popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 2 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
45.156.85.189 Active Moloch
Name Response Post-Analysis Lookup
mr1robot11.ddns.net
A 45.156.85.189
45.156.85.189

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 2035595 ET MALWARE Generic AsyncRAT Style SSL Cert Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 2035595 ET MALWARE Generic AsyncRAT Style SSL Cert Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49165
45.156.85.189:6666 		CN=AsyncRAT Server CN=AsyncRAT Server c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d
TLSv1
192.168.56.101:49166
45.156.85.189:6666 		CN=AsyncRAT Server CN=AsyncRAT Server c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d

Snort Alerts

No Snort Alerts