Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apt.updateffboruse.com | 94.142.143.142 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
404
http://apt.updateffboruse.com/WdSON6naJhd7NZw9Nfb_/2B6jJVjZ_2FxoalKYRW/Izq4eflqjjmGJwDwCqANlh/_2FmlhZ3tVBBq/qACG27Iz/MDSqQF0lfIIt35xnvThfkp0/wgNsv_2BY7/mxLTBEHWWV1xe3RTA/4MMMVFPrWkY7/TZ26YdTeHY_/2Bk37dK5mbwXHQ/9VitTIvySFW56aqYjOTFq/pSGhAYKxwLHgg2dC/_2B1_2FK_2FtvOJ/A0u_2F8qAsm1af5sDN/5_2FoTFWY/abRTUPuqNV_2FWCeStb7/7wYkbOF5EA_2FCctL8Q/4CmDudB2PVSgAM29EkPjun/p4UMugd6oYAMD/Y
REQUEST
RESPONSE
BODY
GET /WdSON6naJhd7NZw9Nfb_/2B6jJVjZ_2FxoalKYRW/Izq4eflqjjmGJwDwCqANlh/_2FmlhZ3tVBBq/qACG27Iz/MDSqQF0lfIIt35xnvThfkp0/wgNsv_2BY7/mxLTBEHWWV1xe3RTA/4MMMVFPrWkY7/TZ26YdTeHY_/2Bk37dK5mbwXHQ/9VitTIvySFW56aqYjOTFq/pSGhAYKxwLHgg2dC/_2B1_2FK_2FtvOJ/A0u_2F8qAsm1af5sDN/5_2FoTFWY/abRTUPuqNV_2FWCeStb7/7wYkbOF5EA_2FCctL8Q/4CmDudB2PVSgAM29EkPjun/p4UMugd6oYAMD/Y HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:90.0) Gecko/20100101 Firefox/90.0
Host: apt.updateffboruse.com
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 24 Sep 2021 00:14:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 146
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49211 -> 94.142.143.142:80 | 2033203 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49211 -> 94.142.143.142:80 | 2033204 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts