Cuckoo Sandbox

IP Address	Status	Action	VT	Location
No hosts contacted.

Name	Response	Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

GET 200 http://mkkuei4kdsz.com/52/119.html

GET 200 http://ow5dirasuek.com/636/759.html

GET 200 http://mkkuei4kdsz.com/116/341.html

GET 200 http://ow5dirasuek.com/267/167.html

GET 200 http://mkkuei4kdsz.com/312/893.html

GET 200 http://ow5dirasuek.com/298/83.html

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.168.219:49443 -> 8.8.8.8:53	91551352	ThreatFox botnet C2 traffic (domain - confidence level: 100%)	A Network Trojan was detected
TCP 192.168.168.219:49249 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49249 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
UDP 192.168.168.219:63706 -> 8.8.8.8:53	91551351	ThreatFox botnet C2 traffic (domain - confidence level: 100%)	A Network Trojan was detected
TCP 192.168.168.219:49251 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49251 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.219:49258 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49258 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.219:49259 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49259 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.219:49265 -> 3.238.30.69:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49265 -> 3.238.30.69:80	91509693	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected
TCP 192.168.168.219:49266 -> 52.27.79.221:80	2015786	ET MALWARE Ransom.Win32.Birele.gsg Checkin	Malware Command and Control Activity Detected
TCP 192.168.168.219:49266 -> 52.27.79.221:80	91509692	ThreatFox botnet C2 traffic (url - confidence level: 75%)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Cuckoo

We're processing your submission... This could take a few seconds.