

URL User Request GET HTTP/2
dl.lyl.gg/LyL-Launcher.exe
IP
172.67.70.147:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlyl.gg
FingerprintB1:6D:90:5A:32:C3:E4:9F:C0:D1:C6:85:91:0F:A6:74:FC:01:43:D4
ValidityWed, 07 Aug 2024 06:09:39 GMT - Tue, 05 Nov 2024 06:09:38 GMT

File type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
140 kB (139768 bytes)
Hash
928fa58ba97fbe9baeb259fdd46fbdcf
250972595a8af89021cefb5180302607ab33f154
4446fc2580873a1a35fff0c52c19e7a5b8946fff1fe7e34d11a2cce478707dc8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/74

HTTP Headers

GET /LyL-Launcher.exe HTTP/1.1
Host: dl.lyl.gg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Aug 2024 10:39:43 GMT
content-type: application/x-msdownload
content-length: 139768
last-modified: Tue, 16 Mar 2021 00:50:12 GMT
etag: "221f8-5bd9cbfb22101"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drsVueIzVQbhh7H4UPdRaMCWFA7%2BNAyVPjwuTy92rJ76QIuy6MaZ1m312xwKB4FNvzXCnnbee8dctGV%2Bu%2BFHN7EwDl9VObs8PCs80Lvoxik1Xi9AscRDBL5j0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b490aba5d6a0b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16757
Expires: Sat, 17 Aug 2024 15:19:02 GMT
Date: Sat, 17 Aug 2024 10:39:45 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers