Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.seetrol.com | 139.150.75.206 |
GET
404
http://www.seetrol.com/update3/STUpdate.exe
REQUEST
RESPONSE
BODY
GET /update3/STUpdate.exe HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/SeetrolClient.exe
REQUEST
RESPONSE
BODY
GET /update3/SeetrolClient.exe HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/Seetrol_Clt.exe
REQUEST
RESPONSE
BODY
GET /update3/Seetrol_Clt.exe HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 221
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/SeetrolMyService.exe
REQUEST
RESPONSE
BODY
GET /update3/SeetrolMyService.exe HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/sthooks.dll
REQUEST
RESPONSE
BODY
GET /update3/sthooks.dll HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/sas.dll
REQUEST
RESPONSE
BODY
GET /update3/sas.dll HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 213
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/STKeyHook.dll
REQUEST
RESPONSE
BODY
GET /update3/STKeyHook.dll HTTP/1.1
User-Agent: SeetrolCenterEx
Host: www.seetrol.com
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 219
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:26 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:52 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.seetrol.com/update3/NetScan.exe
REQUEST
RESPONSE
BODY
GET /update3/NetScan.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.seetrol.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 16 Oct 2024 02:19:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Content-Length: 217
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49173 -> 139.150.75.206:80 | 2049137 | ET ADWARE_PUP Seetrol Remote Administration Tool Download | Possibly Unwanted Program Detected |
| TCP 192.168.56.101:49168 -> 139.150.75.206:80 | 2020826 | ET MALWARE Potential Dridex.Maldoc Minimal Executable Request | A Network Trojan was detected |
| TCP 192.168.56.101:49168 -> 139.150.75.206:80 | 2020826 | ET MALWARE Potential Dridex.Maldoc Minimal Executable Request | A Network Trojan was detected |
| TCP 192.168.56.101:49168 -> 139.150.75.206:80 | 2020826 | ET MALWARE Potential Dridex.Maldoc Minimal Executable Request | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts