popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 0 TCP 2 UDP 9 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
66.154.113.12 Active Moloch
198.46.177.119 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49208 -> 66.154.113.12:8808 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 66.154.113.12:8808 -> 192.168.56.101:49208 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49208
66.154.113.12:8808 		CN=AsyncRAT Server CN=AsyncRAT Server 2e:39:b5:04:b9:2a:60:f2:93:83:2a:54:b3:98:5b:2f:52:c4:3d:92

Snort Alerts

No Snort Alerts