Text Example

CoinMiner app.exe Malware IRC Backdoor Trojan Botnet PCAP File Download Traffic Analysis Sample

Download Attachments

  • 1 pcap app
    Date added: July 3, 2017 10:11 pm Added by: admin File size: 42 KB Downloads: 170
SHA256: 8d670eaeecbe0d8bc172560646b86d729b2c80b2f536cd2024a8ae502d89c805
File name: app.exe
Detection ratio: 44 / 61
Analysis date: 2017-07-03 22:06:14 UTC ( 0 minutes ago )

 

Ikarus Trojan.MSIL.CoinMiner 20170703
K7AntiVirus Trojan ( 005104711 ) 20170703
K7GW Trojan ( 005104711 ) 20170703
Kaspersky Trojan.Win32.CoinMiner.qtq 20170703
Malwarebytes Backdoor.Bot 20170703
McAfee RDN/Generic.grp 20170703
McAfee-GW-Edition RDN/Generic.grp 20170703
Microsoft Trojan:Win32/Skeeyah.A!bit 20170703
eScan Gen:Variant.MSILPerseus.107893 20170703
NANO-Antivirus Trojan.Win32.CoinMiner.eqojuk 20170703
Palo Alto Networks (Known Signatures) generic.ml 20170703
Panda Trj/CI.A 20170703
Rising Trojan.CoinMiner!8.30A (cloud:bDpaAd9U5ZE) 20170703
SentinelOne (Static ML) static engine – malicious 20170516
Sophos Mal/Generic-S 20170703
Symantec Trojan.Gen.2 20170703
Tencent Win32.Trojan.Coinminer.Pegd 20170703
TrendMicro TROJ_GEN.R0E9C0PG317 20170703
TrendMicro-HouseCall TROJ_GEN.R0E9C0PG317 20170703
VIPRE Trojan.Win32.Generic!BT 20170703

https://virustotal.com/en/file/8d670eaeecbe0d8bc172560646b86d729b2c80b2f536cd2024a8ae502d89c805/analysis/1499119574/

 

 

2017-07-03 15:39:29.122784 IP 192.168.1.102.60543 > 87.236.19.98.80: Flags [P.], seq 0:408, ack 1, win 64240, length 408: HTTP: GET /holyson/app.exe HTTP/1.1
E….j@….q…fW..b…P.c……P…….GET /holyson/app.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: gatsoed9.beget.tech
Connection: Keep-Alive

2017-07-03 15:39:37.174504 IP 192.168.1.102.51863 > 75.75.75.75.53: 20019+ A? iplogger.com. (30)
E..:c2….~….fKKKK…5.&..N3………..iplogger.com…..
2017-07-03 15:39:37.175522 IP 192.168.1.102.51864 > 75.75.75.75.53: 33057+ A? gatsoed9.beget.tech. (37)
E..Ac3….~….fKKKK…5.-…!………..gatsoed9.beget.tech…..
2017-07-03 15:39:37.485660 IP 192.168.1.102.60544 > 87.236.19.98.80: Flags [S], seq 808192539, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.s@……..fW..b…P0,
……. ……………..
2017-07-03 15:39:37.643513 IP 192.168.1.102.60544 > 87.236.19.98.80: Flags [.], ack 4015261327, win 64240, length 0
E..(.t@……..fW..b…P0,
..T..P…j………
2017-07-03 15:39:37.646816 IP 192.168.1.102.60544 > 87.236.19.98.80: Flags [P.], seq 0:80, ack 1, win 64240, length 80: HTTP: GET /AudioHD.exe HTTP/1.1
E..x.u@……..fW..b…P0,
..T..P…….GET /AudioHD.exe HTTP/1.1
Host: gatsoed9.beget.tech
Connection: Keep-Alive

 

2017-07-03 15:40:40.051841 IP 192.168.1.102.60545 > 88.99.66.31.443: Flags [.], ack 6604, win 253, length 0
E..(..@….?…fXcB…..|….<..P…h………
2017-07-03 15:40:54.728442 IP 192.168.1.102.60544 > 87.236.19.98.80: Flags [.], ack 1497873, win 64240, length 0
E..(.B@….1…fW..b…P0,
l.j..P………….
2017-07-03 15:40:56.480813 IP 192.168.1.102.60533 > 212.129.46.191.6666: Flags [.], ack 2319946782, win 252, length 0
E..(..@…0….f…..u.

Leave a Reply