NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
194.59.164.67	Active	Moloch
208.95.112.1	Active	Moloch
79.134.225.94	Active	Moloch

Name	Response	Post-Analysis Lookup
wshsoft.company	A 194.59.164.67	194.59.164.67
ip-api.com	A 208.95.112.1	208.95.112.1

TCP Requests

UDP Requests

GET 200 http://ip-api.com/json/

GET 200 http://wshsoft.company/python27.zip

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49202 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49202 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49199 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49205 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 79.134.225.94:5200	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 79.134.225.94:5200	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts