Snojan Dynamer Trojan Downloader Malware fifexont.com tonekrant.com FULL PCAP File Download Traffic Analysis

SHA256: a66c3e211004c7d403f633a0ced7327f5b2b102f47be4226d24edcb7ebd21562 File name: front.exe Detection ratio: 49 / 58 Analysis date: 2017-02-20 05:26:08 UTC ( 0 minutes ago ) Antivirus Result Update ALYac Trojan.GenericKD.4294253 20170220 AVG Agent5.AXHG 20170220 AVware Trojan.Win32.Generic!BT 20170220 Ad-Aware Trojan.GenericKD.4294253 20170220 AegisLab Uds.Dangerousobject.Multi!c 20170220 AhnLab-V3 Trojan/Win32.Snojan.C1770480 20170219 Arcabit Trojan.Generic.D41866D 20170220 Avast Win32:Malware-gen 20170220 Avira (no cloud) TR/Crypt.ZPACK.wcpog 20170219 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170217 BitDefender Trojan.GenericKD.4294253 20170220 Bkav HW32.Packed.3570 20170218 CAT-QuickHeal Trojan.Dynamer 20170218 ClamAV Win.Trojan.Generic-5747581-0 20170220 Comodo UnclassifiedMalware 20170220 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130 2017-02-18 07:29:58.854612 IP 192.168.1.102.55863 > 46.30.213.95.80: Flags [P.], seq 0:285, ack 1, win 64240, length 285: HTTP: GET /front.exe HTTP/1.1 E..E}.@….f…f…_.7.P.^$UN..rP…….GET /front.exe HTTP/1.1 Accept: […]

Trojan Crypt Password Stealer Malware turbo.exe 157.56.31.43 Port 3544/UDP PCAP file download Traffic Sample

SHA256: b31c4f30f37be6a0ea904019fcce94319fd59215fe06d52a265946be088d2592 File name: turbo.exe Detection ratio: 48 / 58 Analysis date: 2017-02-20 04:48:47 UTC ( 0 minutes ago ) Cyren W32/Trojan.YHFN-2823 20170220 DrWeb Trojan.PWS.Stealer.15842 20170220 ESET-NOD32 a variant of Win32/Injector.DKFX 20170219 Emsisoft Trojan.GenericKD.4236515 (B) 20170220 F-Secure Trojan.GenericKD.4236515 20170220 Fortinet W32/Injector.DJWH!tr 20170220 GData Trojan.GenericKD.4236515 20170220 Ikarus Trojan.Win32.Injector 20170219 K7AntiVirus Trojan ( 005036d71 ) 20170220 K7GW Trojan ( 005036d71 ) 20170220 Kaspersky Trojan.Win32.Agent.neytzz 20170220 Malwarebytes Trojan.Crypt 20170220 McAfee Trojan-FLBV!22730AE47ACC 20170220 McAfee-GW-Edition Trojan-FLBV!22730AE47ACC 2017-02-18 07:20:52.112791 IP 192.168.1.102.55812 > 182.255.5.201.80: Flags [P.], seq 0:416, ack 1, win 256, length 416: HTTP: GET /~bemkmund/two/turbo.exe HTTP/1.1 E…=.@…<….f…….P0.H..P.0P…k…GET /~bemkmund/two/turbo.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* […]

Xrat-R Remote Access Trojan h1h1tl3r.click Off1c3v4l1dK3y2017s.exe Malware Backdoor PCAP file Download Traffic Analysis

Troj/Xrat-R exhibits the following characteristics: File Information Size 1.1M SHA-1 5c533a9f95f69c98f5926810f0cf78fa7a6cf447 MD5 c6e081d416d2bde4d450f7dc34c1351c CRC-32 f70ab7ef File type Windows executable First seen 2016-12-11 Runtime Analysis Registry Keys Created HKCU\Software\zUB8dknwC InstalledServer c:\Documents and Settings\test user\Application Data\f6hjg\28dpo.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce GWlgQh C:\GWlgQhGWlgQh\GWlgQh.vbs Processes Created c:\Documents and Settings\test user\application data\f6hjg\28dpo.exe c:\windows\microsoft.net\framework\v2.0.50727\csc.exe 2017-02-18 07:24:47.085846 IP 192.168.1.102.55839 > 108.179.232.87.80: Flags [P.], seq 0:317, ack 1, win 256, length 317: HTTP: GET /Off1c3v4l1dK3y2017s.exe HTTP/1.1 E..e..@….y…fl..W…P….e.Q.P…….GET /Off1c3v4l1dK3y2017s.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: dryversdocumentsandcustomer.com Connection: Keep-Alive 2017-02-18 07:26:16.924122 IP 192.168.1.102.62494 > 75.75.75.75.53: 42747+ A? […]

ZBOT ZeuS Banking Trojan Malware melonia.exe PCAP file download Traffic Sample 91.195.103.14

SHA256: 149fda05458720c56fe36871c2d8991a4f67ad87fb512873c6e7b481fca078c0 File name: melonia.exe Detection ratio: 13 / 58 Analysis date: 2017-02-20 04:22:36 UTC ( 0 minutes ago ) Antivirus Result Update Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170217 BitDefender Gen:Variant.Midie.35271 20170220 CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130 Endgame malicious (high confidence) 20170217 Invincea trojandropper.win32.small.pq 20170203 K7GW Hacktool ( 655367771 ) 20170220 Kaspersky UDS:DangerousObject.Multi.Generic 20170220 Malwarebytes Trojan.Xcsidl 20170220 McAfee Artemis!395315BF3E1F 20170220 McAfee-GW-Edition Artemis 20170219 Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170220 Symantec ML.Attribute.HighConfidence 20170219 Webroot Malicious 20170220   Troj/Zbot-LMH exhibits the following characteristics: File Information Size 124K SHA-1 8d7bc351ed622a28d1c4db09da6ea8c156099581 MD5 a6c8dfd98f730c2d9aa33e521acf4514 CRC-32 8a762a91 File type Windows executable First seen 2016-07-12   2017-02-18 07:18:10.284472 IP 192.168.1.102.55783 > 91.195.103.14.80: […]

Netwire Wirenet Trojan Downloader Malware 2017.exe PCAP file download traffic analysis

SHA256: 26989aa946a3c511b62b809bb98c2c7cf947ca5bfad628873ab3f6b94297b7d1 File name: 2017.exe Detection ratio: 34 / 57 Analysis date: 2017-02-20 02:14:31 UTC ( 57 minutes ago ) AVG Autoit2_c.ACFW 20170220 AVware Trojan.Win32.Generic!BT 20170219 Ad-Aware Trojan.GenericKD.4425869 20170220 AegisLab Troj.W32.Gen.m5cP 20170220 Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20170220 Arcabit Trojan.Generic.D43888D 20170220 Avira (no cloud) DR/Autoit.yobkp 20170219 BitDefender Trojan.GenericKD.4425869 20170219 Bkav W32.HfsAtITIST.FAB9 20170218 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130 Cyren W32/Trojan.ICBN-4514 20170220 DrWeb BackDoor.Wirenet.187 20170220 Troj/Netwire-GZ Category: Viruses and Spyware Protection available since: 07 Oct 2016 15:58:11 (GMT) Type: Trojan Last Updated: 07 Oct 2016 15:58:11 (GMT) Troj/Netwire-GZ exhibits the following characteristics: File Information Size 283K SHA-1 d57e5c3b764a3a33a3e069b78794cc91a39805f8 MD5 64032694f59a03659420f6205852c662 CRC-32 e9e62086 File type […]