Report - gitlab-lepuy.iut.uca.fr/micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref

Report Overview

Visitedpublic

2024-07-03 10:50:56

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-01 18:12:04	1.6 kB	4.4 kB	23.36.76.226
geant.ocsp.sectigo.com	50227	2018-08-16	2020-04-15 16:47:00	2024-07-02 18:48:40	334 B	1.2 kB	172.64.149.23
gitlab-lepuy.iut.uca.fr	unknown	2011-02-24	2022-12-05 12:20:35	2024-03-17 04:25:13	545 B	47 kB	194.214.237.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-03	medium	gitlab-lepuy.iut.uca.fr/micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref_type=heads&inline=false	Detects win.whispergate.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

gitlab-lepuy.iut.uca.fr/micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref_type=heads&inline=false

IP / ASN

194.214.237.58

#2200 Renater

File Overview

File TypePE32 executable (console) Intel 80386, for MS Windows, 13 sections

Size46 kB (45755 bytes)

MD5482fbc88d62de9ed5b0bcf7bce97db8f

SHA16facd3f0130420b059b55414909b0b9accd04b1a

SHA256e1f8c06c9abb7ddd592e91a476aa57dc48378adf93d2dc4b1bb235f2a5c50afe

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.whispergate.

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-03

Last Seen2024-08-19

Times Seen45866

Size504 B (504 bytes)

MD5957cd8e6bd774045d4cab550ce76f80a

SHA1d06d4246273e9ba4fba69494038c77f5c53aadb6

SHA256e4778c960b009c229dbb555ff7679b6d245d6f7111fd66fd5c514847b06acdbb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4778C960B009C229DBB555FF7679B6D245D6F7111FD66FD5C514847B06ACDBB"
Last-Modified: Wed, 03 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6960
Expires: Wed, 03 Jul 2024 12:46:30 GMT
Date: Wed, 03 Jul 2024 10:50:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-02

Last Seen2024-08-19

Times Seen54016

Size504 B (504 bytes)

MD5b8ee6ca153df6819132dd5d8a6ba5c76

SHA10ed0f0f631777272bd71ba23719e71695c9d95e1

SHA256bdca7ce7bb6febd6a6afb56a828cf4422c1a8971524484e8128cafad8e6b3367

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BDCA7CE7BB6FEBD6A6AFB56A828CF4422C1A8971524484E8128CAFAD8E6B3367"
Last-Modified: Tue, 02 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3522
Expires: Wed, 03 Jul 2024 11:49:13 GMT
Date: Wed, 03 Jul 2024 10:50:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-02

Last Seen2024-08-19

Times Seen24816

Size504 B (504 bytes)

MD529a90370a62299ab28dd09d9bb017b64

SHA154e136495ccb82671708b41981735ca7b384c63f

SHA256af9ff8700281064d12b8237fa5350720f4c67756063b971777a353aee916bc59

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AF9FF8700281064D12B8237FA5350720F4C67756063B971777A353AEE916BC59"
Last-Modified: Tue, 02 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6298
Expires: Wed, 03 Jul 2024 12:35:29 GMT
Date: Wed, 03 Jul 2024 10:50:31 GMT
Connection: keep-alive

geant.ocsp.sectigo.com/

172.64.149.23

727 B

URL

geant.ocsp.sectigo.com/

IP / ASN

172.64.149.23

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size727 B (727 bytes)

MD56115022ca978bd21ab2c3b0da84c5305

SHA13e670378352fad2407a3b7f46fe2ef1772e6c1be

SHA2561b73b5699b2240fcf872b95568a725a51f2367fbcf64c0adc398f4f20e4458bb

HTTP Headers

POST / HTTP/1.1
Host: geant.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Jul 2024 10:50:31 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 30 Jun 2024 00:41:37 GMT
Expires: Sun, 07 Jul 2024 00:41:36 GMT
Etag: "3e670378352fad2407a3b7f46fe2ef1772e6c1be"
Cache-Control: max-age=308464,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 89d650ac2d3692cd-CPH

GET gitlab-lepuy.iut.uca.fr/micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref_type=heads&inline=false

194.214.237.58

200 OK

46 kB

URL

gitlab-lepuy.iut.uca.fr/micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref_type=heads&inline=false

IP / ASN

194.214.237.58

#2200 Renater

Requested byN/A

Resource Info

File typePE32 executable (console) Intel 80386, for MS Windows, 13 sections

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size46 kB (45755 bytes)

MD5482fbc88d62de9ed5b0bcf7bce97db8f

SHA16facd3f0130420b059b55414909b0b9accd04b1a

SHA256e1f8c06c9abb7ddd592e91a476aa57dc48378adf93d2dc4b1bb235f2a5c50afe

Certificate Info

IssuerGEANT Vereniging

Subjectgitlab-lepuy.iut-clermont.uca.fr

FingerprintAC:22:52:F6:6D:B3:E5:32:EE:03:FC:80:8F:85:03:2C:77:A5:F8:68

ValidityFri, 15 Mar 2024 00:00:00 GMT - Sat, 15 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.whispergate.

HTTP Headers

GET /micartalco/r4_04_tp1/-/raw/main/SLP.exe?ref_type=heads&inline=false HTTP/1.1
Host: gitlab-lepuy.iut.uca.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
content-disposition: attachment; filename="SLP.exe"; filename*=UTF-8''SLP.exe
content-security-policy: 
content-type: application/octet-stream
date: Wed, 03 Jul 2024 10:50:32 GMT
etag: "c7281f0bf412a761e8f6786a05e653da"
permissions-policy: interest-cohort=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-gitlab-meta: {"correlation_id":"01J1W3FA50WHTV68R2AKZ8AMRW","version":"1"}
x-permitted-cross-domain-policies: none
x-request-id: 01J1W3FA50WHTV68R2AKZ8AMRW
x-runtime: 0.066050
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
content-length: 45755
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-03

Last Seen2024-08-19

Times Seen49369

Size504 B (504 bytes)

MD520f6da3946882ea83e1d78dfaedbf953

SHA11a8f214ff6a98dae0e57244bac88b6721452a40c

SHA256a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13324
Expires: Wed, 03 Jul 2024 14:32:37 GMT
Date: Wed, 03 Jul 2024 10:50:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-03

Last Seen2024-08-19

Times Seen49369

Size504 B (504 bytes)

MD520f6da3946882ea83e1d78dfaedbf953

SHA11a8f214ff6a98dae0e57244bac88b6721452a40c

SHA256a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13324
Expires: Wed, 03 Jul 2024 14:32:37 GMT
Date: Wed, 03 Jul 2024 10:50:33 GMT
Connection: keep-alive