popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 6 DNS 0 TCP 6 UDP 10 HTTP 1 ICMP 2 IRC 0 Suricata Snort
IP Address Status Action
103.119.1.139 Active Moloch
139.155.178.173 Active Moloch
154.38.97.86 Active Moloch
154.38.97.90 Active Moloch
164.124.101.2 Active Moloch
34.97.69.225 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

Source Destination ICMP Type Data
192.168.56.101 34.97.69.225 3
192.168.56.101 34.97.69.225 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49203 -> 154.38.97.86:868 2016141 ET INFO Executable Download from dotted-quad Host A Network Trojan was detected
TCP 192.168.56.101:49208 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49200 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49200 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49200 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.101:49209 -> 139.155.178.173:19060 2013214 ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 139.155.178.173:19060 2016922 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 139.155.178.173:19060 2021716 ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 Malware Command and Control Activity Detected
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2020500 ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) Exploit Kit Activity Detected
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 154.38.97.86:868 -> 192.168.56.101:49203 2014520 ET INFO EXE - Served Attached HTTP Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts