NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 03:11
몬드리안에이아이, '디에스앤지 이노베이션...
11.14 03:11
본아이에프, 따뜻한 국물부터 백반까지…속...
11.14 03:11
반려동물 웰빙 브랜드 본아페티, 고프로 ...
11.14 03:11
Pegasystems Consolidat...
11.14 03:11
삼안하이드로릭, 온실가스 감축 가능한 균...
11.14 03:11
라스트버튼(LASTBUTTON), 현대백...
11.14 03:11
ASML Upholds 2030 Sale...
11.14 03:11
Merck KGaA Beats Estim...
11.14 03:11
Deutsche Telekom Earni...
11.14 03:11
「2024 전자문서 산업인의 날 컨퍼런스...

NetWork | ZeroBOX

IP Address	Status	Action
185.215.113.100	Active	Moloch
185.215.113.103	Active	Moloch
31.41.244.10	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

POST 200 http://31.41.244.10/Dem7kTu/index.php

POST 200 http://31.41.244.10/Dem7kTu/index.php

GET 200 http://185.215.113.100/steam/random.exe

POST 200 http://31.41.244.10/Dem7kTu/index.php

GET 200 http://185.215.113.103/

GET 304 http://185.215.113.100/steam/random.exe

POST 200 http://185.215.113.103/e2b1563c6670f193.php

POST 200 http://31.41.244.10/Dem7kTu/index.php

GET 200 http://185.215.113.103/well/random.exe

GET 200 http://185.215.113.103/

POST 200 http://185.215.113.103/e2b1563c6670f193.php

POST 200 http://31.41.244.10/Dem7kTu/index.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 185.215.113.100:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.100:80 -> 192.168.56.101:49165	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.100:80 -> 192.168.56.101:49165	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.100:80 -> 192.168.56.101:49165	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 31.41.244.10:80 -> 192.168.56.101:49164	2400001	ET DROP Spamhaus DROP Listed Traffic Inbound group 2	Misc Attack
TCP 192.168.56.101:49173 -> 185.215.113.103:80	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 185.215.113.100:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 185.215.113.103:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.103:80 -> 192.168.56.101:49172	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.103:80 -> 192.168.56.101:49172	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.103:80 -> 192.168.56.101:49172	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49168 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49169 -> 185.215.113.103:80	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49168 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts