Report - ingoing.top/Desktop/trojan-go-windows-amd64.zip

Report Overview

Visited public
2024-02-24 23:26:01
Tags
URL
ingoing.top/Desktop/trojan-go-windows-amd64.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.65.143
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ingoing.top	unknown	2024-02-24	2024-02-24 13:53:40	2024-02-24 13:55:04	417 B	8.0 MB	172.67.163.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ingoing.top/Desktop/trojan-go-windows-amd64.zip
IP
172.67.163.232
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.0 MB (7965593 bytes)
Hash
05930c11e6056a6dacb1a29e5a1359dd
cde8c253c55443477ae62bb168ab4db1712e1c72
c4eb4b6a44395271089bb0848daea9bc6d47552c7f2c2555dfecc14c6ea6c733

Archive (10)

Filename

Md5

File type

trojan-go.exe

58819f2a69229124fec3ef05b7df9913

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 6 sections

client.json

c189ce28718d5c0cb7d1d0b39fef4706

JSON text data

client.yaml

0e5c679cef1c934129be7ec184c2e814

ASCII text

server.json

7801c987341c2967aed79ea4ca4c2c60

JSON text data

server.yaml

81562133bf85a8ec4689eadec75dadb2

ASCII text

trojan-go.service

142717be7d81993fff8270295926559f

ASCII text

trojan-go@.service

3521888279e09e3630b715d8ec84c2a4

ASCII text

geoip-only-cn-private.dat

f0360c8b90b4acc6ac6dd3befde85cac

data

geoip.dat

0c649064e1d25596fa0d714d35154e94

data

geosite.dat

4ec4deb41c7e6e7ae6d788cde48857e4

data

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 11/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

ingoing.top/Desktop/trojan-go-windows-amd64.zip

172.67.163.232

200 OK

8.0 MB

URL User Request GET HTTP/1.1
ingoing.top/Desktop/trojan-go-windows-amd64.zip
IP
172.67.163.232:80
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.0 MB (7965593 bytes)
Hash
05930c11e6056a6dacb1a29e5a1359dd
cde8c253c55443477ae62bb168ab4db1712e1c72
c4eb4b6a44395271089bb0848daea9bc6d47552c7f2c2555dfecc14c6ea6c733

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 11/63

HTTP Headers

GET /Desktop/trojan-go-windows-amd64.zip HTTP/1.1
Host: ingoing.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Feb 2024 23:25:32 GMT
Content-Type: application/octet-stream
Content-Length: 7965593
Connection: keep-alive
ETag: 87491ebc8277b55fdd5819e4a685d736
Last-Modified: Sat, 24 Feb 2024 15:53:04 GMT
Content-Disposition: attachment; filename*=UTF-8''trojan-go-windows-amd64.zip; filename=trojan-go-windows-amd64.zip
CF-Cache-Status: BYPASS
Set-Cookie: HFS_SID_=qdue5mkk5kAAAEAAlQbTPw; path=/; HttpOnly
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORfkH72vI41kqDAiSvGpnngfDNyCY8Soc1dKaGpLaNztpHOOEPX%2B9enu%2B3as%2F%2BzGUq7rzz59IYnIIho7TGiUWwm5rFZ2O0NHC%2FmckoSX9i7HZmbRqz%2FowucrwpM54w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 85ab77e36fc2568b-OSL

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers