Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.trishpintar.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
| www.hbiwhwr.shop |
CNAME
hbiwhwr.shop
|
34.102.136.180 |
| www.sx15k.com |
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:64894
-
GET
429
http://www.trishpintar.com/sy22/?XPc=ZcWCyggxITiff9Ntu8frHWICLZ17JBNS5H8XzpbFosEL7RS7W4YHICi5HEs8XFn8+eU3rAdd&Hpq=V6ALd0OhqlATeV
REQUEST
RESPONSE
BODY
GET /sy22/?XPc=ZcWCyggxITiff9Ntu8frHWICLZ17JBNS5H8XzpbFosEL7RS7W4YHICi5HEs8XFn8+eU3rAdd&Hpq=V6ALd0OhqlATeV HTTP/1.1
Host: www.trishpintar.com
Connection: close
HTTP/1.1 429 Too Many Requests
Content-Length: 0
Accept-Ranges: bytes
Date: Tue, 25 Jul 2023 22:50:11 GMT
X-Served-By: cache-hnd18721-HND
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==
Via: 1.1 google
Connection: close
GET
403
http://www.hbiwhwr.shop/sy22/?XPc=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Hpq=V6ALd0OhqlATeV
REQUEST
RESPONSE
BODY
GET /sy22/?XPc=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Hpq=V6ALd0OhqlATeV HTTP/1.1
Host: www.hbiwhwr.shop
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Tue, 25 Jul 2023 22:50:32 GMT
Content-Type: text/html
Content-Length: 291
ETag: "64bae555-123"
Via: 1.1 google
Connection: close
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.103 | 164.124.101.2 | 3 | |
| 192.168.56.103 | 164.124.101.2 | 3 | |
| 192.168.56.103 | 164.124.101.2 | 3 | |
| 192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49165 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 34.149.87.45:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 34.149.87.45:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts