Cuckoo Sandbox

IP Address	Status	Action	VT	Location
No hosts contacted.

Name	Response	Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

GET 200 http://mkkuei4kdsz.com/389/692.html

GET 200 http://ow5dirasuek.com/754/627.html

GET 200 http://mkkuei4kdsz.com/371/252.html

GET 200 http://ow5dirasuek.com/919/625.html

GET 200 http://mkkuei4kdsz.com/607/220.html

GET 200 http://ow5dirasuek.com/361/992.html

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.168.206:57201 -> 8.8.8.8:53	91551352	ThreatFox botnet C2 traffic (domain - confidence level: 100%)	A Network Trojan was detected
TCP 192.168.168.206:49236 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49236 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
UDP 192.168.168.206:54091 -> 8.8.8.8:53	91551351	ThreatFox botnet C2 traffic (domain - confidence level: 100%)	A Network Trojan was detected
TCP 192.168.168.206:49238 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49238 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.206:49243 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49243 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.206:49244 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49244 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.206:49249 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49249 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.206:49250 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.206:49250 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Cuckoo

We're processing your submission... This could take a few seconds.