Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6b64ec1c1e...39.exe

windows10-1703-x64

10

6b64ec1c1e...39.exe

windows7-x64

10

6b64ec1c1e...39.exe

windows10-1703-x64

10

6b64ec1c1e...39.exe

windows10-2004-x64

10

6b64ec1c1e...39.exe

windows11-21h2-x64

10

Resubmissions

18/04/2024, 05:14 UTC

240418-fxa3zsdd41 10

18/04/2024, 05:14 UTC

240418-fw8mvsca99 10

18/04/2024, 05:14 UTC

240418-fw642aca97 10

18/04/2024, 05:14 UTC

240418-fw6hhaca96 10

18/04/2024, 05:14 UTC

240418-fw5wzadd4y 10

22/09/2021, 13:23 UTC

210922-qmv1hsfdbr 10

Analysis

  • max time kernel
    304s
  • max time network
    311s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/04/2024, 05:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe

  • Size

    434KB

  • MD5

    556c756b428b0a6f1516de031c3bfdb3

  • SHA1

    d4a8195611ac93a268b0ebdc14319a75de856725

  • SHA256

    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239

  • SHA512

    0e6ffc8dd5dda62a3936a5ea311a9e7007f27ead2f86f9f3f17510a78d2181b16473c69b3b5aa465f68042adef0d95fa8403f9d5bb106dbb4896750caef60a26

  • SSDEEP

    12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK9SATTsx/SA/WegYfdNbrqnuh:rXh6XcBXo8TsL8Y8m/ATTySA/DrfdNb7

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    "C:\Users\Admin\AppData\Local\Temp\6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
      "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
      2⤵
      • Executes dropped EXE
      PID:1328

Network

  • flag-us
    DNS
    api.ipify.org
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN A
    172.67.74.152
    api.ipify.org
    IN A
    104.26.13.205
    api.ipify.org
    IN A
    104.26.12.205
  • flag-us
    GET
    https://api.ipify.org/
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    172.67.74.152:443
    Request
    GET / HTTP/1.0
    Host: api.ipify.org
    Response
    HTTP/1.1 200 OK
    Date: Thu, 18 Apr 2024 05:16:18 GMT
    Content-Type: text/plain
    Content-Length: 14
    Connection: close
    Vary: Origin
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 87622e994e53653e-LHR
  • flag-us
    DNS
    152.74.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.74.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://204.13.164.118/tor/status-vote/current/consensus
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    204.13.164.118:80
    Request
    GET /tor/status-vote/current/consensus HTTP/1.0
    Host: 204.13.164.118
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:19 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Thu, 18 Apr 2024 06:00:00 GMT
    Vary: X-Or-Diff-From-Consensus
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/a9a4213ea3d707857368c683f2208c83b8755d8a
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/a9a4213ea3d707857368c683f2208c83b8755d8a HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:21 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:21 GMT
  • flag-us
    DNS
    118.164.13.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    118.164.13.204.in-addr.arpa
    IN PTR
    Response
    118.164.13.204.in-addr.arpa
    IN PTR
    bastetreadthefinemanualnet
  • flag-us
    DNS
    time-a.nist.gov
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    8.8.8.8:53
    Request
    time-a.nist.gov
    IN A
    Response
    time-a.nist.gov
    IN CNAME
    time-a-g.nist.gov
    time-a-g.nist.gov
    IN A
    129.6.15.28
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/c7a46c866b963fc0f5c0e9dce375c869d40f23e4
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/c7a46c866b963fc0f5c0e9dce375c869d40f23e4 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:22 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:22 GMT
  • flag-us
    DNS
    244.244.23.193.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    244.244.23.193.in-addr.arpa
    IN PTR
    Response
    244.244.23.193.in-addr.arpa
    IN PTR
    dannenbergtorauthde
  • flag-us
    DNS
    51.116.233.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    51.116.233.91.in-addr.arpa
    IN PTR
    Response
    51.116.233.91.in-addr.arpa
    IN PTR
    server-91-233-116-51creanovaorg
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.15.6.129.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.15.6.129.in-addr.arpa
    IN PTR
    Response
    28.15.6.129.in-addr.arpa
    IN PTR
    time-a-gnistgov
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/155d6f57425f16c0624d77777641e4eb1b47c6f0
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/155d6f57425f16c0624d77777641e4eb1b47c6f0 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:52 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:52 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/eb437db78bbf273458fbd50d152e93a3a2d91b0b
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/eb437db78bbf273458fbd50d152e93a3a2d91b0b HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:53 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:53 GMT
  • flag-us
    DNS
    108.96.8.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.96.8.204.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/d2c49d3338734e1a0f933172d3c0c398c81debcc
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/d2c49d3338734e1a0f933172d3c0c398c81debcc HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:54 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:54 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/b8348f1e967d9a432f2d03e572def76fb25f04d3
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/b8348f1e967d9a432f2d03e572def76fb25f04d3 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:55 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:55 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/b83dc1558f0d34353bb992ef93afeafdb226a73e
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/b83dc1558f0d34353bb992ef93afeafdb226a73e HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:57 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:57 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/b85e978aee73a9604fd9b124e1d834080afc3fa4
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/b85e978aee73a9604fd9b124e1d834080afc3fa4 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:16:59 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:16:59 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/a205f116df47e8b980b5bed006cd85390a6b8f13
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/a205f116df47e8b980b5bed006cd85390a6b8f13 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:01 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:01 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/a2211bec0ceb70c2634f425200c82b89dffb9923
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/a2211bec0ceb70c2634f425200c82b89dffb9923 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:02 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:02 GMT
  • flag-us
    DNS
    41.219.218.216.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.219.218.216.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/a22b1c2ef2255987f8ab8aa0b1a8e23f5023eeb8
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/a22b1c2ef2255987f8ab8aa0b1a8e23f5023eeb8 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:03 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:03 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/1eca70350ce8279b32ed9f4a17628a964d5e79e0
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/1eca70350ce8279b32ed9f4a17628a964d5e79e0 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:08 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:08 GMT
  • flag-us
    DNS
    151.180.21.65.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.180.21.65.in-addr.arpa
    IN PTR
    Response
    151.180.21.65.in-addr.arpa
    IN PTR
    tor1 ritterspornnet
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/f0c9c07d1b7c6fc8547f52cac1015b4a79e2ac1a
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/f0c9c07d1b7c6fc8547f52cac1015b4a79e2ac1a HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:09 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:09 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/cb1ab126473af436e44247fcdfa18270bc265226
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/cb1ab126473af436e44247fcdfa18270bc265226 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:10 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:10 GMT
  • flag-us
    DNS
    8.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.179.89.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.24.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.24.18.2.in-addr.arpa
    IN PTR
    Response
    25.24.18.2.in-addr.arpa
    IN PTR
    a2-18-24-25deploystaticakamaitechnologiescom
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/ef8a6ee04a64e5a0b748af9895829014ced8df36
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/ef8a6ee04a64e5a0b748af9895829014ced8df36 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:41 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:41 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/cb81470343e29df2406ad8d9365eb5d091238f1a
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/cb81470343e29df2406ad8d9365eb5d091238f1a HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:41 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:41 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/d873fb2d86ac3b7b8ed2c1f19dd58e99a842d385
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/d873fb2d86ac3b7b8ed2c1f19dd58e99a842d385 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:42 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:42 GMT
  • flag-us
    DNS
    131.111.182.193.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.111.182.193.in-addr.arpa
    IN PTR
    Response
    131.111.182.193.in-addr.arpa
    IN PTR
    tor-relay4 flashdancecx
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/7c56ba2175839470acaab72e045dd6820764b733
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/7c56ba2175839470acaab72e045dd6820764b733 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:47 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:47 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/a9e2379e81010036769774240eeabf1f543d7234
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/a9e2379e81010036769774240eeabf1f543d7234 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:48 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:48 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/bf1b662d1da4e55f700c130ac58574b47fb7eb8e
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/bf1b662d1da4e55f700c130ac58574b47fb7eb8e HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:17:48 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:17:48 GMT
  • flag-us
    DNS
    196.100.189.193.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.100.189.193.in-addr.arpa
    IN PTR
    Response
    196.100.189.193.in-addr.arpa
    IN PTR
    tor-exit-3
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/41913709bb2c7bc3c87d797054ae082116d4fd1e
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/41913709bb2c7bc3c87d797054ae082116d4fd1e HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:03 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:03 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/799f36f3ead423c23e76351154e0bc98e8b498fe
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/799f36f3ead423c23e76351154e0bc98e8b498fe HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:05 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:05 GMT
  • flag-de
    GET
    http://193.23.244.244/tor/server/fp/eb3da93b6fffa699c1f2714c9e73fa813bb8f822
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    193.23.244.244:80
    Request
    GET /tor/server/fp/eb3da93b6fffa699c1f2714c9e73fa813bb8f822 HTTP/1.0
    Host: 193.23.244.244
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:05 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:05 GMT
  • flag-us
    DNS
    172.168.106.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.168.106.87.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/e683af719b037f7aac4578a55d71f9cf4b2327b2
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/e683af719b037f7aac4578a55d71f9cf4b2327b2 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:36 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:36 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/8e6225bc8a770df63b20a2fdac1abcd795a18987
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/8e6225bc8a770df63b20a2fdac1abcd795a18987 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:37 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:37 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/2892073608985977ded33f98a9fa27a9c47c8b61
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/2892073608985977ded33f98a9fa27a9c47c8b61 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Thu, 18 Apr 2024 05:18:37 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sat, 20 Apr 2024 05:18:37 GMT
  • flag-us
    DNS
    163.250.232.46.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.250.232.46.in-addr.arpa
    IN PTR
    Response
    163.250.232.46.in-addr.arpa
    IN PTR
    v2202304198449226002quicksrvde
  • 194.109.206.212:80
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    156 B
     3
  • 128.31.0.34:9131
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    156 B
     3
  • 194.109.206.212:80
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    156 B
     3
  • 172.67.74.152:443
    https://api.ipify.org/
    tls, http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    854 B
     5.7kB
     11
    13

    HTTP Request

    GET https://api.ipify.org/

    HTTP Response

    200
  • 204.13.164.118:80
    http://204.13.164.118/tor/status-vote/current/consensus
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    64.1kB
     3.3MB
     1352
    2380

    HTTP Request

    GET http://204.13.164.118/tor/status-vote/current/consensus

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/a9a4213ea3d707857368c683f2208c83b8755d8a
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.7kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/a9a4213ea3d707857368c683f2208c83b8755d8a

    HTTP Response

    200
  • 91.233.116.51:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    2.4kB
     4.1kB
     10
    11
  • 129.6.15.28:13
    time-a.nist.gov
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    190 B
     223 B
     4
    4
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/c7a46c866b963fc0f5c0e9dce375c869d40f23e4
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    417 B
     5.2kB
     7
    7

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/c7a46c866b963fc0f5c0e9dce375c869d40f23e4

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/155d6f57425f16c0624d77777641e4eb1b47c6f0
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    417 B
     7.8kB
     7
    8

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/155d6f57425f16c0624d77777641e4eb1b47c6f0

    HTTP Response

    200
  • 204.8.96.108:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    21.7kB
     24.2kB
     57
    67
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/eb437db78bbf273458fbd50d152e93a3a2d91b0b
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.8kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/eb437db78bbf273458fbd50d152e93a3a2d91b0b

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/d2c49d3338734e1a0f933172d3c0c398c81debcc
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    555 B
     14.9kB
     10
    14

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/d2c49d3338734e1a0f933172d3c0c398c81debcc

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/b8348f1e967d9a432f2d03e572def76fb25f04d3
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    417 B
     6.2kB
     7
    7

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/b8348f1e967d9a432f2d03e572def76fb25f04d3

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/b83dc1558f0d34353bb992ef93afeafdb226a73e
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.9kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/b83dc1558f0d34353bb992ef93afeafdb226a73e

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/b85e978aee73a9604fd9b124e1d834080afc3fa4
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    647 B
     20.9kB
     12
    18

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/b85e978aee73a9604fd9b124e1d834080afc3fa4

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/a205f116df47e8b980b5bed006cd85390a6b8f13
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     3.1kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/a205f116df47e8b980b5bed006cd85390a6b8f13

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/a2211bec0ceb70c2634f425200c82b89dffb9923
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.8kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/a2211bec0ceb70c2634f425200c82b89dffb9923

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/a22b1c2ef2255987f8ab8aa0b1a8e23f5023eeb8
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.8kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/a22b1c2ef2255987f8ab8aa0b1a8e23f5023eeb8

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/1eca70350ce8279b32ed9f4a17628a964d5e79e0
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.8kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/1eca70350ce8279b32ed9f4a17628a964d5e79e0

    HTTP Response

    200
  • 65.21.180.151:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    29.9kB
     28.5kB
     71
    79
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/f0c9c07d1b7c6fc8547f52cac1015b4a79e2ac1a
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.7kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/f0c9c07d1b7c6fc8547f52cac1015b4a79e2ac1a

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/cb1ab126473af436e44247fcdfa18270bc265226
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     3.8kB
     6
    7

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/cb1ab126473af436e44247fcdfa18270bc265226

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/ef8a6ee04a64e5a0b748af9895829014ced8df36
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     3.1kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/ef8a6ee04a64e5a0b748af9895829014ced8df36

    HTTP Response

    200
  • 193.182.111.131:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    21.5kB
     24.3kB
     52
    69
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/cb81470343e29df2406ad8d9365eb5d091238f1a
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    463 B
     7.8kB
     8
    9

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/cb81470343e29df2406ad8d9365eb5d091238f1a

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/d873fb2d86ac3b7b8ed2c1f19dd58e99a842d385
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    555 B
     14.8kB
     10
    15

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/d873fb2d86ac3b7b8ed2c1f19dd58e99a842d385

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/7c56ba2175839470acaab72e045dd6820764b733
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    417 B
     5.5kB
     7
    7

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/7c56ba2175839470acaab72e045dd6820764b733

    HTTP Response

    200
  • 193.189.100.196:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    21.4kB
     24.1kB
     50
    65
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/a9e2379e81010036769774240eeabf1f543d7234
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.7kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/a9e2379e81010036769774240eeabf1f543d7234

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/bf1b662d1da4e55f700c130ac58574b47fb7eb8e
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    417 B
     5.2kB
     7
    8

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/bf1b662d1da4e55f700c130ac58574b47fb7eb8e

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/41913709bb2c7bc3c87d797054ae082116d4fd1e
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     3.0kB
     6
    5

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/41913709bb2c7bc3c87d797054ae082116d4fd1e

    HTTP Response

    200
  • 87.106.168.172:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    4.8kB
     7.2kB
     16
    21
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/799f36f3ead423c23e76351154e0bc98e8b498fe
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    647 B
     20.2kB
     12
    18

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/799f36f3ead423c23e76351154e0bc98e8b498fe

    HTTP Response

    200
  • 193.23.244.244:80
    http://193.23.244.244/tor/server/fp/eb3da93b6fffa699c1f2714c9e73fa813bb8f822
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    647 B
     20.2kB
     12
    17

    HTTP Request

    GET http://193.23.244.244/tor/server/fp/eb3da93b6fffa699c1f2714c9e73fa813bb8f822

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/e683af719b037f7aac4578a55d71f9cf4b2327b2
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.9kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/e683af719b037f7aac4578a55d71f9cf4b2327b2

    HTTP Response

    200
  • 46.232.250.163:443
    tls, https
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    21.4kB
     24.1kB
     50
    67
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/8e6225bc8a770df63b20a2fdac1abcd795a18987
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     2.7kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/8e6225bc8a770df63b20a2fdac1abcd795a18987

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/2892073608985977ded33f98a9fa27a9c47c8b61
    http
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    371 B
     3.0kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/2892073608985977ded33f98a9fa27a9c47c8b61

    HTTP Response

    200
  • 8.8.8.8:53
    api.ipify.org
    dns
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    59 B
     107 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    172.67.74.152
    104.26.13.205
    104.26.12.205

  • 8.8.8.8:53
    152.74.67.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    152.74.67.172.in-addr.arpa

  • 8.8.8.8:53
    118.164.13.204.in-addr.arpa
    dns
    73 B
     115 B
     1
    1

    DNS Request

    118.164.13.204.in-addr.arpa

  • 8.8.8.8:53
    time-a.nist.gov
    dns
    6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239.exe
    61 B
     100 B
     1
    1

    DNS Request

    time-a.nist.gov

    DNS Response

    129.6.15.28

  • 8.8.8.8:53
    244.244.23.193.in-addr.arpa
    dns
    73 B
     108 B
     1
    1

    DNS Request

    244.244.23.193.in-addr.arpa

  • 8.8.8.8:53
    51.116.233.91.in-addr.arpa
    dns
    72 B
     119 B
     1
    1

    DNS Request

    51.116.233.91.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    28.15.6.129.in-addr.arpa
    dns
    70 B
     101 B
     1
    1

    DNS Request

    28.15.6.129.in-addr.arpa

  • 8.8.8.8:53
    108.96.8.204.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    108.96.8.204.in-addr.arpa

  • 8.8.8.8:53
    41.219.218.216.in-addr.arpa
    dns
    73 B
     130 B
     1
    1

    DNS Request

    41.219.218.216.in-addr.arpa

  • 8.8.8.8:53
    151.180.21.65.in-addr.arpa
    dns
    72 B
     106 B
     1
    1

    DNS Request

    151.180.21.65.in-addr.arpa

  • 8.8.8.8:53
    8.179.89.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    8.179.89.13.in-addr.arpa

  • 8.8.8.8:53
    25.24.18.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    25.24.18.2.in-addr.arpa

  • 8.8.8.8:53
    131.111.182.193.in-addr.arpa
    dns
    74 B
     112 B
     1
    1

    DNS Request

    131.111.182.193.in-addr.arpa

  • 8.8.8.8:53
    196.100.189.193.in-addr.arpa
    dns
    74 B
     98 B
     1
    1

    DNS Request

    196.100.189.193.in-addr.arpa

  • 8.8.8.8:53
    172.168.106.87.in-addr.arpa
    dns
    73 B
     138 B
     1
    1

    DNS Request

    172.168.106.87.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    163.250.232.46.in-addr.arpa
    dns
    73 B
     119 B
     1
    1

    DNS Request

    163.250.232.46.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    Filesize

    3KB

    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\x64btit.txt
    Filesize

    28B

    MD5

    bca09de9ae0c3492d910bfbb59d6343a

    SHA1

    3b0c99249315196622872990e00395c79b4e7d63

    SHA256

    6e1e3da4ad81aa502c3e6d5ed250ff76b052ff73a85943d81ef53bf111f5bfe1

    SHA512

    62c9e924d44bc91353b2d4bd118c9f646f274279f2f47b1421d097f85815eec4eb4363b9792415956b1dc6e66e7ae49b6409b9c9e551fd14be98aa52a46e2187

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.