Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

Dark Komet Dark Comet Trojan RAT Keylogger Malware 1234.exe PCAP File Download Traffic Analysis fadei.ddns.net 193.107.229.118

Download Attachments

  • 1 pcap 1234
    Date added: January 16, 2017 7:10 am Added by: admin File size: 25 KB Downloads: 79
SHA256: 0d5bb125f1cc9796950ce0246386176de8c19f13d702b42a290cac408f954756
File name: 1234.exe
Detection ratio: 55 / 57
Analysis date: 2017-01-16 07:08:30 UTC ( 0 minutes ago )
AegisLab Backdoor.W32.Darkkomet!c 20170116
AhnLab-V3 Win-Trojan/Keylogger.679832 20170116
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet.xyk 20170116
Arcabit Trojan.Inject.AUZ 20170116
Avast MSIL:GenMalicious-CHX [Trj] 20170116
Avira (no cloud) BDS/DarkKomet.GR 20170116
Baidu Win32.Backdoor.Agent.l 20170116
BitDefender Trojan.Inject.AUZ 20170116
Bkav W32.OnGamesLTKVPOK.Trojan 20170114
CAT-QuickHeal Backdoor.Fynloski.A9 20170116
CMC Backdoor.Win32.DarkKomet!O 20170115
ClamAV Win.Trojan.DarkKomet-1 20170116
Comodo Backdoor.Win32.Agent.XAB 20170116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Downloader.C.gen!Eldorado 20170116
DrWeb BackDoor.Comet.2020 20170116
ESET-NOD32 Win32/Fynloski.AA 20170116
Emsisoft Trojan.Inject.AUZ (B) 20170116
F-Prot W32/Downloader.C.gen!Eldorado 20170116

2017-01-16 00:25:33.154789 IP 192.168.1.102.63378 > 85.25.195.45.80: Flags [P.], seq 0:305, ack 1, win 256, length 305: HTTP: GET /files/2/wg67q6c6wrtdjg/1234.exe HTTP/1.1
E..Ymx@……..fU..-…P…7.]..P…K…GET /files/2/wg67q6c6wrtdjg/1234.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: d2.share.az
Connection: Keep-Alive

2017-01-16 00:25:44.415784 IP 192.168.1.102.59565 > 75.75.75.75.53: 49661+ A? fadei.ddns.net. (32)
E..<………..fKKKK…5.(p…………..fadei.ddns.net…..
2017-01-16 00:25:44.448804 IP 192.168.1.102.63379 > 193.107.229.118.1604: Flags [S], seq 435410989, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gF@…*….f.k.v…D…-…… ..&…………..
2017-01-16 00:25:47.460619 IP 192.168.1.102.63379 > 193.107.229.118.1604: Flags [S], seq 435410989, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gG@…*….f.k.v…D…-…… ..&…………..
2017-01-16 00:25:53.474656 IP 192.168.1.102.63379 > 193.107.229.118.1604: Flags [S], seq 435410989, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0gH@…*….f.k.v…D…-….p. .
6……….
2017-01-16 00:26:05.628810 IP 192.168.1.102.59566 > 75.75.75.75.53: 64341+ A? fadei.ddns.net. (32)
E..<…….-…fKKKK…5.(7M.U………..fadei.ddns.net…..
2017-01-16 00:26:05.647153 IP 192.168.1.102.63380 > 193.107.229.118.1605: Flags [S], seq 351814745, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gI@…*….f.k.v…E..DY…… ……………..
2017-01-16 00:26:08.648694 IP 192.168.1.102.63380 > 193.107.229.118.1605: Flags [S], seq 351814745, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gJ@…*….f.k.v…E..DY…… ……………..
2017-01-16 00:26:14.663492 IP 192.168.1.102.63380 > 193.107.229.118.1605: Flags [S], seq 351814745, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0gK@…*….f.k.v…E..DY….p. ………….
2017-01-16 00:26:15.211064 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 2267914923, win 254, length 0
E..(+,@…V….f4U.q….”.&..-..P….m……..
2017-01-16 00:26:26.810648 IP 192.168.1.102.59567 > 75.75.75.75.53: 38229+ A? fadei.ddns.net. (32)
E..<…….,…fKKKK…5.(.L.U………..fadei.ddns.net…..
2017-01-16 00:26:26.837097 IP 192.168.1.102.63381 > 193.107.229.118.200: Flags [S], seq 2083604194, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gL@…*….f.k.v….|1F……. .*……………
2017-01-16 00:26:29.846571 IP 192.168.1.102.63381 > 193.107.229.118.200: Flags [S], seq 2083604194, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gM@…*….f.k.v….|1F……. .*……………
2017-01-16 00:26:35.861362 IP 192.168.1.102.63381 > 193.107.229.118.200: Flags [S], seq 2083604194, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0gN@…*….f.k.v….|1F…..p. .>………..
2017-01-16 00:26:48.060851 IP 192.168.1.102.59568 > 75.75.75.75.53: 54009+ A? fadei.ddns.net. (32)
E..<…….+…fKKKK…5.(_…………..fadei.ddns.net…..
2017-01-16 00:26:48.087324 IP 192.168.1.102.63382 > 193.107.229.118.1604: Flags [S], seq 3037348671, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gO@…*….f.k.v…D.
C?…… ……………..
2017-01-16 00:26:51.097957 IP 192.168.1.102.63382 > 193.107.229.118.1604: Flags [S], seq 3037348671, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4gP@…*….f.k.v…D.
C?…… ……………..
2017-01-16 00:26:57.112656 IP 192.168.1.102.63382 > 193.107.229.118.1604: Flags [S], seq 3037348671, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0gQ@…*….f.k.v…D.
C?….p…$
……….

Leave a Reply