| SHA256: | 2933b492fec30500750c3d5f598bf99fdf976e15dbc8895393b94a91233bd7fc |
| File name: | DICVFL.exe |
| Detection ratio: | 25 / 55 |
| Analysis date: | 2017-01-24 02:29:56 UTC ( 0 minutes ago ) |
| Ad-Aware | Trojan.GenericKD.4218289 | 20170124 |
| AegisLab | Ml.Attribute.Veryhighconfidence.[Heur.Advml!c | 20170123 |
| AhnLab-V3 | Trojan/Win32.Autoit.C1702709 | 20170123 |
| Arcabit | Trojan.Generic.D405DB1 | 20170124 |
| Avast | Other:Malware-gen [Trj] | 20170124 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9784 | 20170123 |
| BitDefender | Trojan.GenericKD.4218289 | 20170124 |
| CMC | Trojan.Win32.Generic!O | 20170123 |
| CrowdStrike Falcon (ML) | malicious_confidence_75% (W) | 20161024 |
| DrWeb | Trojan.DownLoader23.48840 | 20170124 |
| Emsisoft | Trojan.GenericKD.4218289 (B) | 20170124 |
| F-Secure | Trojan.GenericKD.4218289 | 20170124 |
| GData | Trojan.GenericKD.4218289 | 20170124 |
| Ikarus | Trojan.Inject | 20170123 |
| Invincea | worm.win32.moarider.a | 20170111 |
| K7AntiVirus | Trojan ( 004b8bad1 ) | 20170123 |
| K7GW | Trojan ( 004b8bad1 ) | 20170124 |
| Kaspersky | Trojan-PSW.Win32.Autoit.et | 20170124 |
| Malwarebytes | Backdoor.Bot | 20170124 |
| eScan | Trojan.GenericKD.4218289 | 20170124 |
2017-01-23 20:49:50.377649 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [P.], seq 0:299, ack 1, win 256, length 299: HTTP: GET /888/micro/DICVFL.exe HTTP/1.1
E..S=.@…4….f…{…PuC3..9Z.P….$..GET /888/micro/DICVFL.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: lascofittings.cf
Connection: Keep-Alive
2017-01-23 20:49:58.172216 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,.@……..f..:….”..$O…… ……………..
2017-01-23 20:49:58.668336 IP 192.168.1.102.50454 > 216.158.236.123.80: Flags [F.], seq 299, ack 482841, win 891, length 0
E..(>H@…5_…f…{…PuC5
.@..P..{
|……..
2017-01-23 20:50:01.183928 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4, @……..f..:….”..$O…… ……………..
2017-01-23 20:50:07.198638 IP 192.168.1.102.50455 > 213.183.58.12.2082: Flags [S], seq 3473220687, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,!@……..f..:….”..$O….p……………
2017-01-23 20:50:13.670429 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [F.], seq 1554793646, ack 1155943388, win 256, length 0
E..(5.@….R…fh…….\.D.D.K.P….3……..
2017-01-23 20:50:13.670663 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [F.], seq 814848555, ack 2286363549, win 256, length 0
E..(5.@….Q…fh….
..0..+.G#.P………….
2017-01-23 20:50:13.670780 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [F.], seq 883426129, ack 374204385, win 256, length 0
E..(5.@….P…fh…….4..Q.M..P….’……..
2017-01-23 20:50:13.670955 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [F.], seq 1363039211, ack 2644039456, win 256, length 0
E..(5.@….O…fh…….Q>S…. P….s……..
2017-01-23 20:50:13.964345 IP 192.168.1.102.50439 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….N…fh…….Q>S….!P….r……..
2017-01-23 20:50:13.965415 IP 192.168.1.102.50446 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….M…fh…….4..R.M..P….&……..
2017-01-23 20:50:13.966452 IP 192.168.1.102.50445 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….L…fh…….\.D.D.K.P….2……..
2017-01-23 20:50:13.970768 IP 192.168.1.102.50442 > 104.146.164.25.443: Flags [.], ack 2, win 256, length 0
E..(5.@….K…fh….
..0..,.G#.P………….
2017-01-23 20:50:19.120859 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,”@……..f..:….”.N…….. ……………..
2017-01-23 20:50:22.135768 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4,#@……..f..:….”.N…….. ……………..
2017-01-23 20:50:28.137285 IP 192.168.1.102.50460 > 213.183.58.12.2082: Flags [S], seq 3964598830, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0,$@……..f..:….”.N……p……………
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
