Report - ftp.vector.co.jp/06/39/2158/lname11.exe?a8=OZ2qUZfm4kHAYGn

Report Overview

Visitedpublic

2024-08-06 00:57:23

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Sent	Received	IP
r10.o.lencr.org	unknown	2.0 kB	5.3 kB	23.33.119.27
ssocsp.cybertrust.ne.jp	21077	345 B	1.7 kB	124.24.55.35
ftp.vector.co.jp	unknown	512 B	240 kB	180.214.37.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ftp.vector.co.jp/06/39/2158/lname11.exe?a8=OZ2qUZfm4kHAYGn

IP / ASN

180.214.37.164

#23637 Equinix Japan Enterprise K.K.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size240 kB (239974 bytes)

MD571be087662f21616d74e8e68d95a816c

SHA13e0be653e5eb54167055cb763d647e44d0f9f807

SHA25669b53529900b9c495ecb801402bc02f59cc1be051454a3f33220182f805807a9

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/72

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-19

Times Seen13648

Size504 B (504 bytes)

MD5addc02313d62bf977d4b5dd463b48637

SHA149b5e37e2888a9db981bd54827c4f4c7b9f7b53a

SHA2569b553a61256a129f9c5c31614a702c4f0441a3f018cc2b3897ab2cc16e184eeb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9B553A61256A129F9C5C31614A702C4F0441A3F018CC2B3897AB2CC16E184EEB"
Last-Modified: Sat, 03 Aug 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10112
Expires: Tue, 06 Aug 2024 03:45:29 GMT
Date: Tue, 06 Aug 2024 00:56:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-03

Last Seen2024-08-19

Times Seen15400

Size504 B (504 bytes)

MD5fbcbba6bdbe62bf043a449052e96c537

SHA178ba577fb46d8f5471d6b956b571a64840d68762

SHA256af55de43044220deca1e257adc161f81a25c20dd9e7208ee4efec19b1a194f2a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AF55DE43044220DECA1E257ADC161F81A25C20DD9E7208EE4EFEC19B1A194F2A"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9948
Expires: Tue, 06 Aug 2024 03:42:45 GMT
Date: Tue, 06 Aug 2024 00:56:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-03

Last Seen2024-08-19

Times Seen30175

Size504 B (504 bytes)

MD58bd7201be8d12c4b511d2c5643b45dbc

SHA1f2ecb2ebafbf4f8d92f92007753001befcedc634

SHA25625cb2e6ad29d4503f32121fbe37e2b0f4ce64a7f6cb57233ebf16df5d6b78d53

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "25CB2E6AD29D4503F32121FBE37E2B0F4CE64A7F6CB57233EBF16DF5D6B78D53"
Last-Modified: Sat, 03 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10011
Expires: Tue, 06 Aug 2024 03:43:48 GMT
Date: Tue, 06 Aug 2024 00:56:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-21

Times Seen29425

Size504 B (504 bytes)

MD53653abf0951eea060f104ae59d60cf7c

SHA175790e8c59cb78c77ab522e7dc7140b62a046bb9

SHA256d059eeda67b64dd02259f5a9352df39cc808e3f9e03068a434e0f6486814893d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D059EEDA67B64DD02259F5A9352DF39CC808E3F9E03068A434E0F6486814893D"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9407
Expires: Tue, 06 Aug 2024 03:33:44 GMT
Date: Tue, 06 Aug 2024 00:56:57 GMT
Connection: keep-alive

ssocsp.cybertrust.ne.jp/OcspServer

124.24.55.35

1.5 kB

URL

ssocsp.cybertrust.ne.jp/OcspServer

IP / ASN

124.24.55.35

#2510 FUJITSU LIMITED

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size1.5 kB (1480 bytes)

MD55ae61b4f2d918549dfb264cb9e2789fd

SHA1af81a83b7b7f7cf98d313f3390993964748c4330

SHA256b043034cd942eb6cb18cd398ebbc7b3e35cd65e2bc6c79e89184994cba017f5d

HTTP Headers

POST /OcspServer HTTP/1.1
Host: ssocsp.cybertrust.ne.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Aug 2024 00:56:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1480
Connection: keep-alive
Keep-Alive: timeout=2

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-19

Times Seen13648

Size504 B (504 bytes)

MD5c350bdea34be0056bcbf94491fba7533

SHA1f5924cf49bcc6dd310024b824003661ab02b68a7

SHA256ed2ee90d287f8197865a711dccfa26dd2be9d5ee12f8ea8170de7def17b82ff4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED2EE90D287F8197865A711DCCFA26DD2BE9D5EE12F8EA8170DE7DEF17B82FF4"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10685
Expires: Tue, 06 Aug 2024 03:55:04 GMT
Date: Tue, 06 Aug 2024 00:56:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-04

Last Seen2024-08-19

Times Seen13648

Size504 B (504 bytes)

MD5c350bdea34be0056bcbf94491fba7533

SHA1f5924cf49bcc6dd310024b824003661ab02b68a7

SHA256ed2ee90d287f8197865a711dccfa26dd2be9d5ee12f8ea8170de7def17b82ff4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED2EE90D287F8197865A711DCCFA26DD2BE9D5EE12F8EA8170DE7DEF17B82FF4"
Last-Modified: Sat, 03 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10685
Expires: Tue, 06 Aug 2024 03:55:04 GMT
Date: Tue, 06 Aug 2024 00:56:59 GMT
Connection: keep-alive

GET ftp.vector.co.jp/06/39/2158/lname11.exe?a8=OZ2qUZfm4kHAYGn

180.214.37.164

200 OK

240 kB

URL

ftp.vector.co.jp/06/39/2158/lname11.exe?a8=OZ2qUZfm4kHAYGn

IP / ASN

180.214.37.164

#23637 Equinix Japan Enterprise K.K.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2024-01-05

Last Seen2024-08-20

Times Seen3

Size240 kB (239974 bytes)

MD571be087662f21616d74e8e68d95a816c

SHA13e0be653e5eb54167055cb763d647e44d0f9f807

SHA25669b53529900b9c495ecb801402bc02f59cc1be051454a3f33220182f805807a9

Certificate Info

IssuerCybertrust Japan Co., Ltd.

Subject*.vector.co.jp

FingerprintC1:35:21:DA:4A:69:8A:3D:F9:00:D9:97:2C:78:D0:6B:42:63:A0:E6

ValidityThu, 07 Dec 2023 06:13:11 GMT - Thu, 02 Jan 2025 14:59:00 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/72

HTTP Headers

GET /06/39/2158/lname11.exe?a8=OZ2qUZfm4kHAYGn HTTP/1.1
Host: ftp.vector.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Aug 2024 00:56:59 GMT
Server: Apache
Last-Modified: Sun, 21 Sep 1997 01:01:00 GMT
ETag: "3e807a4-3a966-31ba119670b00"
Accept-Ranges: bytes
Content-Length: 239974
Content-Disposition: attachment; filename=lname11.exe
Connection: close
Content-Type: application/octet-stream