popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 0 TCP 3 UDP 7 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
172.217.25.14 Active Moloch
185.136.169.163 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49814 -> 185.136.169.163:8808 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 185.136.169.163:8808 -> 192.168.56.102:49814 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49814
185.136.169.163:8808 		CN=AsyncRAT Server CN=AsyncRAT Server 60:6e:9d:7b:f5:a0:28:e1:b0:13:bf:8b:f3:6b:47:f7:13:d9:4b:37

Snort Alerts

No Snort Alerts