Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49814 -> 185.136.169.163:8808 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
TCP 185.136.169.163:8808 -> 192.168.56.102:49814 | 2030673 | ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) | Domain Observed Used for C2 Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49814 185.136.169.163:8808 |
CN=AsyncRAT Server | CN=AsyncRAT Server | 60:6e:9d:7b:f5:a0:28:e1:b0:13:bf:8b:f3:6b:47:f7:13:d9:4b:37 |
Snort Alerts
No Snort Alerts