ANDROM Infostealer Lokibot Malware Traffic Sample PCAP file download analysis lamela.hr ertfghgfhgfh.tk POST /Panel/five/fre.php (Charon; Inferno)

SHA256: 6c99dd395a98d20237d05527e84ef8d0d2f9f2a599494ee0632c7bfab2399e33 File name: wire145.exe Detection ratio: 37 / 61 Analysis date: 2017-05-15 02:54:56 UTC ( 0 minutes ago ) Kaspersky Backdoor.Win32.Androm.ngwk 20170515 McAfee Artemis!F65BE5A2E77C 20170515 McAfee-GW-Edition BehavesLike.Win32.Virus.th 20170514 eScan Trojan.GenericKD.5065116 20170515 NANO-Antivirus Trojan.Win32.Androm.eotpjr 20170514 Palo Alto Networks (Known Signatures) generic.ml 20170515 Panda Trj/GdSda.A 20170514 Qihoo-360 Trojan.Generic 20170515 Rising Malware.Generic.3!tfe (cloud:DiQytucAL2U) 20170515 Sophos Mal/Generic-S 20170514 Symantec Infostealer.Lokibot 20170514 Tencent Win32.Trojan.Inject.Auto 20170515 TrendMicro-HouseCall Suspicious_GEN.F47V0513 20170515 VIPRE Trojan.Win32.Generic!BT 20170515 Webroot W32.Trojan.Gen 20170515 ZoneAlarm by Check Point Backdoor.Win32.Androm.ngwk 20170514 2017-05-14 21:26:44.615814 IP 192.168.1.102.58035 > 176.62.8.9.80: Flags [P.], seq 0:394, ack 1, win 256, length 394: HTTP: GET /wire145.exe HTTP/1.1 E…Z.@…$ …f.>.     …P…\i.0UP….c..GET /wire145.exe […]

Farfli/Beaugrit/Redosdru Malware Trojan Downloader Tropper PCAP file download traffic analysis sample svchost.exe GET /NetSyst96.dll aibeichen.tk

SHA256:     0752a3a777360dbbd4ebd344e1f7bf737419d682953762b45508c000db9b1634 File name:     svchost.exe Detection ratio:     50 / 61 Analysis date:     2017-05-15 00:12:16 UTC ( 0 minutes ago ) Ad-Aware     Trojan.GenericKD.4978088     20170514 AegisLab     Backdoor.W32.Farfli!c     20170514 AhnLab-V3     Backdoor/Win32.Farfli.C1945393     20170514 ALYac     Trojan.GenericKD.4978088     20170514 Arcabit     Trojan.Generic.D4BF5A8     20170514 Avast     Win32:Trojan-gen     20170514 AVG     Downloader.Generic14.AKBZ     20170514 Avira (no cloud)     TR/AD.Itagomoko.cducf     20170514 AVware     LooksLike.Win32.Uruasy.b!ag (v)     20170515 Baidu     Win32.Trojan-Downloader.Agent.jm     20170503 BitDefender     Trojan.GenericKD.4978088     20170514 CAT-QuickHeal     Trojan.Redosdru.19849     20170513 Comodo     Backdoor.Win32.Beaugrit.C     20170515 CrowdStrike Falcon (ML)     malicious_confidence_100% (W)     20170130 […]

Possible Kovter Variant exe1.exe Malware Crimeware 223.76.42.85.443 PCAP file download Traffic Analysis Sample

SHA256:     269023640945edff37e0436baf411e3e2d9bf0cec03a8163fbb3379a7d5badb1 File name:     exe1.exe Detection ratio:     22 / 61 Analysis date:     2017-05-15 00:00:24 UTC ( 0 minutes ago ) AVware     Trojan.Win32.Kovter.ab (v)     20170515 Baidu     Win32.Trojan.WisdomEyes.16070401.9500.9999     20170503 Bkav     W32.eHeur.Virus02     20170513 CrowdStrike Falcon (ML)     malicious_confidence_94% (W)     20170130 Cyren     W32/Kovter.T2.gen!Eldorado     20170515 Endgame     malicious (high confidence)     20170503 ESET-NOD32     a variant of Win32/GenKryptik.AGAC     20170515 F-Prot     W32/Kovter.T2.gen!Eldorado     20170514 Fortinet     W32/GenKryptik.AFPN!tr     20170514 Invincea     virus.win32.sality.at     20170413 Kaspersky     UDS:DangerousObject.Multi.Generic     20170514 McAfee     Artemis!DE1F818A287B     20170515 McAfee-GW-Edition     BehavesLike.Win32.BadFile.gc     20170514 Rising    […]

Zusy Malware Trojan Downloader Dropper PCAP file download traffic analysis POST /vad/order.php?page=106 morpoho.club

SHA256:     3977145723a78e6c2f70a2c5b05cc21e0f3a7552f66ae8223ed67c614819e6a4 File name:     8848275c18.exe Detection ratio:     42 / 60 Analysis date:     2017-05-14 22:16:11 UTC ( 0 minutes ago ) Ad-Aware     Gen:Variant.Zusy.236832     20170514 AegisLab     Backdoor.W32.Androm!c     20170514 Antiy-AVL     Trojan[Backdoor]/Win32.Androm     20170514 Arcabit     Trojan.Zusy.D39D20     20170514 Avast     Win32:Malware-gen     20170514 AVG     Inject3.CMBE     20170514 Avira (no cloud)     TR/Dropper.Gen     20170514 AVware     Trojan.Win32.Generic!BT     20170514 Baidu     Win32.Trojan.WisdomEyes.16070401.9500.9986     20170503 BitDefender     Gen:Variant.Zusy.236832     20170514 Bkav     HW32.Packed.6A39     20170513 CrowdStrike Falcon (ML)     malicious_confidence_100% (W)     20170130 DrWeb     Trojan.Inject2.53489     20170514 Emsisoft     Gen:Variant.Zusy.236832 (B)     20170514 […]

Malware Crimeware Kovter Variant Sality PCAP file download Traffic Sample POST 149.7.56.242

SHA256:     2c19e2d256bb104c7cfdc2e832db3ef2b52aa3fb7fb413fafff443767d64ba21 File name:     caa2db.png Detection ratio:     21 / 61 Analysis date:     2017-05-14 22:41:25 UTC ( 0 minutes ago ) AegisLab     Ml.Attribute.Gen!c     20170514 AVware     Trojan.Win32.Kovter.ab (v)     20170514 Baidu     Win32.Trojan.WisdomEyes.16070401.9500.9999     20170503 Bkav     W32.eHeur.Virus02     20170513 CrowdStrike Falcon (ML)     malicious_confidence_95% (W)     20170130 Cyren     W32/Kovter.T2.gen!Eldorado     20170514 Endgame     malicious (high confidence)     20170503 F-Prot     W32/Kovter.T2.gen!Eldorado     20170514 Fortinet     W32/GenKryptik.AFPN!tr     20170514 Invincea     virus.win32.sality.at     20170413 Kaspersky     UDS:DangerousObject.Multi.Generic     20170514 McAfee     Artemis!D5CBA842097F     20170514 McAfee-GW-Edition     BehavesLike.Win32.BadFile.gc     20170514 Palo Alto Networks (Known Signatures) […]