UnInstall.exe Cerber Ransomware Malware Traffic Analysis PCAP file Download 149.202.64.0.6892: UDP, length 27

  SHA256: 1f4acebd331ff6fe617afe32da66b7577056a903f077bd79c4bdc534bb044d94 File name: UnInstall.exe Detection ratio: 19 / 59 Analysis date: 2017-03-25 02:27:04 UTC ( 0 minutes ago ) AegisLab Ransom.Hpcerber.Sm51!c 20170325 Avast Win32:Malware-gen 20170325 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130 DrWeb Trojan.Inject2.51570 20170325 Endgame malicious (high confidence) 20170317 ESET-NOD32 Win32/Filecoder.Cerber.I 20170325 Fortinet W32/Kryptik.FQBM!tr 20170325 Invincea virus.win32.virut.bn 20170203 Kaspersky UDS:DangerousObject.Multi.Generic 20170325 McAfee Ransomware-FLJJ!DF9E8845DE72 20170325 McAfee-GW-Edition BehavesLike.Win32.Conficker.gh 20170325 Palo Alto Networks (Known Signatures) generic.ml 20170325 Qihoo-360 HEUR/QVM02.0.0487.Malware.Gen 20170325 Rising Malware.Generic.1!tfe (cloud:nN3uADiketB) 20170325 SentinelOne (Static ML) static engine – malicious 20170315 Sophos Mal/Cerber-X 20170325 2017-03-24 21:39:57.755565 IP 192.168.1.102.53049 > 82.165.129.119.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: […]

CERBER Ransomware lobsterscrewallt.top GET /search.php Malware PCAP File Download Traffic Analysis

SHA256:     fa33b75a4e095d6865420c7bd27d7233d7a0653896eb59611f3166466bbfb64a File name:     1 Detection ratio:     4 / 61 Analysis date:     2017-03-24 23:53:30 UTC ( 1 minute ago ) Antivirus     Result     Update CrowdStrike Falcon (ML)     malicious_confidence_100% (D)     20170130 Endgame     malicious (moderate confidence)     20170317 Invincea     worm.win32.kasidet.f     20170203 McAfee-GW-Edition     BehavesLike.Win32.ObfusRansom.dc     20170324     2017-03-24 21:59:48.601287 IP 192.168.1.102.53097 > 54.145.185.110.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /search.php HTTP/1.1 E..M{*@….r…f6..n.i.P+….Y..P…….GET /search.php HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: […]

RANSOMWARE TOR kaem-sib.ru PCAP File Download Traffic Sample Malware Botnet

SHA256:     1d75dc020643b59c4b7745887e00730d2fcf1a129fc21d657402341812429891 File name:     focus_gropu.exe Detection ratio:     51 / 61 Analysis date:     2017-03-25 00:20:49 UTC ( 0 minutes ago ) McAfee-GW-Edition     BehavesLike.Win32.Trojan.dc     20170324 Microsoft     Ransom:Win32/Troldesh.A     20170324 eScan     Trojan.GenericKD.4586233     20170325 NANO-Antivirus     Trojan.Win32.VB.emkvtl     20170324 Palo Alto Networks (Known Signatures)     generic.ml     20170325 Panda     Trj/Genetic.gen     20170324 Qihoo-360     Win32/Trojan.Dropper.489     20170325 Rising     Malware.Generic.5!tfe (cloud:4TqJyxfiS0C)     20170325 SentinelOne (Static ML)     static engine – malicious     20170315 Sophos     Troj/Emogen-BV     20170324 Symantec     Ransom.Kovter     20170324 Tencent     Win32.Trojan.Vb.Wpjn     20170325 TrendMicro     Ransom_CRYPSEN.VC     20170324 TrendMicro-HouseCall […]

CERBER Ransomware voperforseanx.top 2.gif Malware Analysis PCAP file Download Traffic Sample

2017-03-24 21:33:08.433085 IP 192.168.1.102.52862 > 47.90.205.113.80: Flags [P.], seq 0:296, ack 1, win 256, length 296: HTTP: GET /user.php?f=2.gif HTTP/1.1 E..P.F@…+….f/Z.q.~.P…….gP…7K..GET /user.php?f=2.gif HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: voperforseanx.top Connection: Keep-Alive   2017-03-24 21:34:18.965418 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 84798, win 32768, length 0 E..(2.@…s….f.O……1.B…b^P…R……… 2017-03-24 21:34:18.965823 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 86258, win 32768, length 0 E..(2.@…s….f.O……1.B…h.P…M……… 2017-03-24 21:34:18.966006 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 87718, win 32768, length 0 E..(2.@…s….f.O……1.B…m.P…GM…….. 2017-03-24 21:34:18.969465 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags […]