popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 0 TCP 176 UDP 9 HTTP 2 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
139.155.178.173 Active Moloch
164.124.101.2 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49202 -> 139.155.178.173:888 2016141 ET INFO Executable Download from dotted-quad Host A Network Trojan was detected
TCP 139.155.178.173:888 -> 192.168.56.101:49202 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 139.155.178.173:888 -> 192.168.56.101:49202 2020500 ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) Exploit Kit Activity Detected
TCP 139.155.178.173:888 -> 192.168.56.101:49202 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 139.155.178.173:888 -> 192.168.56.101:49202 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 192.168.56.101:49201 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49201 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49201 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49257 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49257 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49257 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49307 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49307 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49307 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49357 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49357 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49357 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49202 -> 139.155.178.173:888 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts