Report Overview
Visitedpublic
2025-02-11 22:59:19
Tags
Submit Tags
URL
salmon-amalea-92.tiiny.site/SOLARA.exe
Finishing URL
about:privatebrowsing
IP / ASN
3.164.206.66
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
salmon-amalea-92.tiiny.site 5 alert(s) on this Host | unknown | 2020-04-21 | 2025-02-11 | 2025-02-11 | 504 B | 80 kB | 54.240.174.105 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2025-02-11 | medium | salmon-amalea-92.tiiny.site/SOLARA.exe | Detects XWorm RAT |
| 2025-02-11 | medium | salmon-amalea-92.tiiny.site/SOLARA.exe | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| 2025-02-11 | medium | salmon-amalea-92.tiiny.site/SOLARA.exe | EXE_RAT_XWorm_April2024 |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
salmon-amalea-92.tiiny.site/SOLARA.exe
IP / ASN
54.240.174.105
File Overview
File TypePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size79 kB (78848 bytes)
MD529d0e08e0fc7b20565a83fb2e01f2897
SHA1aba4a8b86e0836a791b3b3ca057954df3d6591cc
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| RussianPanda public YARA rules | malware | Detects XWorm RAT |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| YARAhub by abuse.ch | malware | EXE_RAT_XWorm_April2024 |
| VirusTotal | malicious | |
| ClamAV | malicious | Win.Packed.njRAT-10002074-1 |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|