NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 03:11
It’s a Soldering Iron!...
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...
11.16 07:11
Senators Call for Prob...

NetWork | ZeroBOX

IP Address	Status	Action
154.204.248.137	Active	Moloch
164.124.101.2	Active	Moloch
175.41.16.124	Active	Moloch
216.18.208.202	Active	Moloch
45.33.6.223	Active	Moloch
85.159.66.93	Active	Moloch

Name	Response	Post-Analysis Lookup
www.terratechpower.com	A 154.204.248.137	154.204.248.137
www.hf9blwwuwpx7j8k.live	A 216.18.208.202 CNAME hf9blwwuwpx7j8k.live	216.18.208.202
www.asiadesign.xyz	CNAME natroredirect.natrocdn.com CNAME redirect.natrocdn.com A 85.159.66.93	85.159.66.93
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.easy005.xyz	A 175.41.16.124	175.41.16.124

TCP Requests

UDP Requests

GET 404 http://www.hf9blwwuwpx7j8k.live/pgnt/?9rn4nZSH=jggKibTkaQnsv+2bz686sPrTKpZZj5Y7aAqpZixHsFh0T3weMU/cyshvM3OEWd3UvH/Dq+t9ATMUuDnmaxwczBaDQ+rEYQWWB3PST8s=&w2=jFQp3Rm0k

GET 200 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip

POST 404 http://www.asiadesign.xyz/pgnt/

POST 404 http://www.asiadesign.xyz/pgnt/

POST 0 http://www.easy005.xyz/pgnt/

POST 405 http://www.easy005.xyz/pgnt/

GET 200 http://www.easy005.xyz/pgnt/?9rn4nZSH=c6ZjPMR1KypLsYL8ZObHXIR8yq1gidghehR4txHs12y83WCLVbV9I23DeUmMEfmlfVnaxELxUHkqoDbKi0r8vsl7teQksvkhOq4cf7k=&w2=jFQp3Rm0k

POST 0 http://www.terratechpower.com/pgnt/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49167 -> 85.159.66.93:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 175.41.16.124:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 85.159.66.93:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 85.159.66.93:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 85.159.66.93:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 85.159.66.93:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 175.41.16.124:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 154.204.248.137:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 175.41.16.124:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 175.41.16.124:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 175.41.16.124:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 216.18.208.202:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 216.18.208.202:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 216.18.208.202:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts