Report - launcherrg.muonlines.es/Update/Update.zip

Report Overview

Visited public
2025-04-17 13:19:25
Tags
URL
launcherrg.muonlines.es/Update/Update.zip
Finishing URL
about:privatebrowsing
IP / ASN
149.56.205.98
#16276 OVH SAS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
launcherrg.muonlines.es	unknown	unknown	2025-04-17	2025-04-17	509 B	7.0 MB	149.56.205.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
launcherrg.muonlines.es/Update/Update.zip
IP
149.56.205.98
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.0 MB (6986672 bytes)
Hash
ff1d9512158de3a8bcccfb36fb5adfee
e614e946d5bf2984fe7f03113e815e39b967b8d0
9bb2dcf27a5383035e3803b7837eee71e1169178959d4a08931436417cbacda4

Archive (27)

Filename

Md5

File type

Main.dll

56a8963e9cdf95fc8cf7eb2a116b2340

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Main.exe

0a34ab863fc4961b45136333c5a8c511

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

msvcp100.dll

03e9314004f504a14a61c3d364b62f66

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr100.dll

67ec459e42d3081dd8fd34356f7cafc1

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

Xor.dll

de17a858f5080d89a668e94a74de29b5

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

MSPro.zip

49cd055cd9ced60e8c3ffea9ea66707a

Zip archive data, at least v0.0 to extract, compression method=store

IBSCategory.txt

e7eb500a0d416dc2fdad15f42e3951b4

ASCII text, with CRLF line terminators

IBSPackage.txt

de425a0393a7d2b24146d72a55d6d3ec

Unicode text, UTF-8 text, with CRLF line terminators

IBSProduct.txt

631d385fa8a6644be2dc776e0cbcebaa

ASCII text, with CRLF line terminators

Mix.bmd

50bd6ca68d5aa11cf4132bf8166c7ce3

data

BuffEffect_eng.bmd

6769b1225530f42d7162dc19777e0ca1

DitPack archive data

item_eng.bmd

c8dda7fea0fb0e951e6252df18051e46

data

movereq_eng.bmd

198fa5e8eeaacefc587d2541cf16f72b

data

BuffEffect_por.bmd

6769b1225530f42d7162dc19777e0ca1

DitPack archive data

item_por.bmd

c8dda7fea0fb0e951e6252df18051e46

data

movereq_por.bmd

198fa5e8eeaacefc587d2541cf16f72b

data

BuffEffect_spn.bmd

6769b1225530f42d7162dc19777e0ca1

DitPack archive data

item_spn.bmd

c8dda7fea0fb0e951e6252df18051e46

data

movereq_spn.bmd

198fa5e8eeaacefc587d2541cf16f72b

data

K_MuSignLegend.ozj

a80c3c227169eb52b61ea151f91801cf

JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=[*17784*]]

musign.bmd

a9ecca6450a88c061887913adb002817

data

Special.xml

c18fcfbbd8617697fbd8578de34fe3e8

ASCII text, with no line terminators

tga.ozn

9659f81f975012b738b90174060a2091

data

Progress-Bar.bmp

874b4b87aa9360a5cfe21812c4ba40ce

PC bitmap, Windows 3.x format, 450 x 25 x 32, image size 45002, resolution 2834 x 2834 px/m, cbSize 45056, bits offset 54

Xor-Ban.bmp

9b1fb716423a9c7b30d66cfad2406488

PC bitmap, Windows 3.x format, 450 x 270 x 32, image size 486002, resolution 2834 x 2834 px/m, cbSize 486056, bits offset 54

Xor-hack.bmp

2996c4217b1e404d4b7f2f64e5ba35ef

PC bitmap, Windows 3.x format, 450 x 270 x 32, image size 486002, resolution 2834 x 2834 px/m, cbSize 486056, bits offset 54

Xor-Welc.bmp

7687720d37843a5eb50b31b5c9406420

PC bitmap, Windows 3.x format, 450 x 270 x 32, image size 486002, resolution 2834 x 2834 px/m, cbSize 486056, bits offset 54

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 11/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

launcherrg.muonlines.es/Update/Update.zip

149.56.205.98

200 OK

7.0 MB

URL User Request GET
launcherrg.muonlines.es/Update/Update.zip
IP
149.56.205.98:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subject*.muonlines.es
Fingerprint27:21:11:97:3E:F4:95:4B:C4:37:E1:1B:E8:E8:EA:0D:F9:24:61:89
ValidityMon, 14 Apr 2025 17:31:32 GMT - Sun, 13 Jul 2025 17:31:31 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.0 MB (6986672 bytes)
Hash
ff1d9512158de3a8bcccfb36fb5adfee
e614e946d5bf2984fe7f03113e815e39b967b8d0
9bb2dcf27a5383035e3803b7837eee71e1169178959d4a08931436417cbacda4

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 11/67

HTTP Headers

GET /Update/Update.zip HTTP/1.1
Host: launcherrg.muonlines.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Sun, 17 Mar 2024 14:05:54 GMT
accept-ranges: bytes
content-length: 6986672
date: Thu, 17 Apr 2025 13:18:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (27)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers