NetWork | ZeroBOX

IP Address	Status	Action
194.50.153.173	Active	Moloch
94.142.138.128	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49162 194.50.153.173:24496
- 192.168.56.103:49164 94.142.138.128:80

UDP Requests

GET 200 http://94.142.138.128/build.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 194.50.153.173:24496 -> 192.168.56.103:49162	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49164 -> 94.142.138.128:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 94.142.138.128:80 -> 192.168.56.103:49164	2014819	ET INFO Packed Executable Download	Misc activity
TCP 94.142.138.128:80 -> 192.168.56.103:49164	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 94.142.138.128:80 -> 192.168.56.103:49164	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 94.142.138.128:80 -> 192.168.56.103:49164	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49162 -> 194.50.153.173:24496	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts