NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
125.253.92.50	Active	Moloch
148.251.234.93	Active	Moloch
164.124.101.2	Active	Moloch
62.204.41.23	Active	Moloch

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 131.153.76.130 A 125.253.92.50	142.202.242.45
maper.info	A 148.251.234.93	148.251.234.93

TCP Requests

UDP Requests

GET 200 http://62.204.41.23/o.png

GET 200 http://62.204.41.23/file.png

GET 200 http://62.204.41.23/r.png

GET 200 http://62.204.41.23/OneDrive.png

GET 200 http://62.204.41.23/dllhost.png

GET 200 http://62.204.41.23/lsass.png

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 62.204.41.23:80 -> 192.168.56.101:49168	2402000	ET DROP Dshield Block Listed Source group 1	Misc Attack
TCP 62.204.41.23:80 -> 192.168.56.101:49169	2014819	ET INFO Packed Executable Download	Misc activity
TCP 62.204.41.23:80 -> 192.168.56.101:49169	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 62.204.41.23:80 -> 192.168.56.101:49169	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 62.204.41.23:80 -> 192.168.56.101:49169	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 62.204.41.23:80 -> 192.168.56.101:49168	2035769	ET HUNTING [TW] Likely Hex Executable String	Misc activity
TCP 62.204.41.23:80 -> 192.168.56.101:49168	2020482	ET WEB_CLIENT DRIVEBY GENERIC ShellExecute in Hex No Seps	A Network Trojan was detected
TCP 62.204.41.23:80 -> 192.168.56.101:49170	2035769	ET HUNTING [TW] Likely Hex Executable String	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49173 -> 125.253.92.50:80	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49180 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49180 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49180 -> 148.251.234.93:443	2026897	ET POLICY IP Logger Redirect Domain in SNI	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts