Report - instalar.farmame.eu/deploy/setup.exe

Report Overview

Visitedpublic

2024-09-18 11:23:49

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
instalar.farmame.eu	unknown	unknown	2024-03-05 18:28:00	2024-03-05 18:29:08	490 B	573 kB	149.62.176.248
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-17 18:12:05	1.3 kB	3.5 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-17 18:12:27	654 B	1.8 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-09-18	medium	instalar.farmame.eu/deploy/setup.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

instalar.farmame.eu/deploy/setup.exe

IP / ASN

149.62.176.248

#43160 Avatel Telecom, SA

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size573 kB (572976 bytes)

MD547d65a16e33d406e9da79e493427bcde

SHA18943a9af59f5f63ef30436ab8e959b179e18517a

SHA256e7a54523b53a8a90dd82187a44a39c5c0bfdadb34556a920de97a2d89cfe1f03

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-17

Last Seen2024-09-20

Times Seen19419

Size504 B (504 bytes)

MD5a4e61c096fb8a0f28561b209588076fe

SHA184634c409a230cba663826d593379499fce545a8

SHA25617f85499c27b8bafbc202dc51cd5e7fa80be0988a0d820dbf8a4c81344f26da9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "17F85499C27B8BAFBC202DC51CD5E7FA80BE0988A0D820DBF8A4C81344F26DA9"
Last-Modified: Tue, 17 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5199
Expires: Wed, 18 Sep 2024 12:50:02 GMT
Date: Wed, 18 Sep 2024 11:23:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-16

Last Seen2024-09-19

Times Seen28960

Size504 B (504 bytes)

MD5b4ddabe3dc0fdf5ea3a82a9aebbb01c6

SHA1bfbff7cc66b83f1e16d8739a987f175866a6de68

SHA25673c53b2f9ea6cb310eb9df3e6d917f4649a2c2470b3ae7ee1e4bbb7102550016

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "73C53B2F9EA6CB310EB9DF3E6D917F4649A2C2470B3AE7EE1E4BBB7102550016"
Last-Modified: Sun, 15 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5848
Expires: Wed, 18 Sep 2024 13:00:51 GMT
Date: Wed, 18 Sep 2024 11:23:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-18

Last Seen2024-09-19

Times Seen4728

Size504 B (504 bytes)

MD538f288d997737ea63520680633589383

SHA110f64bb6f960351e9e44aa7a7893d6bb470ac4cd

SHA2562b69aa4b3fd8116e6398ee3c8abeedc752e2726ce5956d22cb16ef3a175b1502

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2B69AA4B3FD8116E6398EE3C8ABEEDC752E2726CE5956D22CB16EF3A175B1502"
Last-Modified: Tue, 17 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12762
Expires: Wed, 18 Sep 2024 14:56:06 GMT
Date: Wed, 18 Sep 2024 11:23:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-18

Last Seen2024-09-19

Times Seen7578

Size504 B (504 bytes)

MD501dd2ed81ace2da1f35a1168f05c1a14

SHA12bbb9554f114bc82c6c6d76652f68804596134e3

SHA256095994704e8d5a748194ff92bc91a60bf45b69218cdcbcbc6a46c6fbda9b8e46

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "095994704E8D5A748194FF92BC91A60BF45B69218CDCBCBC6A46C6FBDA9B8E46"
Last-Modified: Tue, 17 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9452
Expires: Wed, 18 Sep 2024 14:00:56 GMT
Date: Wed, 18 Sep 2024 11:23:24 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size504 B (504 bytes)

MD53b7977e12d59ce645ef332b4594cade7

SHA1f26216348557ce49ed7d2639ce92ea1af4d2928d

SHA25679e55d05db4bbf02917c20f52e41ae19bcf05c0b599aa1bdef681b5d2fc513d1

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "79E55D05DB4BBF02917C20F52E41AE19BCF05C0B599AA1BDEF681B5D2FC513D1"
Last-Modified: Wed, 18 Sep 2024 07:14:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Wed, 18 Sep 2024 17:22:34 GMT
Date: Wed, 18 Sep 2024 11:23:24 GMT
Connection: keep-alive

GET instalar.farmame.eu/deploy/setup.exe

149.62.176.248

200 OK

573 kB

URL

instalar.farmame.eu/deploy/setup.exe

IP / ASN

149.62.176.248

#43160 Avatel Telecom, SA

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size573 kB (572976 bytes)

MD547d65a16e33d406e9da79e493427bcde

SHA18943a9af59f5f63ef30436ab8e959b179e18517a

SHA256e7a54523b53a8a90dd82187a44a39c5c0bfdadb34556a920de97a2d89cfe1f03

Certificate Info

IssuerLet's Encrypt

Subjectinstalar.farmame.eu

Fingerprint3E:C6:7D:D9:AB:24:E4:8F:B7:F5:57:99:CC:DF:D7:C3:A5:35:00:D9

ValidityThu, 29 Aug 2024 07:19:21 GMT - Wed, 27 Nov 2024 07:19:20 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /deploy/setup.exe HTTP/1.1
Host: instalar.farmame.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 18 Sep 2024 11:23:24 GMT
Server: Apache/2.4.62 (Unix) OpenSSL/3.0.13
Last-Modified: Wed, 04 Sep 2024 12:27:16 GMT
ETag: "8be30-6214a4b60a218"
Accept-Ranges: bytes
Content-Length: 572976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-18

Last Seen2024-09-20

Times Seen12325

Size504 B (504 bytes)

MD545c440d4cead985bd4f1f69f84162f7b

SHA11251ec50f9cfdb548fe2e0fef4cbb146fd92a56b

SHA25691127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21033
Expires: Wed, 18 Sep 2024 17:13:58 GMT
Date: Wed, 18 Sep 2024 11:23:25 GMT
Connection: keep-alive