File name:

GNBot Crack - Baseult - Kopie.zip

Full analysis: https://app.any.run/tasks/dfc59917-5805-496a-bad6-1362affc6924
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 11, 2020, 10:45:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

32A9BC239201E46EB511799D103961AD

SHA1:

F6599CC36BA64C9FE5067E9AD98587682405322E

SHA256:

8AFDC1B6143369A53236873DBFE4234F797BC900054AF1EDB29CFEF984466C53

SSDEEP:

393216:QixDDJ4zV16PaanzoAAjIa5pWRNtL0b19zkP:VDqzV1Kaahb3Yb194P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Downloads executable files from the Internet

      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack - Baseult.exe (PID: 1572)

    • Application was dropped or rewritten from another process

      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNBotCrack-Baseult.exe (PID: 2212)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNLauncher.exe (PID: 1020)
      • GNLauncher.exe (PID: 2200)
      • GNLauncher.exe (PID: 1944)
      • GNBotCrack-Baseult.exe (PID: 2096)
      • GNBotCrack-Baseult.exe (PID: 3104)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3432)
      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack-Baseult.exe (PID: 3104)

    • Starts Visual C# compiler

      • GNLauncher.exe (PID: 1020)
      • GNLauncher.exe (PID: 2200)

    • Changes settings of System certificates

      • GNLauncher.exe (PID: 2200)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • GNBotCrack-Baseult.exe (PID: 3684)
      • WinRAR.exe (PID: 2216)
      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNLauncher.exe (PID: 1020)
      • GNBotCrack - Baseult.exe (PID: 1572)

    • Reads Environment values

      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • GNBotCrack - Baseult.exe (PID: 1572)
      • GNBotCrack-Baseult.exe (PID: 3104)

    • Reads Internet Cache Settings

      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNLauncher.exe (PID: 2200)
      • GNBotCrack-Baseult.exe (PID: 3364)

    • Reads the machine GUID from the registry

      • GNLauncher.exe (PID: 2200)
      • GNLauncher.exe (PID: 1020)

    • Starts Internet Explorer

      • GNBotCrack-Baseult.exe (PID: 3104)
      • GNLauncher.exe (PID: 2200)

    • Adds / modifies Windows certificates

      • GNLauncher.exe (PID: 2200)

    • Reads internet explorer settings

      • GNLauncher.exe (PID: 2200)

    • Creates files in the user directory

      • notepad++.exe (PID: 2680)

  • INFO

    • Manual execution by user

      • GNBotCrack-Baseult.exe (PID: 2336)
      • GNBotCrack - Baseult.exe (PID: 3956)
      • GNBotCrack - Baseult.exe (PID: 2464)
      • GNBotCrack-Baseult.exe (PID: 2212)
      • GNLauncher.exe (PID: 1944)
      • GNLauncher.exe (PID: 1020)
      • GNBotCrack - Baseult.exe (PID: 2696)
      • GNBotCrack - Baseult.exe (PID: 1572)
      • GNBotCrack-Baseult.exe (PID: 3364)
      • notepad++.exe (PID: 2680)
      • GNBotCrack-Baseult.exe (PID: 2096)

    • Dropped object may contain Bitcoin addresses

      • GNBotCrack-Baseult.exe (PID: 3684)
      • GNLauncher.exe (PID: 2200)

    • Application launched itself

      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 1004)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2084)
      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 1004)
      • iexplore.exe (PID: 960)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2084)

    • Creates files in the user directory

      • iexplore.exe (PID: 3308)

    • Changes internet zones settings

      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 1004)

    • Reads settings of System Certificates

      • GNLauncher.exe (PID: 2200)
      • iexplore.exe (PID: 960)
      • iexplore.exe (PID: 3308)
      • iexplore.exe (PID: 2084)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2084)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:02 11:28:04
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: GNBot Crack - Baseult/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
23
Malicious processes
8
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start winrar.exe gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe searchprotocolhost.exe no specs gnbotcrack-baseult.exe gnbotcrack-baseult.exe no specs gnbotcrack-baseult.exe gnlauncher.exe no specs gnlauncher.exe csc.exe no specs gnlauncher.exe csc.exe no specs gnbotcrack-baseult.exe no specs gnbotcrack-baseult.exe gnbotcrack - baseult.exe no specs gnbotcrack - baseult.exe gnbotcrack-baseult.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe notepad++.exe gup.exe

Process information

PID
CMD
Path
Indicators
Parent process
960"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1004 CREDAT:275457 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1004"C:\Program Files\Internet Explorer\iexplore.exe" https://www.gnbots.com/memuC:\Program Files\Internet Explorer\iexplore.exeGNLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1020"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
GNLauncher
Exit code:
0
Version:
1.0.194.57723
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack - Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack - Baseult.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
GNBotCrack - Baseult
Exit code:
0
Version:
1.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack - baseult.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1844"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\xcwpljwz\xcwpljwz.cmdline"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeGNLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Visual C# Command Line Compiler
Exit code:
1
Version:
4.7.3062.0 built by: NET472REL1
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
1944"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
GNLauncher
Exit code:
3221226540
Version:
1.0.194.57723
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
2084"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3308 CREDAT:275457 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2096"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exeexplorer.exe
User:
admin
Company:
iBaseult
Integrity Level:
MEDIUM
Description:
GNBot Crack - Baseult
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack-baseult.exe
c:\systemroot\system32\ntdll.dll
2200"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNLauncher.exe
GNLauncher.exe
User:
admin
Integrity Level:
HIGH
Description:
GNLauncher
Exit code:
0
Version:
1.0.197.58675
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnlauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2212"C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exe" C:\Users\admin\Desktop\GNBot Crack - Baseult\GNCrack\GNBotCrack-Baseult.exeexplorer.exe
User:
admin
Company:
iBaseult
Integrity Level:
MEDIUM
Description:
GNBot Crack - Baseult
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gnbot crack - baseult\gncrack\gnbotcrack-baseult.exe
c:\systemroot\system32\ntdll.dll
Total events
7 772
Read events
3 782
Write events
3 978
Delete events
12

Modification events

(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2216) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2216) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\GNBot Crack - Baseult - Kopie.zip
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000450000000204000037020000
Executable files
10
Suspicious files
59
Text files
97
Unknown types
29

Dropped files

PID
Process
Filename
Type
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\AmsBot.pngimage
MD5:17609100EDC4934B6AC2124755988FD4
SHA256:EDA328AA9B6B6981145C5F754C50F845FBD20EF498D4AB2A9CCB7E2387DAED27
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\BWbot.pngimage
MD5:8284379E400B9F7E159CFD22C040C79B
SHA256:95308A909F3B46540606FC5E96B9123E53C5DF8BEBF0B6E1D23AE75D4F9D2F9E
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\CoeBot.pngimage
MD5:4FCB6A72F7514606D06996B7AFE10E50
SHA256:6251A19393164C3CA7D22BC31AF5829637308CC4A494ECE4F0F67D43A7F3E935
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\MafiaBot.pngimage
MD5:002E9EDC42015EB7DAD3263D835F0F7A
SHA256:F54E5ED84AC18702EBB47915C5A13ADF0CA6173278DA5284FD8C2FB193BC4BB6
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\RocBot.pngimage
MD5:D38093EDCD5D8A9C9EAE8DCA019F34F4
SHA256:FC479DCE2E2FA216CEFEE51D05C29C8470DDCA64DA5AE12F466860CAC58675AE
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\AdbWinApi.dllexecutable
MD5:47A6EE3F186B2C2F5057028906BAC0C6
SHA256:14A51482AA003DB79A400F4B15C158397FE6D57EE6606B3D633FA431A7BFDF4B
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\KingsBot.pngimage
MD5:1DCBE140A2BA20A6CC3C2D4048746A26
SHA256:173EF014D0245ED281CD6188CBF336FD1119B7FB3CA21EC0E854ED3D98CE550C
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\KingsBotWest.pngimage
MD5:B83E04674157A6191571C1314430D401
SHA256:3E3C89DAEAB95EB88F20ED20A9D6CCBB9DF019B7ACD1CDC0166D029B0D299F90
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\RoeBot.pngimage
MD5:2B5DF2B5F8D1BD44A8B68CEBEACD76D8
SHA256:65532B2B30A8F6BDF15DCEBD69139CE0E9CC36CBFD62F8EDBE508A5BF4C06AD6
2216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2216.17275\GNBot Crack - Baseult\GNCrack\app_images\ZdayBot.pngimage
MD5:4523A4A09ABF13CCA188977D1325CEAB
SHA256:AD689E8F3E6E72052FBA807006F132354986A8798AE0DF3C2934A4513D881D4C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
77
TCP/UDP connections
62
DNS requests
23
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2464
GNBotCrack - Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/version.txt
US
text
24 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/version.txt
US
text
24 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/IP.txt
US
text
24 b
malicious
2464
GNBotCrack - Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/GNBotCrack-Baseult.exe
US
executable
24.2 Mb
malicious
3684
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/welcometext.txt
US
text
31 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/licensecode.txt
US
text
64 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/Text.txt
US
text
44 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/gn/Hardware/HardwareID.txt
US
text
64 b
malicious
2336
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/shell.txt
US
text
24 b
malicious
3364
GNBotCrack-Baseult.exe
GET
200
198.54.114.177:80
http://baseult.com/updates/version.txt
US
text
24 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1020
GNLauncher.exe
160.153.205.58:80
www.goodnightbot.net
GoDaddy.com, LLC
US
unknown
2336
GNBotCrack-Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
2200
GNLauncher.exe
160.153.205.58:80
www.goodnightbot.net
GoDaddy.com, LLC
US
unknown
2084
iexplore.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
3364
GNBotCrack-Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
1572
GNBotCrack - Baseult.exe
198.54.114.177:80
baseult.com
Namecheap, Inc.
US
malicious
2084
iexplore.exe
198.54.114.177:443
baseult.com
Namecheap, Inc.
US
malicious
3308
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2084
iexplore.exe
172.217.21.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2084
iexplore.exe
172.217.16.142:443
fonts.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
baseult.com
  • 198.54.114.177
malicious
www.goodnightbot.net
  • 160.153.205.58
suspicious
goodnightbot.net
  • 160.153.205.58
suspicious
fonts.googleapis.com
  • 172.217.16.170
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.pki.goog
  • 216.58.207.35
  • 172.217.21.195
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted

Threats

PID
Process
Class
Message
2464
GNBotCrack - Baseult.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2464
GNBotCrack - Baseult.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
1572
GNBotCrack - Baseult.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1572
GNBotCrack - Baseult.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2084
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2084
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
6 ETPRO signatures available at the full report
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
42C4C5846BB675C74E2B2C90C69AB44366401093
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GNBot Crack - Baseult - Kopie.zip