Cuckoo Sandbox

IP Address	Status	Action	VT	Location
No hosts contacted.

Name	Response	Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

POST 100 http://wecan.hasthe.technology/upload

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.168.229:49234 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49234 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49240 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49240 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49247 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49247 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49254 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49254 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49260 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49260 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49264 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49264 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity
TCP 192.168.168.229:49268 -> 199.59.243.228:80	2839369	ETPRO MALWARE Win32/Snojan Variant Uploading EXE	Malware Command and Control Activity Detected
TCP 192.168.168.229:49268 -> 199.59.243.228:80	2016775	ET INFO Generic HTTP EXE Upload Outbound	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Cuckoo

We're processing your submission... This could take a few seconds.