Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
pastebin.com | 172.67.34.170 |
GET
200
https://pastebin.com/raw/ZRRRiwsq
REQUEST
RESPONSE
BODY
GET /raw/ZRRRiwsq HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 04:04:32 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: MISS
Last-Modified: Fri, 01 Dec 2023 04:04:32 GMT
Server: cloudflare
CF-RAY: 82e872510f087d5c-LAX
GET
200
http://195.20.16.153/xmrig.exe
REQUEST
RESPONSE
BODY
GET /xmrig.exe HTTP/1.1
Host: 195.20.16.153
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 01 Dec 2023 04:04:32 GMT
Content-Type: application/octet-stream
Content-Length: 5412864
Last-Modified: Thu, 30 Nov 2023 09:30:31 GMT
Connection: keep-alive
ETag: "65685637-529800"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/WinRing0x64.sys
REQUEST
RESPONSE
BODY
GET /WinRing0x64.sys HTTP/1.1
Host: 195.20.16.153
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 01 Dec 2023 04:04:32 GMT
Content-Type: application/octet-stream
Content-Length: 14544
Last-Modified: Tue, 14 Nov 2023 16:09:50 GMT
Connection: keep-alive
ETag: "65539bce-38d0"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/WatchDog.exe
REQUEST
RESPONSE
BODY
GET /WatchDog.exe HTTP/1.1
Host: 195.20.16.153
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 01 Dec 2023 04:04:36 GMT
Content-Type: application/octet-stream
Content-Length: 63488
Last-Modified: Tue, 14 Nov 2023 16:09:49 GMT
Connection: keep-alive
ETag: "65539bcd-f800"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
Command | Params | Type |
---|---|---|
MODE | RandomX mode: auto, fast, light | client |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49181 104.20.67.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
Snort Alerts
No Snort Alerts