{"report_id":"b67365c1-37d1-4a1a-bbd8-110c91ec349a","version":6,"status":"done","tags":[],"date":"2024-11-24T05:02:20Z","url":{"schema":"http","addr":"dragokas.com/tools/HiJackThis_test.zip","fqdn":"dragokas.com","domain":"dragokas.com","tld":"com"},"ip":{"addr":"172.66.0.158","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-02T05:02:19Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"dragokas.com","ip":{"addr":"172.66.0.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2014-11-21","domain_rank":0,"first_seen":"2015-01-19T06:44:23Z","last_seen":"2024-11-24T05:01:52.307966Z","alert_count":1,"request_count":1,"received_data":4371725,"sent_data":492,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"f8290fcc35279725b1740eb77e626472","sha1":"00fa3bcf6bcf89db290e68c4544129c494582ce2","sha256":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","sha512":"f9cbdca5663e31521c57af1832f90268b17e597967ba0c6134e3558bbee042aaba529ec4baf31e48b3b9604388a0ed46d8c9143a21bc25af6d1f169748bc372b","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":4370811,"url":{"schema":"https","addr":"dragokas.com/tools/HiJackThis_test.zip","fqdn":"dragokas.com","domain":"dragokas.com","tld":"com"},"ip":{"addr":"172.66.0.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":[{"path":"apps/abr.exe","filename":"abr.exe","modified":"","Modified":"2024-01-10T19:09:48+02:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":112640,"md5":"769f78e61da897aeb15f3378818b97ff","sha1":"eb25c52864423511ad58069d59d53a727687452a","sha256":"fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","sha512":"d6d8dc8965cd5257ffeca5b9e6162796a6435c897e6f529ab25d85b9a7ac78945599ab70998c6552b45960e5a4e478b2c35ee209fe0f98363a07eff072510531","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-18","alert":"Scan result 1/73","trigger":"fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","meta":null}]}},{"path":"apps/VBCCR17.OCX","filename":"VBCCR17.OCX","modified":"","Modified":"2023-07-21T23:22:41+02:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections","size":5609552,"md5":"e7aaa82f0a491fe4cf7603038758af41","sha1":"cbff47d3ee71ce3b73f5e8c9be6582711bc370f5","sha256":"b8d73bc915d8c617204979588f788f5dcd90d30df026afe9bde5fe3c39e36dcc","sha512":"23cf3281cf4f7dda81fea92570dade07962cb01c7bd65d3be416d9a684b27c315699962c16f5842fc3fe35a5fd67c1faf93decc9e6f9191304ebd0eb2b2e4163","alerts":{"urlquery":null,"analyzer":null}},{"path":"HiJackThis.exe","filename":"HiJackThis.exe","modified":"","Modified":"2024-11-10T13:04:47+02:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections","size":6894824,"md5":"3750bf953436b76ac4a92146f75a6e9a","sha1":"825bcb8426e1d745ff8df0bcf8198c3dff1afbe4","sha256":"fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","sha512":"b0cdbe169947c544547e38f4095b24dd861a67627eb6806110f629336860767869797e9b0f269c0894b6c57cb177e7bbfad4277e7200fbba99c145b64f47bd88","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-24","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"HiJackThis.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-22","alert":"Scan result 1/72","trigger":"fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-24","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"HiJackThis.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-24","alert":"Scan result 1/68","trigger":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f8290fcc35279725b1740eb77e626472","sha1":"00fa3bcf6bcf89db290e68c4544129c494582ce2","sha256":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","sha512":"f9cbdca5663e31521c57af1832f90268b17e597967ba0c6134e3558bbee042aaba529ec4baf31e48b3b9604388a0ed46d8c9143a21bc25af6d1f169748bc372b","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":4370811,"url":{"schema":"https","addr":"dragokas.com/tools/HiJackThis_test.zip","fqdn":"dragokas.com","domain":"dragokas.com","tld":"com"},"ip":{"addr":"172.66.0.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":[{"path":"apps/abr.exe","filename":"abr.exe","modified":"","Modified":"2024-01-10T19:09:48+02:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":112640,"md5":"769f78e61da897aeb15f3378818b97ff","sha1":"eb25c52864423511ad58069d59d53a727687452a","sha256":"fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","sha512":"d6d8dc8965cd5257ffeca5b9e6162796a6435c897e6f529ab25d85b9a7ac78945599ab70998c6552b45960e5a4e478b2c35ee209fe0f98363a07eff072510531","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-18","alert":"Scan result 1/73","trigger":"fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/fe0b4c38e7b1ca7ffce3d4f99d6f6e021fcc121e2ba12d4669df1fb72b15fc13","meta":null}]}},{"path":"apps/VBCCR17.OCX","filename":"VBCCR17.OCX","modified":"","Modified":"2023-07-21T23:22:41+02:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections","size":5609552,"md5":"e7aaa82f0a491fe4cf7603038758af41","sha1":"cbff47d3ee71ce3b73f5e8c9be6582711bc370f5","sha256":"b8d73bc915d8c617204979588f788f5dcd90d30df026afe9bde5fe3c39e36dcc","sha512":"23cf3281cf4f7dda81fea92570dade07962cb01c7bd65d3be416d9a684b27c315699962c16f5842fc3fe35a5fd67c1faf93decc9e6f9191304ebd0eb2b2e4163","alerts":{"urlquery":null,"analyzer":null}},{"path":"HiJackThis.exe","filename":"HiJackThis.exe","modified":"","Modified":"2024-11-10T13:04:47+02:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections","size":6894824,"md5":"3750bf953436b76ac4a92146f75a6e9a","sha1":"825bcb8426e1d745ff8df0bcf8198c3dff1afbe4","sha256":"fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","sha512":"b0cdbe169947c544547e38f4095b24dd861a67627eb6806110f629336860767869797e9b0f269c0894b6c57cb177e7bbfad4277e7200fbba99c145b64f47bd88","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-24","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"HiJackThis.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-22","alert":"Scan result 1/72","trigger":"fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/fb73eb5db3de9496694b72d591040a0abc7509b50c242d5a56d7f60f34872f51","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-24","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"HiJackThis.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-24","alert":"Scan result 1/68","trigger":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"dragokas.com/tools/HiJackThis_test.zip","fqdn":"dragokas.com","domain":"dragokas.com","tld":"com"},"ip":{"addr":"172.66.0.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-24T05:01:53.721Z","timestamp":1732424513721,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"dragokas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Nov 2024 14:36:08 GMT","end":"Fri, 07 Feb 2025 14:36:07 GMT"},"fingerprint":{"sha1":"06:A1:FE:7A:B5:08:9D:36:67:09:7D:9C:47:4A:5D:96:51:DF:2E:AA","sha256":"51:16:60:C3:3E:6B:37:57:EC:2F:11:63:53:4C:AB:4B:E6:81:9F:87:E8:86:CB:B7:4E:06:7A:D4:51:F2:85:E7"}}},"request":{"raw":"GET /tools/HiJackThis_test.zip HTTP/1.1\r\nHost: dragokas.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 24 Nov 2024 05:01:53 GMT\r\ncontent-type: application/zip\r\ncontent-length: 4370811\r\nx-ray: wnp22404:0.010/wn22404:0.010/wa22404:D=246\r\nlast-modified: Sun, 10 Nov 2024 11:06:08 GMT\r\netag: \"42b17b-6268cf8a1fefd\"\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ZdH1LpzX3yTMWpTZmIJHUfErKBZocfToFJ20LGYq86ck7Clz4%2F7AXoytfCtTHyDAkPqeF%2B%2FCwHlaTDYGZRnwI1EPCQdh5STI7C3cmc5JNRZulH8HHrpUI4olm0IsrTA%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8e76d7fb087b0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22081\u0026sent=9\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3219\u0026recv_bytes=1308\u0026delivery_rate=251228\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=2f80fe53a29353d0\u0026ts=238\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4370811,"size_decoded":4370811,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"f8290fcc35279725b1740eb77e626472","sha1":"00fa3bcf6bcf89db290e68c4544129c494582ce2","sha256":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","sha512":"f9cbdca5663e31521c57af1832f90268b17e597967ba0c6134e3558bbee042aaba529ec4baf31e48b3b9604388a0ed46d8c9143a21bc25af6d1f169748bc372b","ssdeep":"98304:S5YRs1tfoSSk5wSWQAMm22c5OwKnAQbW5MdeSeesTPTaAPiiXy:SuiFv5NW2muowe9deTr2d","tlshash":"c41633843dadd2f02d17acbdda6112e3d3f4a5168f4a37f48d6aad07eac63244042d67","first_seen":"2024-11-15T05:48:36.272126Z","last_seen":"2024-12-21T15:51:30.16296Z","times_seen":36,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":46,"dns":1,"connect":18,"send":0,"wait":211,"receive":412,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-24","alert":"Scan result 1/68","trigger":"687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/687a9a2114c01baabcaff71ff8892acfa85059a68c7c5b8fad046ee83df5c223","meta":null}],"urlquery":null}}]}