popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 0 TCP 4 UDP 7 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
172.217.25.14 Active Moloch
198.46.177.119 Active Moloch
66.154.113.12 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49813 -> 198.46.177.119:7707 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 198.46.177.119:7707 -> 192.168.56.102:49813 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 192.168.56.102:49814 -> 198.46.177.119:7707 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49813
198.46.177.119:7707 		CN=AsyncRAT Server CN=AsyncRAT Server 66:7a:a1:64:6e:a6:ec:c7:14:7c:49:22:4f:bc:87:38:8b:e0:52:96
TLSv1
192.168.56.102:49814
198.46.177.119:7707 		None None None

Snort Alerts

No Snort Alerts