popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 11 DNS 0 TCP 15 UDP 7 HTTP 0 ICMP 1 IRC 0 Suricata Snort
IP Address Status Action
131.100.24.231 Active Moloch
149.56.131.28 Active Moloch
150.95.66.124 Active Moloch
159.65.88.10 Active Moloch
164.124.101.2 Active Moloch
172.105.70.96 Active Moloch
173.239.37.178 Active Moloch
201.94.166.162 Active Moloch
209.97.163.214 Active Moloch
89.29.244.7 Active Moloch
94.23.45.86 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

Source Destination ICMP Type Data
159.65.88.10 192.168.56.101 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49186 -> 131.100.24.231:80 2404304 ET CNC Feodo Tracker Reported CnC Server group 5 A Network Trojan was detected
TCP 192.168.56.101:49186 -> 131.100.24.231:80 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49177 -> 150.95.66.124:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 150.95.66.124:8080 -> 192.168.56.101:49179 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49181 -> 149.56.131.28:8080 2404305 ET CNC Feodo Tracker Reported CnC Server group 6 A Network Trojan was detected
TCP 192.168.56.101:49191 -> 94.23.45.86:4143 2404323 ET CNC Feodo Tracker Reported CnC Server group 24 A Network Trojan was detected
TCP 192.168.56.101:49173 -> 89.29.244.7:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49181 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49191 -> 94.23.45.86:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 131.100.24.231:80 -> 192.168.56.101:49188 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49182 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49172 -> 89.29.244.7:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 89.29.244.7:443 -> 192.168.56.101:49174 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 94.23.45.86:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49178 -> 150.95.66.124:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 149.56.131.28:8080 -> 192.168.56.101:49183 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49187 -> 131.100.24.231:80 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 94.23.45.86:4143 -> 192.168.56.101:49192 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts