Cuckoo Sandbox

IP Address	Status	Action	VT	Location
No hosts contacted.

Name	Response	Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

GET 0 http://ehqnarrrrh.ws/imgs/krewa/nqxa.php?id=d89zkcxo&s5=3159&lip=192.168.168.228&win=fWinS

GET 0 http://rawphhnwss.org/imgs/krewa/nqxa.php?id=d89zkcxo&s5=3159&lip=192.168.168.228&win=fWinS

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.168.228:49241 -> 64.70.19.203:80	2807186	ETPRO MALWARE Worm.Mydoom Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.228:49241 -> 64.70.19.203:80	2807187	ETPRO MALWARE User-Agent (explwer)	A Network Trojan was detected
UDP 192.168.168.228:61880 -> 8.8.8.8:53	2027863	ET INFO Observed DNS Query to .biz TLD	Potentially Bad Traffic
UDP 192.168.168.228:52081 -> 8.8.8.8:53	2027863	ET INFO Observed DNS Query to .biz TLD	Potentially Bad Traffic
TCP 192.168.168.228:49246 -> 85.17.31.122:80	2807186	ETPRO MALWARE Worm.Mydoom Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.228:49246 -> 85.17.31.122:80	2807187	ETPRO MALWARE User-Agent (explwer)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

Flow	SID	Message
UDP 192.168.168.228:61880 -> 8.8.8.8:53	2027863	ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.228:52081 -> 8.8.8.8:53	2027863	ET INFO Observed DNS Query to .biz TLD

Cuckoo

We're processing your submission... This could take a few seconds.