{"report_id":"e33c07b6-f039-4ea9-8016-ac304dec33f2","version":6,"status":"done","tags":[],"date":"2024-12-03T22:36:56Z","url":{"schema":"http","addr":"lightcloud.click/api/download/SWAv2.zip","fqdn":"lightcloud.click","domain":"lightcloud.click","tld":"click"},"ip":{"addr":"192.250.229.115","port":0,"asn":209341,"as":"WHG Hosting Services Ltd","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-11T22:36:55Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"lightcloud.click","ip":{"addr":"192.250.229.115","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-09-23","domain_rank":0,"first_seen":"2024-09-25T17:49:37Z","last_seen":"2024-12-01T12:12:31.784924Z","alert_count":1,"request_count":1,"received_data":1429335,"sent_data":493,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"e6c495acbdbd9f1a86dccc60038b0660","sha1":"a4b56238bd4eb35fd421689f8086c7471ef4bc4f","sha256":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","sha512":"1eefce328b5ece3bd5b75a99ff0fc777c7a265a5ce1961f04d3f96938d62486202bd923e82a5a03ddacae40c90a57072cf210d9fff221424423f5e033fbbf939","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1428821,"url":{"schema":"https","addr":"lightcloud.click/api/download/SWAv2.zip","fqdn":"lightcloud.click","domain":"lightcloud.click","tld":"click"},"ip":{"addr":"192.250.229.115","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"archive":[{"path":"Guna.UI2.dll","filename":"Guna.UI2.dll","modified":"","Modified":"2023-11-25T09:37:42Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":2228104,"md5":"b429ae86c5be521bc8ca3b164cec3acb","sha1":"387560073ff5a1f2191abc6f75fc34532bbb6dd2","sha256":"3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579","sha512":"eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1","alerts":{"urlquery":null,"analyzer":null}},{"path":"Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"","Modified":"2023-03-08T09:09:54Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"SWA V2.dll","filename":"SWA V2.dll","modified":"","Modified":"2024-12-03T23:46:54Z","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":705024,"md5":"3ac690b98e953bdda05c675be917fcf9","sha1":"a7db23601ac8bc84cff559f8d4190ca60708a1ef","sha256":"7195a8edc13ff08e46be4ae8aac82395d7d514401b6588ee716697547b772af3","sha512":"ba79707dcc981493783d65cbf74c204410d8bdb2fd172cdc2228cc6751476c7119f97c0aa641791324526f6523d269426595a710a67af37cbd0e1c8ae4d72ace","alerts":{"urlquery":null,"analyzer":null}},{"path":"SWA V2.exe","filename":"SWA V2.exe","modified":"","Modified":"2024-12-03T23:46:54Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":406016,"md5":"8f59bec096bbf55c0934f97475394cca","sha1":"2f0a0fd2408c388ff740df2e6eb0a4ae3589ef33","sha256":"4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","sha512":"6364c0c820e7dd3782aa662b138093ab47c9525b19fe81527d12b2ed9f790ca4922610d22ea50a75022cfe2e07b4859576c5dad6205b8d27cec4118b2141607d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-03","alert":"Scan result 1/71","trigger":"4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","meta":null}]}},{"path":"SWA V2.runtimeconfig.json","filename":"SWA V2.runtimeconfig.json","modified":"","Modified":"2024-12-03T13:07:48Z","magic":"JSON text data","size":386,"md5":"186a65581e2f29258f54d396660409fa","sha1":"6f998d3be2e85cb5419205f867135874f27c0a3a","sha256":"e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844","sha512":"7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896","alerts":{"urlquery":null,"analyzer":null}},{"path":"System.Management.dll","filename":"System.Management.dll","modified":"","Modified":"2022-10-18T18:30:56Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":74384,"md5":"1c71e5310151ce1e9a3a92797776bdad","sha1":"fd452b874fec4a9dae61a3710fb32749dc7d701e","sha256":"f515ca5c944c332ab706ff0a7c2e53e66d0d9d8a663e9b2691b35129ee22559b","sha512":"2a4f18c77449c2d06a3ab6807338f73b03b1faa332e78319829ba3a2b6fd98bb9a83c5e29b47d55e4ce7f0dfdcd8524fa592a0f3ca8ee09daae2894b681265a8","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-03","alert":"Scan result 1/66","trigger":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","verdict":"suspicious","severity":"","comment":"suspicious - 1/66","link":"https://www.virustotal.com/gui/file/4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e6c495acbdbd9f1a86dccc60038b0660","sha1":"a4b56238bd4eb35fd421689f8086c7471ef4bc4f","sha256":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","sha512":"1eefce328b5ece3bd5b75a99ff0fc777c7a265a5ce1961f04d3f96938d62486202bd923e82a5a03ddacae40c90a57072cf210d9fff221424423f5e033fbbf939","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1428821,"url":{"schema":"https","addr":"lightcloud.click/api/download/SWAv2.zip","fqdn":"lightcloud.click","domain":"lightcloud.click","tld":"click"},"ip":{"addr":"192.250.229.115","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"archive":[{"path":"Guna.UI2.dll","filename":"Guna.UI2.dll","modified":"","Modified":"2023-11-25T09:37:42Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":2228104,"md5":"b429ae86c5be521bc8ca3b164cec3acb","sha1":"387560073ff5a1f2191abc6f75fc34532bbb6dd2","sha256":"3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579","sha512":"eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1","alerts":{"urlquery":null,"analyzer":null}},{"path":"Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"","Modified":"2023-03-08T09:09:54Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"SWA V2.dll","filename":"SWA V2.dll","modified":"","Modified":"2024-12-03T23:46:54Z","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":705024,"md5":"3ac690b98e953bdda05c675be917fcf9","sha1":"a7db23601ac8bc84cff559f8d4190ca60708a1ef","sha256":"7195a8edc13ff08e46be4ae8aac82395d7d514401b6588ee716697547b772af3","sha512":"ba79707dcc981493783d65cbf74c204410d8bdb2fd172cdc2228cc6751476c7119f97c0aa641791324526f6523d269426595a710a67af37cbd0e1c8ae4d72ace","alerts":{"urlquery":null,"analyzer":null}},{"path":"SWA V2.exe","filename":"SWA V2.exe","modified":"","Modified":"2024-12-03T23:46:54Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":406016,"md5":"8f59bec096bbf55c0934f97475394cca","sha1":"2f0a0fd2408c388ff740df2e6eb0a4ae3589ef33","sha256":"4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","sha512":"6364c0c820e7dd3782aa662b138093ab47c9525b19fe81527d12b2ed9f790ca4922610d22ea50a75022cfe2e07b4859576c5dad6205b8d27cec4118b2141607d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-03","alert":"Scan result 1/71","trigger":"4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4","meta":null}]}},{"path":"SWA V2.runtimeconfig.json","filename":"SWA V2.runtimeconfig.json","modified":"","Modified":"2024-12-03T13:07:48Z","magic":"JSON text data","size":386,"md5":"186a65581e2f29258f54d396660409fa","sha1":"6f998d3be2e85cb5419205f867135874f27c0a3a","sha256":"e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844","sha512":"7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896","alerts":{"urlquery":null,"analyzer":null}},{"path":"System.Management.dll","filename":"System.Management.dll","modified":"","Modified":"2022-10-18T18:30:56Z","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":74384,"md5":"1c71e5310151ce1e9a3a92797776bdad","sha1":"fd452b874fec4a9dae61a3710fb32749dc7d701e","sha256":"f515ca5c944c332ab706ff0a7c2e53e66d0d9d8a663e9b2691b35129ee22559b","sha512":"2a4f18c77449c2d06a3ab6807338f73b03b1faa332e78319829ba3a2b6fd98bb9a83c5e29b47d55e4ce7f0dfdcd8524fa592a0f3ca8ee09daae2894b681265a8","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-03","alert":"Scan result 1/66","trigger":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","verdict":"suspicious","severity":"","comment":"suspicious - 1/66","link":"https://www.virustotal.com/gui/file/4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"lightcloud.click/api/download/SWAv2.zip","fqdn":"lightcloud.click","domain":"lightcloud.click","tld":"click"},"ip":{"addr":"192.250.229.115","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-03T22:36:30.365Z","timestamp":1733265390365,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"webmail.lightcloud.click","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 21:17:14 GMT","end":"Mon, 24 Feb 2025 21:17:13 GMT"},"fingerprint":{"sha1":"31:4D:D1:37:B6:F9:B5:EB:C1:37:00:21:44:B9:E5:30:06:1C:BC:4B","sha256":"0D:1E:AC:A4:E9:9A:BF:4E:FB:D5:58:1D:9A:A0:B0:08:2E:5E:4B:09:1F:CA:C2:E4:FD:47:A1:D0:A6:44:D0:5F"}}},"request":{"raw":"GET /api/download/SWAv2.zip HTTP/1.1\r\nHost: lightcloud.click\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-disposition: attachment; filename=SWAv2.zip\r\ncontent-type: application/zip\r\nlast-modified: Tue, 03 Dec 2024 21:47:24 GMT\r\ncache-control: no-cache\r\netag: \"1733262444.2625122-1428821-2629243232\"\r\ncontent-length: 1428821\r\ndate: Tue, 03 Dec 2024 22:36:30 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1428821,"size_decoded":1428821,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"e6c495acbdbd9f1a86dccc60038b0660","sha1":"a4b56238bd4eb35fd421689f8086c7471ef4bc4f","sha256":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","sha512":"1eefce328b5ece3bd5b75a99ff0fc777c7a265a5ce1961f04d3f96938d62486202bd923e82a5a03ddacae40c90a57072cf210d9fff221424423f5e033fbbf939","ssdeep":"24576:DKgt9v8Rt2G+SuZ/Ym1Gj2usl9jzcY0XW9DkjaLWVHcgcXg9:mgrm/uVdX9jzv74Hpcg19","tlshash":"e465330cddc627dfebac2874234ae3acce66febeb589156938c45d60539011a5035ea3","first_seen":"2024-12-03T22:37:00.535414Z","last_seen":"2024-12-03T22:37:00.535414Z","times_seen":1,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":98,"dns":66,"connect":19,"send":0,"wait":39,"receive":252,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-03","alert":"Scan result 1/66","trigger":"4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","verdict":"suspicious","severity":"","comment":"suspicious - 1/66","link":"https://www.virustotal.com/gui/file/4359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7","meta":null}],"urlquery":null}}]}