6462c9b83536b.zip| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | May 16, 2023, 11:19 a.m. | May 16, 2023, 11:21 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| geo.netsupportsoftware.com | 51.142.119.24 | |
| blahadfurtik.com | 176.124.198.7 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49167 -> 62.172.138.67:80 | 2034559 | ET POLICY NetSupport GeoLocation Lookup Request | Potential Corporate Privacy Violation |
| TCP 192.168.56.102:49165 -> 176.124.198.7:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | A Network Trojan was detected |
| TCP 176.124.198.7:5222 -> 192.168.56.102:49165 | 2035895 | ET INFO NetSupport Remote Admin Response | A Network Trojan was detected |
| TCP 192.168.56.102:49165 -> 176.124.198.7:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | A Network Trojan was detected |
| TCP 176.124.198.7:5222 -> 192.168.56.102:49165 | 2035895 | ET INFO NetSupport Remote Admin Response | A Network Trojan was detected |
| TCP 192.168.56.102:49165 -> 176.124.198.7:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | A Network Trojan was detected |
| TCP 192.168.56.102:49165 -> 176.124.198.7:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://geo.netsupportsoftware.com/location/loca.asp | ||||||
| request | GET http://geo.netsupportsoftware.com/location/loca.asp |