NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.245.214.178	Active	Moloch
18.119.154.66	Active	Moloch
194.9.94.86	Active	Moloch
84.32.84.32	Active	Moloch

Name	Response	Post-Analysis Lookup
www.immernochlustig.com
www.ahmedhussein.tech	CNAME ahmedhussein.tech A 84.32.84.32	84.32.84.32
www.ki-ror.se	A 194.9.94.86 A 194.9.94.85	194.9.94.85
www.davideal.com	A 18.119.154.66 CNAME hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com A 3.140.13.188 CNAME traff-6.hugedomains.com	18.119.154.66

TCP Requests

UDP Requests

GET 200 http://172.245.214.178/007/Dblvvr.dat

GET 302 http://www.davideal.com/my28/?kFQl2H=g8afGKt5BcK8YWBpPCZ4/pxfgmmwdPBJ2VKmtBKY2hxTlxLpEHHrWffhk8WAXZeJbBDqIDJo&oX9=_0GXHXQPdFBhZ

GET 200 http://www.ki-ror.se/my28/?kFQl2H=4lfbIkXHco+fuMDhz2Un+xLdCLWdE3L2wwFDQBldcMLfj96ewRmoLvxyaijxNRtmHQY8ZyKd&oX9=_0GXHXQPdFBhZ

GET 200 http://www.ahmedhussein.tech/my28/?kFQl2H=X1+ORJ0PqquAMwqRkudv2MXmW9g+6c2tmFrHnXo+N3P5UuIjhh51ghREFDJwWuIRTjSnOhJv&oX9=_0GXHXQPdFBhZ

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49169 -> 84.32.84.32:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 84.32.84.32:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 84.32.84.32:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 18.119.154.66:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 18.119.154.66:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 18.119.154.66:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 194.9.94.86:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 194.9.94.86:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 194.9.94.86:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts