Sage Ransomware 2lm5xNQU.exe 211.114.4.45 UDP/13655 PCAP file download Malware Traffic Analysis

SHA256: 01fd9a6245c93f25ec2202d06bb40dbdcb5a3c1a0e5fb3db54c4d6253f9f7f4c File name: 2lm5xNQU.exe Detection ratio: 52 / 61 Analysis date: 2017-05-21 21:29:52 UTC ( 0 minutes ago ) Ad-Aware Gen:Variant.Ransom.Sage.110 20170521 AegisLab Gen.Variant.Ransom!c 20170521 AhnLab-V3 Trojan/Win32.SageCrypt.R196517 20170521 ALYac Trojan.Ransom.Sage 20170520 Antiy-AVL Trojan/Win32.TSGeneric 20170521 Arcabit Trojan.Ransom.Sage.110 20170521 Avast Win32:Malware-gen 20170521 AVG Ransom_r.BRQ 20170521 Avira (no cloud) TR/Agent.bkkbc 20170521 AVware Trojan.Win32.Generic!BT 20170521 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503 BitDefender Gen:Variant.Ransom.Sage.110 20170521 2017-05-21 15:59:43.097424 IP 192.168.1.102.55377 > 104.24.122.74.80: Flags [P.], seq 0:404, ack 1, win 256, length 404: HTTP: GET /upload/2lm5xNQU.exe HTTP/1.1 E…J(@… ….fh.zJ.Q.Pmj..z..    P…/…GET /upload/2lm5xNQU.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT […]

Razy/Panda Trojan Malware 9z68lXaL.exe PCAP file download traffic analysis sample

SHA256: 904ba982fd067daed01ebcd896a8b8cf3e21e1a4069aadb236825f2f5180e326 File name: 9z68lXaL.exe Detection ratio: 54 / 59 Analysis date: 2017-05-21 21:23:40 UTC ( 1 minute ago )     BitDefender Gen:Variant.Razy.155999 20170521 Bkav W32.TaharaK.Trojan 20170520 CAT-QuickHeal TrojanRansom.Shade 20170520 Comodo TrojWare.Win32.Injector.~DMGM 20170521 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130 Cyren W32/Trojan.TZVH-3564 20170521 DrWeb Trojan.PWS.Panda.9309 20170521 Emsisoft Gen:Variant.Razy.155999 (B) 20170521 Endgame malicious (high confidence) 20170515 ESET-NOD32 a variant of Win32/Injector.DMGM 20170521 F-Secure Gen:Variant.Razy.155999 20170521 2017-05-21 16:06:18.212574 IP 192.168.1.102.55464 > 104.24.123.74.80: Flags [P.], seq 2582031664:2582032130, ack 3928753541, win 541, length 466: HTTP: GET /upload/9z68lXaL.exe HTTP/1.1 E…..@…N….fh.{J…P…0.,..P…….GET /upload/9z68lXaL.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; […]

Kovter Trojan Spyware Malware GET /counter/?2 PCAP file download traffic analysis sample

SHA256: fbaa60f3c1fe06c4082df358914e2b9b9d0424e3ec7029d444002f7b18661af2 File name: 53b165f3d0c8ab.png Detection ratio: 24 / 61 Analysis date: 2017-05-21 21:16:47 UTC ( 0 minutes ago ) AVware Trojan.Win32.Kovter.ab (v) 20170521 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170503 Bkav W32.eHeur.Malware09 20170520 CrowdStrike Falcon (ML) malicious_confidence_96% (W) 20170130 Cyren W32/Kovter.T2.gen!Eldorado 20170521 DrWeb Trojan.SpyBot.702 20170521 Endgame malicious (moderate confidence) 20170515 ESET-NOD32 a variant of Generik.KFLGPVJ 20170521 F-Prot W32/Kovter.T2.gen!Eldorado 20170521 Invincea virus.win32.sality.at 20170519 Kaspersky UDS:DangerousObject.Multi.Generic 20170521 McAfee Artemis!C989202B8A87 20170521 McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20170521 Palo Alto Networks (Known Signatures) generic.ml 20170521 Rising Malware.Generic.1!tfe (cloud:SbVsRCxTH6D) 20170518 Sophos Mal/Kovter-Z 20170521 2017-05-21 15:36:29.671893 IP 192.168.1.102.55249 > 23.229.155.136.80: Flags [P.], seq 0:424, ack 1, win 256, length 424: HTTP: GET […]

Rozena/Ramnit Malware Backdoor Traffic Analysis PCAP file download Sample 176.9.99.134.443

SHA256: 2fc93e30f8823f82a598cfcb4997bfc897d0d7d30e49d329dcb4338a73a86771 File name: 1111.exe Detection ratio: 36 / 61 Analysis date: 2017-05-21 21:07:01 UTC ( 0 minutes ago ) ESET-NOD32 Win32/Rozena.PP 20170521 F-Secure Trojan.GenericKD.5100665 20170521 Fortinet W32/Rozena.PP!tr 20170521 GData Trojan.GenericKD.5100665 20170521 Invincea virus.win32.ramnit.j 20170519 K7GW Trojan ( 004d3c641 ) 20170521 Kaspersky Trojan.Win32.Yakes.thje 20170521 Malwarebytes Backdoor.Bot 20170521 McAfee RDN/Generic.dx 20170521 McAfee-GW-Edition BehavesLike.Win32.Ransom.dh 20170521 eScan Trojan.GenericKD.5100665 20170521 Rising Trojan.Rozena!8.6D (cloud:syeYjLJw0hG) 20170518   2017-05-21 15:53:58.721512 IP 192.168.1.102.55365 > 178.20.153.65.80: Flags [P.], seq 0:396, ack 1, win 256, length 396: HTTP: GET /1111.exe HTTP/1.1 E….*@……..f…A.E.P…Z.;..P…1…GET /1111.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows […]

Zegost/Bjlog 43.252.163.135.8086 www.5173book.com Malware Crimeware PCAP file download Traffic Sample Analysis

SHA256: 745e0a1c522ac9b91ea00198dc89373da7bdb032c56096ba5c3aebc13ad52ad7 File name: he.exe Detection ratio: 60 / 61 Analysis date: 2017-05-21 20:59:17 UTC ( 0 minutes ago ) Ad-Aware Gen:Variant.Zegost.2 20170521 AegisLab Troj.PSW32.W.Bjlog.kZLs 20170521 AhnLab-V3 Trojan/Win32.Bjlog.R2244 20170521 ALYac Gen:Variant.Zegost.2 20170520 Antiy-AVL Trojan[PSW]/Win32.Bjlog.dtwr 20170521 Arcabit Trojan.Zegost.2 20170521 Avast Win32:Zegost-C [Trj] 20170521 AVG Agent_r.AIO 20170521 Avira (no cloud) TR/PSW.Bjlog.lfzb 20170521 AVware Trojan.Win32.Generic.pak!cobra 20170521 Baidu Win32.Backdoor.Zegost.b 20170503 BitDefender Gen:Variant.Zegost.2 20170521 Bkav W32.ZegostQKB.Trojan 20170520 CAT-QuickHeal TrojanDropper.Zegost.C5 20170520 ClamAV Win.Spyware.78740-1 20170521 CMC Trojan-PSW.Win32.Bjlog!O 20170521 Comodo Backdoor.Win32.Zegost.B 20170521   2017-05-21 15:47:58.953388 IP 192.168.1.102.55351 > 192.168.1.100.55555: Flags [P.], seq 1:400, ack 1, win 2053, length 399 E…..@…m@…f…d.7….+..n..P….i..GET /he.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, […]