CERBER Ransomware Zerber Malware Trojan 91.239.25.* UDP 6892 P2P PCAP File download Traffic Sample yFrtEfjW.exe

Download Attachments

  • 1 pcap nn
    Date added: January 16, 2017 6:19 am Added by: admin File size: 57 KB Downloads: 63
SHA256: 52696043b80ce16e79b298d11222c0c218fefec65656ea491d69502ab5929b07
File name: yFrtEfjW.exe
Detection ratio: 41 / 57
Analysis date: 2017-01-16 06:16:09 UTC ( 0 minutes ago )
d-Aware Trojan.GenericKD.4155332 20170116
AegisLab Troj.Ransom.W32.Zerber!c 20170114
AhnLab-V3 Trojan/Win32.Cerber.C1738065 20170115
Arcabit Trojan.Generic.D3F67C4 20170116
Avast Win32:Malware-gen 20170116
Avira (no cloud) TR/Crypt.Xpack.llhow 20170115
BitDefender Trojan.GenericKD.4155332 20170116
Bkav HW32.Packed.C236 20170114
CAT-QuickHeal Ransom.Cerber.B 20170116
ClamAV Win.Trojan.Agent-5550537-0 20170116
Comodo TrojWare.Win32.UMal.kvgbg 20170116
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20161024
Cyren W32/Trojan.MLLM-7415 20170116
DrWeb Trojan.Encoder.7453 20170116
ESET-NOD32 Win32/Filecoder.Cerber.E 20170116
Emsisoft Trojan.GenericKD.4155332 (B) 20170116
F-Secure Trojan.GenericKD.4155332 20170116
Fortinet W32/Injector.OV!tr 20170116

2017-01-16 00:01:29.994688 IP 192.168.1.102.63128 > 69.39.232.93.80: Flags [P.], seq 0:324, ack 1, win 256, length 324: HTTP: GET /wp-content/themes/sketch/0Infqw0N/yFrtEfjW.exe HTTP/1.1
E..l9F@……..fE’.]…P.#.;..{6P….X..GET /wp-content/themes/sketch/0Infqw0N/yFrtEfjW.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: starrymusic.net
Connection: Keep-Alive
2017-01-16 00:01:46.602876 IP 192.168.1.102.63126 > 137.74.93.42.80: Flags [.], ack 4030, win 256, length 0
E..(.T@…8….f.J]*…P…..k..P….2……..
2017-01-16 00:01:47.750594 IP 192.168.1.102.65032 > 15.44.20.0.6892: UDP, length 25
E..5u……….f.,…….!.%22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750651 IP 192.168.1.102.65032 > 15.44.20.1.6892: UDP, length 25
E..5:1…..L…f.,…….!.$22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750701 IP 192.168.1.102.65032 > 15.44.20.2.6892: UDP, length 25
E..5RW…..%…f.,…….!.#22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750751 IP 192.168.1.102.65032 > 15.44.20.3.6892: UDP, length 25
E..5……8….f.,…….!.”22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750755 IP 192.168.1.102.65032 > 15.44.20.4.6892: UDP, length 25
E..5&k….0….f.,…….!.!22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750804 IP 192.168.1.102.65032 > 15.44.20.5.6892: UDP, length 25
E..5i……….f.,…….!. 22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750897 IP 192.168.1.102.65032 > 15.44.20.6.6892: UDP, length 25
E..5……T….f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750900 IP 192.168.1.102.65032 > 15.44.20.7.6892: UDP, length 25
E..5N   …..n…f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.750964 IP 192.168.1.102.65032 > 15.44.20.8.6892: UDP, length 25
E..5……9….f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751015 IP 192.168.1.102.65032 > 15.44.20.9.6892: UDP, length 25
E..5S……….f.,.     …..!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751069 IP 192.168.1.102.65032 > 15.44.20.10.6892: UDP, length 25
E..5;……….f.,.
…..!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751118 IP 192.168.1.102.65032 > 15.44.20.11.6892: UDP, length 25
E..5t&…..L…f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751169 IP 192.168.1.102.65032 > 15.44.20.12.6892: UDP, length 25
E..5O……….f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751219 IP 192.168.1.102.65032 > 15.44.20.13.6892: UDP, length 25
E..5.6….V;…f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751221 IP 192.168.1.102.65032 > 15.44.20.14.6892: UDP, length 25
E..5hZ………f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751281 IP 192.168.1.102.65032 > 15.44.20.15.6892: UDP, length 25
E..5(……k…f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.751338 IP 192.168.1.102.65032 > 15.44.20.16.6892: UDP, length 25
E..5A……….f.,…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752006 IP 192.168.1.102.65032 > 16.43.12.0.6892: UDP, length 25
E..5″g….;….f.+…….!.&22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752065 IP 192.168.1.102.65032 > 16.43.12.1.6892: UDP, length 25
E..5m……….f.+…….!.%22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752129 IP 192.168.1.102.65032 > 16.43.12.2.6892: UDP, length 25
E..5……W….f.+…….!.$22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752131 IP 192.168.1.102.65032 > 16.43.12.3.6892: UDP, length 25
E..5J……w…f.+…….!.#22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752195 IP 192.168.1.102.65032 > 16.43.12.4.6892: UDP, length 25
E..5q……….f.+…….!.”22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752256 IP 192.168.1.102.65032 > 16.43.12.5.6892: UDP, length 25
E..5>5…..E…f.+…….!.!22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752306 IP 192.168.1.102.65032 > 16.43.12.6.6892: UDP, length 25
E..5V[………f.+…….!. 22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752308 IP 192.168.1.102.65032 > 16.43.12.7.6892: UDP, length 25
E..5……C….f.+…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752357 IP 192.168.1.102.65032 > 16.43.12.8.6892: UDP, length 25
E..5K……….f.+…….!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752419 IP 192.168.1.102.65032 > 16.43.12.9.6892: UDP, length 25
E..5.2….YD…f.+.     …..!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:47.752483 IP 192.168.1.102.65032 > 16.43.12.10.6892: UDP, length 25
E..5lV………f.+.
…..!..22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.758846 IP 192.168.1.102.65032 > 91.239.25.242.6892: UDP, length 25
E..5L……….f[……..!.o22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.758909 IP 192.168.1.102.65032 > 91.239.25.243.6892: UDP, length 25
E..5…….:…f[……..!.n22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.758966 IP 192.168.1.102.65032 > 91.239.25.244.6892: UDP, length 25
E..58……….f[……..!.m22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.758971 IP 192.168.1.102.65032 > 91.239.25.245.6892: UDP, length 25
E..5…….(…f[……..!.l22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759037 IP 192.168.1.102.65032 > 91.239.25.246.6892: UDP, length 25
E..5………..f[……..!.k22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759093 IP 192.168.1.102.65032 > 91.239.25.247.6892: UDP, length 25
E..5`k…..X…f[……..!.j22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759098 IP 192.168.1.102.65032 > 91.239.25.248.6892: UDP, length 25
E..5………..f[……..!.i22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759144 IP 192.168.1.102.65032 > 91.239.25.249.6892: UDP, length 25
E..5M……….f[……..!.h22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759209 IP 192.168.1.102.65032 > 91.239.25.250.6892: UDP, length 25
E..55……….f[……..!.g22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759215 IP 192.168.1.102.65032 > 91.239.25.251.6892: UDP, length 25
E..5jh…..W…f[……..!.f22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759308 IP 192.168.1.102.65032 > 91.239.25.252.6892: UDP, length 25
E..5a……….f[……..!.e22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759313 IP 192.168.1.102.65032 > 91.239.25.253.6892: UDP, length 25
E..5.\…..a…f[……..!.d22cf9e2fd015008e9501000b2
2017-01-16 00:01:48.759361 IP 192.168.1.102.65032 > 91.239.25.254.6892: UDP, length 25
E..5.8………f[……..!.c22cf9e2fd015008e9501000b2
2017-01-16 00:01:49.749932 IP 192.168.1.102.65032 > 91.239.25.255.6892: UDP, length 25
E..59……9…f[……..!.b22cf9e2fd015008e9501000b2

Leave a Reply