Report - gitlab-lepuy.iut.uca.fr/algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref

Report Overview

Visitedpublic

2024-08-11 03:10:11

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Sent	Received	IP
r10.o.lencr.org	unknown	1.6 kB	4.4 kB	23.36.77.32
geant.ocsp.sectigo.com	50227	334 B	1.2 kB	172.64.149.23
gitlab-lepuy.iut.uca.fr	unknown	550 B	48 kB	194.214.237.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-11	medium	gitlab-lepuy.iut.uca.fr/algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref_type=heads&inline=false	Detects win.whispergate.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

gitlab-lepuy.iut.uca.fr/algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref_type=heads&inline=false

IP / ASN

194.214.237.58

#2200 Renater

File Overview

File TypePE32 executable (console) Intel 80386, for MS Windows, 13 sections

Size47 kB (46779 bytes)

MD50cb98383657d6718586776d864689d72

SHA19e001a09224db9225f9200ef13c1ffc25fcafcc2

SHA2564eeeca31ee8da5a0fa5f1e390215a37859f23fa90a4691cf1ffad1a820f127f5

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.whispergate.

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen30651

Size504 B (504 bytes)

MD5b278ebaf27c527785e85180da86b54f9

SHA1ee87bf3d735648b0734efe705977f9b86155fcbd

SHA256f53b9b17675ce2f387b3fcff02c39ecc355e1fd81756731257c59ea22115c519

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F53B9B17675CE2F387B3FCFF02C39ECC355E1FD81756731257C59EA22115C519"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13177
Expires: Sun, 11 Aug 2024 06:49:22 GMT
Date: Sun, 11 Aug 2024 03:09:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen18416

Size504 B (504 bytes)

MD55ba4a4d5001d3c1bb220558ffadb6288

SHA135124980489553fa524dee96738aa3214321eb4f

SHA256b4615115fb27e0022749b39770207b4428a6dcacb53544c8f811f55ef9eb288f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B4615115FB27E0022749B39770207B4428A6DCACB53544C8F811F55EF9EB288F"
Last-Modified: Thu, 08 Aug 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Sun, 11 Aug 2024 06:18:26 GMT
Date: Sun, 11 Aug 2024 03:09:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-09

Last Seen2024-08-19

Times Seen32385

Size504 B (504 bytes)

MD59ee33ad49fc95cbec52887b67a3f8f92

SHA1a692164ae79e5d194dac7945b76eb493f261a103

SHA256f6e3ff7fe8c3e33cc9a5f443e3772734a7026ec834f48a39703f23467f33c23f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F6E3FF7FE8C3E33CC9A5F443E3772734A7026EC834F48A39703F23467F33C23F"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sun, 11 Aug 2024 03:45:46 GMT
Date: Sun, 11 Aug 2024 03:09:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-09

Last Seen2024-08-19

Times Seen28022

Size504 B (504 bytes)

MD5e1cd74cbd513bcac7faf7147dd0e9db3

SHA15c83e98e78beec3020f4942369d9c2365a7de76f

SHA256dd403ef6d8531526826d75c9ceda54beea36b5c8b8a281297331818ac6336b23

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD403EF6D8531526826D75C9CEDA54BEEA36B5C8B8A281297331818AC6336B23"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11574
Expires: Sun, 11 Aug 2024 06:22:40 GMT
Date: Sun, 11 Aug 2024 03:09:46 GMT
Connection: keep-alive

geant.ocsp.sectigo.com/

172.64.149.23

727 B

URL

geant.ocsp.sectigo.com/

IP / ASN

172.64.149.23

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size727 B (727 bytes)

MD501bd7c1934c8fcc42520a2b2357d89c6

SHA14b5819166e58c526c25d8b94758b74817eb0c7e5

SHA2565b3476ef7b5f47438fe044f0ec52c07065b11ae83c09c572bf378d994a390042

HTTP Headers

POST / HTTP/1.1
Host: geant.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 11 Aug 2024 03:09:46 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 11 Aug 2024 01:27:19 GMT
Expires: Sun, 18 Aug 2024 01:27:18 GMT
Etag: "4b5819166e58c526c25d8b94758b74817eb0c7e5"
Cache-Control: max-age=598051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8b15075aec6cb50b-OSL

GET gitlab-lepuy.iut.uca.fr/algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref_type=heads&inline=false

194.214.237.58

200 OK

47 kB

URL

gitlab-lepuy.iut.uca.fr/algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref_type=heads&inline=false

IP / ASN

194.214.237.58

#2200 Renater

Requested byN/A

Resource Info

File typePE32 executable (console) Intel 80386, for MS Windows, 13 sections

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size47 kB (46779 bytes)

MD50cb98383657d6718586776d864689d72

SHA19e001a09224db9225f9200ef13c1ffc25fcafcc2

SHA2564eeeca31ee8da5a0fa5f1e390215a37859f23fa90a4691cf1ffad1a820f127f5

Certificate Info

IssuerGEANT Vereniging

Subjectgitlab-lepuy.iut-clermont.uca.fr

FingerprintAC:22:52:F6:6D:B3:E5:32:EE:03:FC:80:8F:85:03:2C:77:A5:F8:68

ValidityFri, 15 Mar 2024 00:00:00 GMT - Sat, 15 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.whispergate.

HTTP Headers

GET /algallonet/tp1_perceptron/-/raw/main/SLP.exe?ref_type=heads&inline=false HTTP/1.1
Host: gitlab-lepuy.iut.uca.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
content-disposition: attachment; filename="SLP.exe"; filename*=UTF-8''SLP.exe
content-security-policy: 
content-type: application/octet-stream
date: Sun, 11 Aug 2024 03:09:46 GMT
etag: "474cd85b0a0d794e4a41b81ea44f6f18"
permissions-policy: interest-cohort=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-gitlab-meta: {"correlation_id":"01J4ZPKNEA2JP14B1PRRW5963H","version":"1"}
x-permitted-cross-domain-policies: none
x-request-id: 01J4ZPKNEA2JP14B1PRRW5963H
x-runtime: 0.122107
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
content-length: 46779
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen28705

Size504 B (504 bytes)

MD5cb72b4c8c0043447fb191d29a2987907

SHA1b21349d4cefa64181af49f91f868ffffb136a54a

SHA256eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13331
Expires: Sun, 11 Aug 2024 06:51:58 GMT
Date: Sun, 11 Aug 2024 03:09:47 GMT
Connection: keep-alive