popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

6475b089e47aa.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 30, 2023, 5:42 p.m. May 30, 2023, 5:45 p.m.
Size 2.2MB
Type Zip archive data, at least v2.0 to extract
MD5 6e2306600d820049c30f438bc39c2edf
SHA256 7e9c4e65a30862aa0542fba2d341a48656c624da1b5bf125810f0a4fc75dfb6d
CRC32 E7BB64FD
ssdeep 49152:1Q6J3WM202p5GutgAJuIxyxWCIZnS85PWZ5FvcBj:e89i7JDmWjzP+Uj
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
balibumba1.com
A 91.215.85.180
91.215.85.180
geo.netsupportsoftware.com
A 51.142.119.24
CNAME geography.netsupportsoftware.com
A 62.172.138.67
62.172.138.67
IP Address Status Action
164.124.101.2 Active Moloch
51.142.119.24 Active Moloch
91.215.85.180 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49166 -> 51.142.119.24:80 2034559 ET POLICY NetSupport GeoLocation Lookup Request Potential Corporate Privacy Violation
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2035892 ET INFO NetSupport Remote Admin Checkin Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2035895 ET INFO NetSupport Remote Admin Response Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2035892 ET INFO NetSupport Remote Admin Checkin Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2035895 ET INFO NetSupport Remote Admin Response Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2035892 ET INFO NetSupport Remote Admin Checkin Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2035895 ET INFO NetSupport Remote Admin Response Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2035892 ET INFO NetSupport Remote Admin Checkin Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222 2221045 SURICATA HTTP Unexpected Request body Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

suspicious_features GET method with no useragent header suspicious_request GET http://geo.netsupportsoftware.com/location/loca.asp
request GET http://geo.netsupportsoftware.com/location/loca.asp