wL8P9unF.zip| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | March 22, 2023, 10:41 a.m. | March 22, 2023, 10:44 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 104.168.155.143 | Active | Moloch |
| 107.170.39.149 | Active | Moloch |
| 115.68.227.76 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 164.90.222.65 | Active | Moloch |
| 167.172.199.165 | Active | Moloch |
| 172.105.226.75 | Active | Moloch |
| 187.63.160.88 | Active | Moloch |
| 202.129.205.3 | Active | Moloch |
| 209.126.85.32 | Active | Moloch |
| 213.239.212.5 | Active | Moloch |
| 5.135.159.50 | Active | Moloch |
| 94.23.45.86 | Active | Moloch |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49184 -> 187.63.160.88:80 | 2404307 | ET CNC Feodo Tracker Reported CnC Server group 8 | A Network Trojan was detected |
| TCP 192.168.56.102:49186 -> 164.90.222.65:443 | 2404304 | ET CNC Feodo Tracker Reported CnC Server group 5 | A Network Trojan was detected |
| TCP 192.168.56.102:49187 -> 104.168.155.143:8080 | 2404300 | ET CNC Feodo Tracker Reported CnC Server group 1 | A Network Trojan was detected |
| TCP 187.63.160.88:80 -> 192.168.56.102:49184 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.102:49189 -> 213.239.212.5:443 | 2404309 | ET CNC Feodo Tracker Reported CnC Server group 10 | A Network Trojan was detected |
| TCP 209.126.85.32:8080 -> 192.168.56.102:49182 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 213.239.212.5:443 -> 192.168.56.102:49189 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 172.105.226.75:8080 -> 192.168.56.102:49191 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
| Baidu | Archive.Bomb |
| Kaspersky | UDS:Trojan-Banker.Win64.Emotet |
| Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
| Rising | Malware.SwollenFile!1.DDB4 (CLASSIC) |
| host | 104.168.155.143 | |||
| host | 107.170.39.149 | |||
| host | 115.68.227.76 | |||
| host | 164.90.222.65 | |||
| host | 167.172.199.165 | |||
| host | 172.105.226.75 | |||
| host | 187.63.160.88 | |||
| host | 202.129.205.3 | |||
| host | 209.126.85.32 | |||
| host | 213.239.212.5 | |||
| host | 5.135.159.50 | |||
| host | 94.23.45.86 | |||
| dead_host | 202.129.205.3:8080 |
| dead_host | 164.90.222.65:443 |
| dead_host | 115.68.227.76:8080 |
| dead_host | 107.170.39.149:8080 |
| dead_host | 5.135.159.50:443 |
| dead_host | 104.168.155.143:8080 |
| dead_host | 167.172.199.165:8080 |
| dead_host | 192.168.56.102:49194 |
| dead_host | 192.168.56.102:49195 |
| dead_host | 192.168.56.102:49192 |