Report - iwithknife.kriptonhosting.store/FinalMom.exe

Report Overview

Visitedpublic

2023-08-29 02:29:38

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
iwithknife.kriptonhosting.store	unknown	2023-07-22	2023-08-18 23:26:47	2023-08-21 10:54:18	416 B	3.7 MB	185.114.245.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-29 02:29:10	high	185.114.245.232	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

iwithknife.kriptonhosting.store/FinalMom.exe

IP / ASN

185.114.245.232

#9123 TimeWeb Ltd.

File Overview

File TypePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data

Size3.7 MB (3701248 bytes)

MD5b7a7ea791f240f481faf11e46cc75f88

SHA108affd5b6289205686b827c944378ec9edc66cfe

SHA25603c6733d7a0446f92430ea3a11fc7cb1cd126152e8902ae13918fe0ecfd44330

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 52/71

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET iwithknife.kriptonhosting.store/FinalMom.exe

185.114.245.232

200 OK

3.7 MB

URL

iwithknife.kriptonhosting.store/FinalMom.exe

IP / ASN

185.114.245.232

#9123 TimeWeb Ltd.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data

First Seen2023-08-21

Last Seen2023-08-29

Times Seen3

Size3.7 MB (3701248 bytes)

MD5b7a7ea791f240f481faf11e46cc75f88

SHA108affd5b6289205686b827c944378ec9edc66cfe

SHA25603c6733d7a0446f92430ea3a11fc7cb1cd126152e8902ae13918fe0ecfd44330

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 52/71
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /FinalMom.exe HTTP/1.1
Host: iwithknife.kriptonhosting.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Aug 2023 02:29:20 GMT
Content-Type: application/octet-stream
Content-Length: 3701248
Last-Modified: Mon, 21 Aug 2023 09:27:22 GMT
Connection: keep-alive
ETag: "64e32dfa-387a00"
Expires: Fri, 29 Sep 2023 02:29:20 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes