Swizzor Malware Trojan Downloader Dropper r6.php?cmd=e PCAP file Download Traffic Analysis Sample

SHA256: e94e398e06ea23be9866db444773c1ca16edb0e6042e51878442a4991c17cf4b File name: r6.exe Detection ratio: 19 / 62 Analysis date: 2017-07-06 02:12:20 UTC ( 0 minutes ago ) AegisLab Mal.Swizzor.Gen!c 20170706 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170705 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420 Endgame malicious (high confidence) 20170629 ESET-NOD32 a variant of Win32/Kryptik.FUEK 20170705 Invincea heuristic 20170607 Kaspersky UDS:DangerousObject.Multi.Generic 20170705 McAfee Artemis!081AC2E55C35 20170706 McAfee-GW-Edition BehavesLike.Win32.Dropper.gh 20170705 Qihoo-360 HEUR/QVM10.1.4A81.Malware.Gen 20170706 Rising Trojan.Kryptik!8.8 (cloud:qqKhnl05I8F) 20170706 SentinelOne (Static ML) static engine – malicious 20170516 Sophos Mal/Gozi-C 20170705 Symantec ML.Attribute.HighConfidence 20170705 Tencent Win32.Trojan.Swizzor.Dla 20170706 TrendMicro Mal_Swizzor 20170706 TrendMicro-HouseCall Mal_Swizzor 20170706 2017-07-05 16:38:45.795048 IP 192.168.1.102.50327 > 192.168.1.100.55555: Flags [P.], seq 1:438, ack 1, win 2053, length […]

Cerber Ransomware Malware Crimeware 77.12.57.x 87.98.176.x PCAP txt File Download Traffic Sample

SHA256: 3929550c9f06e66ccf15aca4808fc9e2f21ee14e343a29ac1b3232e402364c57 File name: 1 Detection ratio: 21 / 61 Analysis date: 2017-07-03 22:43:32 UTC ( 0 minutes ago ) AhnLab-V3 Trojan/Win32.Cerber.C2028306 20170703 Avast Win32:Malware-gen 20170703 AVG Win32:Malware-gen 20170703 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170703 Bkav HW32.Packed.4068 20170703 CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420 Cyren W32/Cerber.F.gen!Eldorado 20170703 DrWeb Trojan.Siggen7.24571 20170703 Emsisoft Trojan-Ransom.Cerber (A) 20170703 Endgame malicious (high confidence) 20170629 ESET-NOD32 a variant of Win32/GenKryptik.AMYN 20170703 F-Prot W32/Cerber.F.gen!Eldorado 20170703 Invincea heuristic 20170607 McAfee Ransomware-GAQ!4F796AC47AB1 20170703 Qihoo-360 HEUR/QVM20.1.3E97.Malware.Gen 20170703 Rising Trojan.Kryptik!1.AACA (classic) 20170703 SentinelOne (Static ML) static engine – malicious 20170516 Symantec Ransom.Cerber 20170703 TrendMicro Ransom_HPCERBER.SMALY5A 20170703   2017-07-03 15:56:12.852094 IP 192.168.1.102.60671 > 103.52.216.15.80: Flags […]

Nymeria Trojan Malware AURVIA.exe 213.183.58.9.1981 WannaCry SMB MS17-010 EternalBlue PCAP txt File Traffic Sample Download

SHA256: 61a28dba92fb1dc8bebec84115c934e1eb1b7643b49cf10667a943e819c811ae File name: AURVIA.exe Detection ratio: 45 / 61 Analysis date: 2017-07-03 20:28:12 UTC ( 0 minutes ago ) Ad-Aware AIT:Trojan.Nymeria.109 20170703 AegisLab Troj.W32.Autoit.lZhY 20170703 AhnLab-V3 Trojan/Win32.AutoIt.C2019675 20170703 ALYac AIT:Trojan.Nymeria.109 20170703 Arcabit AIT:Trojan.Nymeria.109 20170703 Avast Win32:Malware-gen 20170703 AVG Win32:Malware-gen 20170703 Avira (no cloud) TR/Worm.ztzxx 20170703 AVware Trojan.Win32.Generic!BT 20170703 BitDefender AIT:Trojan.Nymeria.109 20170703 CMC Trojan.Win32.Generic!O 20170701 Comodo TrojWare.Spy.Autoit.~ 20170703 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420 Cyren W32/Trojan.ULQS-9254 20170703 DrWeb Trojan.MulDrop7.31019 20170703 Emsisoft AIT:Trojan.Nymeria.109 (B) 20170703   2017-07-03 15:42:43.109898 IP 192.168.1.102.60633 > 176.9.21.114.80: Flags [P.], seq 0:407, ack 1, win 256, length 407: HTTP: GET /morgan/AURVIA.exe HTTP/1.1 E…>.@…3$…f.    .r…P.R..o…P…….GET /morgan/AURVIA.exe HTTP/1.1 Accept: […]

CoinMiner app.exe Malware IRC Backdoor Trojan Botnet PCAP File Download Traffic Analysis Sample

SHA256: 8d670eaeecbe0d8bc172560646b86d729b2c80b2f536cd2024a8ae502d89c805 File name: app.exe Detection ratio: 44 / 61 Analysis date: 2017-07-03 22:06:14 UTC ( 0 minutes ago )   Ikarus Trojan.MSIL.CoinMiner 20170703 K7AntiVirus Trojan ( 005104711 ) 20170703 K7GW Trojan ( 005104711 ) 20170703 Kaspersky Trojan.Win32.CoinMiner.qtq 20170703 Malwarebytes Backdoor.Bot 20170703 McAfee RDN/Generic.grp 20170703 McAfee-GW-Edition RDN/Generic.grp 20170703 Microsoft Trojan:Win32/Skeeyah.A!bit 20170703 eScan Gen:Variant.MSILPerseus.107893 20170703 NANO-Antivirus Trojan.Win32.CoinMiner.eqojuk 20170703 Palo Alto Networks (Known Signatures) generic.ml 20170703 Panda Trj/CI.A 20170703 Rising Trojan.CoinMiner!8.30A (cloud:bDpaAd9U5ZE) 20170703 SentinelOne (Static ML) static engine – malicious 20170516 Sophos Mal/Generic-S 20170703 Symantec Trojan.Gen.2 20170703 Tencent Win32.Trojan.Coinminer.Pegd 20170703 TrendMicro TROJ_GEN.R0E9C0PG317 20170703 TrendMicro-HouseCall TROJ_GEN.R0E9C0PG317 20170703 VIPRE Trojan.Win32.Generic!BT 20170703 https://virustotal.com/en/file/8d670eaeecbe0d8bc172560646b86d729b2c80b2f536cd2024a8ae502d89c805/analysis/1499119574/     […]

Razy Trojan Malware oylau2003.ddns.net PCAP File download traffic sample

SHA256: 5e123d4f7b03118196a1f27cfa5a56a3ca8723c3d0e5b02d3719459ab303221b File name: 7c8701febd.exe Detection ratio: 42 / 61 Analysis date: 2017-07-03 22:01:16 UTC ( 0 minutes ago ) Ad-Aware Gen:Variant.Razy.6869 20170703 AegisLab Troj.W32.Gen.mein 20170703 AhnLab-V3 Trojan/Win32.Agent.R202451 20170703 ALYac Gen:Variant.Razy.6869 20170703 Arcabit Trojan.Razy.D1AD5 20170703 Avast Win32:Evo-gen [Susp] 20170703 AVG Win32:Evo-gen [Susp] 20170703 Avira (no cloud) TR/Dropper.Gen 20170703 AVware Trojan.Win32.Generic!BT 20170703 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170703 BitDefender Gen:Variant.Razy.6869 20170703   2017-07-03 15:25:01.264665 IP 192.168.1.102.60223 > 107.154.161.190.80: Flags [P.], seq 0:410, ack 1, win 256, length 410: HTTP: GET /download/7c8701febd.exe HTTP/1.1 E…LY@….u…fk….?.PV..ax…P…S3..GET /download/7c8701febd.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; […]