Bad Rabbit Ransomware | Network
Try VMRay Analyzer
Connection Overview

Connections
TCP Sessions (9)
+
Information Value
Total Data Sent 0.00 KB (0 bytes)
Total Data Received 0.00 KB (0 bytes)
Contacted Host Count 8
Contacted Hosts 192.168.0.0:445, 192.168.0.0:139, 192.168.0.1:445, 192.168.0.1:139, 192.168.0.2:445, 192.168.0.2:139, 192.168.0.3:445, 192.168.0.3:139
TCP Session #1
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.0
Remote Port 445
Local Address 0.0.0.0
Local Port 1728
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.0, remote_port = 445 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.0
Remote Port 139
Local Address 0.0.0.0
Local Port 2752
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.0, remote_port = 139 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.1
Remote Port 445
Local Address 0.0.0.0
Local Port 3008
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.1, remote_port = 445 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.1
Remote Port 139
Local Address 0.0.0.0
Local Port 3264
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.1, remote_port = 139 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #5
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.2
Remote Port 445
Local Address 0.0.0.0
Local Port 3520
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.2, remote_port = 445 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #6
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.2
Remote Port 139
Local Address 0.0.0.0
Local Port 3776
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.2, remote_port = 139 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #7
+
Information Value
Handle 0x27c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 192.168.0.1
Remote Port 445
Local Address -
Local Port -
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.1, remote_port = 445 False 1
Fn
TCP Session #8
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.3
Remote Port 445
Local Address 0.0.0.0
Local Port 4288
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.3, remote_port = 445 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #9
+
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.3
Remote Port 139
Local Address 0.0.0.0
Local Port 4544
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.3, remote_port = 139 True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image