Report Overview
Visitedpublic
2025-02-16 22:32:47
Tags
Submit Tags
urlhaus
URL
102.53.15.18/Photo.scr
Finishing URL
about:privatebrowsing
IP / ASN
102.53.15.18
#6713 Itissalat Al-MAGHRIB
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
6

Host Summary

HostRankRegisteredFirst SeenLast Seen
102.53.15.18
unknownunknownNo dataNo data

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
highClient IP
102.53.15.18
URLhaus Known malware download URL detected (2911187)
lowClient IP
102.53.15.18
ET HUNTING HTTP request for resource ending in .scr
high
102.53.15.18
Client IPET POLICY PE EXE or DLL Windows file download HTTP
medium
102.53.15.18
Client IPET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium102.53.15.18/Photo.scrDetects mining pool protocol string in Executable

OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium102.53.15.18Sinkholed

ThreatFox

No alerts detected


File detected

URL
102.53.15.18/Photo.scr
IP / ASN
102.53.15.18
#6713 Itissalat Al-MAGHRIB
File Overview
File TypePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
Size1.6 MB (1578496 bytes)
MD5aba2d86ed17f587eb6d57e6c75f64f05
SHA1aeccba64f4dd19033ac2226b4445faac05c88b76

Detections

AnalyzerVerdictAlert
Public Nextron YARA rulesmalware
Detects mining pool protocol string in Executable
VirusTotalmalicious
VirusTotal - Scan result 69/72
ClamAVmalicious
Win.Malware.Locky-9361

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize