NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 03:01
A Look Inside a Modern...
01.19 03:01
Apple, Google Remove T...
01.19 03:01
How to Get Around the ...
01.19 03:01
[사전규격공개] 2025 APCERT 국...
01.19 12:01
시몬스 침대, 카카오톡 선물하기 통해 설...
01.19 12:01
Zero Trust and Entra I...
01.19 12:01
Stealth AirTag Broadca...
01.19 12:01
US TikTok Users Get No...
01.19 09:01
하이텍 그룹, 산업방송 채널i ‘히든 챔...
01.19 09:01
I3C Bit-banging Fun fo...

NetWork | ZeroBOX

IP Address	Status	Action
162.244.93.4	Active	Moloch
193.58.147.147	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.101:49169 162.244.93.4:80
- 192.168.56.101:49164 193.58.147.147:39834

UDP Requests

GET 200 http://162.244.93.4/~rubin/redlol.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 193.58.147.147:39834 -> 192.168.56.101:49164	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 193.58.147.147:39834 -> 192.168.56.101:49164	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.101:49169 -> 162.244.93.4:80	2022940	ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (userdir dotted quad)	A Network Trojan was detected
TCP 192.168.56.101:49169 -> 162.244.93.4:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 162.244.93.4:80 -> 192.168.56.101:49169	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 162.244.93.4:80 -> 192.168.56.101:49169	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 162.244.93.4:80 -> 192.168.56.101:49169	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 193.58.147.147:39834	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts