6477e8cb9c716.zip| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | June 1, 2023, 9:51 a.m. | June 1, 2023, 9:53 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| geo.netsupportsoftware.com | 51.142.119.24 | |
| balibumba1.com | 91.215.85.180 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49167 -> 91.215.85.180:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | Misc activity |
| TCP 192.168.56.102:49168 -> 51.142.119.24:80 | 2034559 | ET POLICY NetSupport GeoLocation Lookup Request | Potential Corporate Privacy Violation |
| TCP 91.215.85.180:5222 -> 192.168.56.102:49167 | 2035895 | ET INFO NetSupport Remote Admin Response | Misc activity |
| TCP 192.168.56.102:49167 -> 91.215.85.180:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | Misc activity |
| TCP 91.215.85.180:5222 -> 192.168.56.102:49167 | 2035895 | ET INFO NetSupport Remote Admin Response | Misc activity |
| TCP 192.168.56.102:49167 -> 91.215.85.180:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | Misc activity |
| TCP 192.168.56.102:49167 -> 91.215.85.180:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | Misc activity |
| TCP 192.168.56.102:49167 -> 91.215.85.180:5222 | 2035892 | ET INFO NetSupport Remote Admin Checkin | Misc activity |
Suricata TLS
No Suricata TLS
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://geo.netsupportsoftware.com/location/loca.asp | ||||||
| request | GET http://geo.netsupportsoftware.com/location/loca.asp |