Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
http://45.144.225.135/notepad.exe
REQUEST
RESPONSE
BODY
GET /notepad.exe HTTP/1.1
Host: 45.144.225.135
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 14 May 2021 00:42:22 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 13 May 2021 17:22:30 GMT
ETag: "2a1ab1-5c2395f384180"
Accept-Ranges: bytes
Content-Length: 2759345
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49805 -> 45.144.225.135:80 | 2016141 | ET INFO Executable Download from dotted-quad Host | A Network Trojan was detected |
| TCP 45.144.225.135:80 -> 192.168.56.102:49805 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 45.144.225.135:80 -> 192.168.56.102:49805 | 2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | Potentially Bad Traffic |
| TCP 45.144.225.135:80 -> 192.168.56.102:49805 | 2021076 | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts