Analysis

Category Package Started Completed Duration Log
PCAP 2018-12-20 11:54:50 2018-12-20 11:54:50 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
N 89.42.208.248 [VT] Iran, Islamic Republic of
Y 8.8.8.8 [VT] United States
Y fe80::c19a:988d:f512:eb6e [VT] unknown
Y fe80::e0af:df58:639:72 [VT] unknown
Y ff02::1:ff12:eb6e [VT] unknown
Y ff02::1:3 [VT] unknown

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com [VT] A 131.107.255.255 [VT]
dns.msftncsi.com [VT] NXDOMAIN [VT]
vitagrey.com [VT] A 89.42.208.248 [VT]

Hosts

Direct IP Country Name
N 89.42.208.248 [VT] Iran, Islamic Republic of
Y 8.8.8.8 [VT] United States
Y fe80::c19a:988d:f512:eb6e [VT] unknown
Y fe80::e0af:df58:639:72 [VT] unknown
Y ff02::1:ff12:eb6e [VT] unknown
Y ff02::1:3 [VT] unknown

TCP

Source Source Port Destination Destination Port
192.168.56.12 61836 89.42.208.248 vitagrey.com 443
192.168.56.12 61837 89.42.208.248 vitagrey.com 443
192.168.56.12 61838 89.42.208.248 vitagrey.com 443
192.168.56.12 61839 89.42.208.248 vitagrey.com 443
192.168.56.12 61840 89.42.208.248 vitagrey.com 443
192.168.56.12 61841 89.42.208.248 vitagrey.com 443

UDP

Source Source Port Destination Destination Port
fe80::e0af:df58:639:72 61638 ff02::1:3 5355
fe80::e0af:df58:639:72 62917 ff02::1:3 5355
fe80::e0af:df58:639:72 56642 ff02::1:3 5355
fe80::e0af:df58:639:72 63526 ff02::1:3 5355
fe80::e0af:df58:639:72 5355 fe80::c19a:988d:f512:eb6e 58674
fe80::e0af:df58:639:72 5355 fe80::c19a:988d:f512:eb6e 62851
192.168.56.12 5355 192.168.56.13 49864
192.168.56.12 5355 192.168.56.13 62743
192.168.56.12 51959 224.0.0.252 5355
192.168.56.12 57346 224.0.0.252 5355
192.168.56.12 57969 224.0.0.252 5355
192.168.56.12 64802 224.0.0.252 5355
192.168.56.12 53756 8.8.8.8 53
192.168.56.12 56295 8.8.8.8 53
192.168.56.12 64464 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com [VT] A 131.107.255.255 [VT]
dns.msftncsi.com [VT] NXDOMAIN [VT]
vitagrey.com [VT] A 89.42.208.248 [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.56.12 61836 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.56.12 61837 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.56.12 61838 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.56.12 61839 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.56.12 61840 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
192.168.56.12 61841 89.42.208.248 vitagrey.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.081 seconds )

  • 0.062 NetworkAnalysis
  • 0.017 AnalysisInfo
  • 0.001 BehaviorAnalysis
  • 0.001 Debug

Signatures ( 0.125 seconds )

  • 0.017 infostealer_ftp
  • 0.014 browser_security
  • 0.014 infostealer_bitcoin
  • 0.012 ie_martian_children
  • 0.011 geodo_banking_trojan
  • 0.01 rat_spynet
  • 0.007 antiav_detectreg
  • 0.005 antiav_detectfile
  • 0.004 infostealer_im
  • 0.004 ransomware_files
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_mail
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 ursnif_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 disables_browser_warn
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt

Reporting ( 0.0 seconds )

Task ID 27811
Mongo ID 5c1b83e8f28488050bd93222
Cuckoo release 1.3-CAPE
Delete