NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 07:11
IT Sicherheitsnews stü...
11.17 06:11
World’s First Virtual ...
11.17 06:11
IT Sicherheitsnews stü...
11.17 06:11
KI und Coding: Wie Kün...
11.17 06:11
Bye-bye, Windows 10: E...
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
105.27.205.34	Active	Moloch
164.124.101.2	Active	Moloch
179.189.229.254	Active	Moloch
34.117.59.81	Active	Moloch

Name	Response	Post-Analysis Lookup
ipecho.net	A 34.117.59.81	34.117.59.81

TCP Requests

UDP Requests

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/file/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/MCxF3JrLYrtTCbjOSF8HBH79R/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/user/test22/0/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesSAOY%5Clinesloters.exe/0/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/NAT%20status/client%20is%20behind%20NAT/0/

GET 200 https://105.27.205.34/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/pwgrabb64/

GET 200 https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/file/

GET 200 http://ipecho.net/plain

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 179.189.229.254:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49170 -> 105.27.205.34:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49169 -> 179.189.229.254:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 179.189.229.254:443 -> 192.168.56.102:49169	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 105.27.205.34:443 -> 192.168.56.102:49170	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 179.189.229.254:443 -> 192.168.56.102:49167	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49168 -> 34.117.59.81:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49168 -> 34.117.59.81:80	2022351	ET POLICY External IP Lookup - ipecho.net	Device Retrieving External IP Address Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49167 179.189.229.254:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.102:49170 105.27.205.34:443	C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd	C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd	30:21:9a:cd:06:f2:ba:20:f6:0b:3c:54:ec:08:35:d0:9d:4b:e8:50
TLSv1 192.168.56.102:49169 179.189.229.254:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02

Snort Alerts

No Snort Alerts