NetWork | ZeroBOX

IP Address	Status	Action
13.250.192.238	Active	Moloch
154.221.96.146	Active	Moloch
154.88.73.219	Active	Moloch
164.124.101.2	Active	Moloch
34.102.136.180	Active	Moloch
66.29.155.51	Active	Moloch
93.89.226.17	Active	Moloch

Name	Response	Post-Analysis Lookup
www.mevabedungnga.store	A 13.250.192.238 CNAME dns.ladipage.com CNAME ladi-dns-ssl-nlb-prod-4-5fac4e17b8b8295e.elb.ap-southeast-1.amazonaws.com A 13.250.255.10 A 13.214.5.92	13.250.255.10
www.ziperpay.com	CNAME ziperpay.com A 34.102.136.180	34.102.136.180
www.klostop.com	CNAME klostop.com A 34.102.136.180	34.102.136.180
www.firatambalaj.online	CNAME firatambalaj.online A 93.89.226.17	93.89.226.17
www.ginx74.com
www.tumpiums.com	A 66.29.155.51	66.29.155.51
www.pedro-china.com	A 154.221.96.146	154.221.96.146
www.noni-sok.com	A 154.88.73.219	154.88.73.219

TCP Requests

UDP Requests

GET 301 http://www.mevabedungnga.store/qg2u/?Mjn4iLj0=xuXyia/8G4N/pWNgwBnc1tcS5+95qUaBdS/r3U7KWMiGNwpspCsdcm5OUBF6/S12o0iQlDS9&NTxxQD=Ip9Dkd

GET 200 http://www.noni-sok.com/qg2u/?Mjn4iLj0=EtImqYq3h7/fBIPxO2EYnOECvTRQhemY7hskLQ8CBXMp8FOPrFX/G6mR0t8gL4HLz/7u4eIX&NTxxQD=Ip9Dkd

GET 403 http://www.ziperpay.com/qg2u/?Mjn4iLj0=fbBOSZaqv+JG5RlmUEG7FQp5TbHnmkCb3bDynOtP+7MIESxrCWZ5W2f0FWfm8RahUkau4miW&NTxxQD=Ip9Dkd

GET 403 http://www.klostop.com/qg2u/?Mjn4iLj0=AWGmSfY/GP3Mzb4VKMFFII2SLdNErEIaWmBHwe1nAScaf62C3iLxX0rnYeN7cXthRRDJ6jiW&NTxxQD=Ip9Dkd

GET 200 http://www.pedro-china.com/qg2u/?Mjn4iLj0=cUMmiXG1BRxKBvNY3K90TzJqaOS8osTvg97/3BLH3KdQorrWbNRexIiu0W1+75UZ/Y/p3WnH&NTxxQD=Ip9Dkd

GET 404 http://www.tumpiums.com/qg2u/?Mjn4iLj0=wmSREH1CIA6LyCESY0aFEeb8PraVXrkj7lk8FDyKbw5t01e2W1K1duOQeiDPxvgOdgrHFo0E&NTxxQD=Ip9Dkd

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49165 -> 154.88.73.219:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 154.88.73.219:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 154.88.73.219:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 154.221.96.146:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 154.221.96.146:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 154.221.96.146:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 93.89.226.17:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 93.89.226.17:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 93.89.226.17:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 13.250.192.238:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 13.250.192.238:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 13.250.192.238:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 66.29.155.51:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 66.29.155.51:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 66.29.155.51:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts