Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| backproxyzz.ug | 91.214.124.161 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
302
http://backproxyzz.ug/1.exe
REQUEST
RESPONSE
BODY
GET /1.exe HTTP/1.0
Host: backproxyzz.ug
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Connection: close
HTTP/1.1 302 Found
Date: Mon, 05 Jul 2021 00:02:45 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Location: https://backproxyzz.ug/1.exe
Content-Length: 212
Connection: close
Content-Type: text/html; charset=iso-8859-1
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 185.215.113.32:4000 -> 192.168.56.102:49809 | 2400025 | ET DROP Spamhaus DROP Listed Traffic Inbound group 26 | Misc Attack |
| TCP 192.168.56.102:49810 -> 91.214.124.161:80 | 2018581 | ET MALWARE Single char EXE direct download likely trojan (multiple families) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts