popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 1 DNS 0 TCP 1 UDP 3 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
79.134.225.19 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49166 -> 79.134.225.19:7941 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 79.134.225.19:7941 -> 192.168.56.102:49166 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49166
79.134.225.19:7941 		CN=AsyncRAT Server CN=AsyncRAT Server 7b:ec:ae:bb:cf:04:f3:f7:70:d5:c2:4d:7b:95:fd:7d:a8:35:e2:e7

Snort Alerts

No Snort Alerts