batypli3werty.top CERBER Ransomware search.php 1.bin Malware Sample PCAP File Download 94.21.172 UDP 6892

Download Attachments

  • 1 pcap 1bin
    Date added: May 9, 2017 1:01 am Added by: admin File size: 212 KB Downloads: 34
SHA256: 2cdb5263fbffa9c6548f1bc9162357da2b7d164f21dc8c9c0181f6fb13c8d0c7
File name: 1
Detection ratio: 7 / 60
Analysis date: 2017-05-09 00:58:23 UTC ( 0 minutes ago )
Endgame malicious (high confidence) 20170503
Fortinet W32/GenKryptik.AEGQ!tr 20170508
Invincea backdoor.win32.fynloski.k 20170413
Qihoo-360 HEUR/QVM03.0.0439.Malware.Gen 20170509
SentinelOne (Static ML) static engine – malicious 20170330
Sophos Mal/FareitVB-M 20170508
Symantec ML.Attribute.HighConfidence 20170508

2017-05-08 20:05:33.365354 IP 192.168.1.102.54596 > 47.91.89.227.80: Flags [P.], seq 0:401, ack 1, win 256, length 401: HTTP: GET /search.php HTTP/1.1
E…~.@…/’…f/[Y..D.Pf.N…ZlP…….GET /search.php HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: batypli3werty.top
Connection: Keep-Alive

 

2017-05-08 20:08:04.483174 IP 192.168.1.102.52753 > 94.21.172.14.6893: UDP, length 27
E..7j……….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.483295 IP 192.168.1.102.52753 > 94.21.172.15.6893: UDP, length 27
E..7a……….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.483385 IP 192.168.1.102.52753 > 94.21.172.16.6893: UDP, length 27
E..7……W….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.483509 IP 192.168.1.102.52753 > 94.21.172.17.6893: UDP, length 27
E..7 …..N….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.483712 IP 192.168.1.102.52753 > 94.21.172.18.6893: UDP, length 27
E..7S+…..U…f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.483898 IP 192.168.1.102.52753 > 94.21.172.19.6893: UDP, length 27
E..7\>…..A…f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484025 IP 192.168.1.102.52753 > 94.21.172.20.6893: UDP, length 27
E..75u….:     …f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484116 IP 192.168.1.102.52753 > 94.21.172.21.6893: UDP, length 27
E..7>x….1….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484241 IP 192.168.1.102.52753 > 94.21.172.22.6893: UDP, length 27
E..7p……….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484339 IP 192.168.1.102.52753 > 94.21.172.23.6893: UDP, length 27
E..7z……s…f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484508 IP 192.168.1.102.52753 > 94.21.172.24.6893: UDP, length 27
E..7……f….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484662 IP 192.168.1.102.52753 > 94.21.172.25.6893: UDP, length 27
E..7……_….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484782 IP 192.168.1.102.52753 > 94.21.172.26.6893: UDP, length 27
E..7DP….+(…f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.484882 IP 192.168.1.102.52753 > 94.21.172.27.6893: UDP, length 27
E..7Kg….$….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.485003 IP 192.168.1.102.52753 > 94.21.172.28.6893: UDP, length 27
E..7&…..H….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.485093 IP 192.168.1.102.52753 > 94.21.172.29.6893: UDP, length 27
E..7-…..A….f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.485225 IP 192.168.1.102.52753 > 94.21.172.30.6893: UDP, length 27
E..7b……a…f^……..#Y.10eddc95cfdb0091b701000249e
2017-05-08 20:08:04.485341 IP 192.168.1.102.52753 > 94.21.172.31.6893: UDP, length 27
E..7i……E…f^……..#Y
10eddc95cfdb0091b701000249e

 

Leave a Reply