Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 12, 2023, 10:01 a.m. | Sept. 12, 2023, 10:03 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
mr1robot11.ddns.net | 45.156.85.189 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 | 2030673 | ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) | Domain Observed Used for C2 Detected |
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 | 2035595 | ET MALWARE Generic AsyncRAT Style SSL Cert | Domain Observed Used for C2 Detected |
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 | 2030673 | ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) | Domain Observed Used for C2 Detected |
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 | 2035595 | ET MALWARE Generic AsyncRAT Style SSL Cert | Domain Observed Used for C2 Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49165 45.156.85.189:6666 |
CN=AsyncRAT Server | CN=AsyncRAT Server | c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d |
TLSv1 192.168.56.101:49166 45.156.85.189:6666 |
CN=AsyncRAT Server | CN=AsyncRAT Server | c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d |
domain | mr1robot11.ddns.net |