Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49813 -> 198.46.177.119:7707 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
TCP 198.46.177.119:7707 -> 192.168.56.102:49813 | 2030673 | ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) | Domain Observed Used for C2 Detected |
TCP 192.168.56.102:49814 -> 198.46.177.119:7707 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49813 198.46.177.119:7707 |
CN=AsyncRAT Server | CN=AsyncRAT Server | 66:7a:a1:64:6e:a6:ec:c7:14:7c:49:22:4f:bc:87:38:8b:e0:52:96 |
TLSv1 192.168.56.102:49814 198.46.177.119:7707 |
None | None | None |
Snort Alerts
No Snort Alerts