eskulanscoop.com / result Trojan Ransomware Locky Malware PCAP file download traffic sample

Download Attachments

  • 1 pcap result
    Date added: January 16, 2017 6:06 am Added by: admin File size: 16 KB Downloads: 54
SHA256: a406a67e5620bbe79026546e3889375497611955ff5248e9bdfef857982f26ba
File name: result
Detection ratio: 15 / 55
Analysis date: 2017-01-16 06:02:28 UTC ( 0 minutes ago )
ALYac Trojan.Ransom.BHJ 20170116
Ad-Aware Trojan.Ransom.BHJ 20170116
AhnLab-V3 BinImage/Lockyenc 20170115
Arcabit Trojan.Ransom.BHJ 20170116
BitDefender Trojan.Ransom.BHJ 20170116
Emsisoft Trojan.Ransom.BHJ (B) 20170116
F-Secure Trojan.Ransom.BHJ 20170116
GData Trojan.Ransom.BHJ 20170116
Ikarus Trojan.Ransom 20170115
McAfee Ransomware-Locky.h!enc 20170108
McAfee-GW-Edition Ransomware-Locky.h!enc 20170116
eScan Trojan.Ransom.BHJ 20170116
Sophos Troj/Locky-YL 20170116
TrendMicro Ransom_LOCKYENC.AEA 20170116
TrendMicro-HouseCall Ransom_LOCKYENC.AEA

2017-01-16 00:22:46.874497 IP 192.168.1.102.63364 > 80.245.38.213.80: Flags [P.], seq 0:285, ack 1, win 256, length 285: HTTP: GET /result HTTP/1.1
E..E/.@….Q…fP.&….P..j…..P…uU..GET /result HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: eskulanscoop.com
Connection: Keep-Alive

2017-01-16 00:24:14.676393 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [S], seq 584917889, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4+”@…V….f4U.q….”.#……. ……………..
2017-01-16 00:24:14.703098 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 2267902686, win 256, length 0
E..(+#@…V….f4U.q….”.#..-r.P….Q……..
2017-01-16 00:24:14.703761 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [P.], seq 0:186, ack 1, win 256, length 186
E…+$@…V….f4U.q….”.#..-r.P….q…………….P..-.!U…1…..DLD.;GF……….0.(…/.’…..k.9…g.3…..n………client-cf.dropbox.com………
……………………… .
.#….. …………………………..
2017-01-16 00:24:14.730223 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 2921, win 256, length 0
E..(+%@…V….f4U.q….”.$<.-~FP…./……..
2017-01-16 00:24:14.734575 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [P.], seq 186:312, ack 3006, win 256, length 126
E…+&@…VW…f4U.q….”.$<.-~.P………..F…BA..G.9..\….4<RD..\P_C.x~…Q..E.b.C`.`..rF…g.d#/.N.%m.&`(……………(..<.iB/K.n;o{..JB…3T`\T8.wQj3….[….
2017-01-16 00:24:14.756156 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [P.], seq 312:793, ack 3248, win 255, length 481
E.. +’@…T….f4U.q….”.$..-..P…1……….<.iB/L.K…..u….n………D.3ct”i.lm!.O….]….Bb…..@4`C..W……C.#..hr.e…2F…gE……=…HdB……x-.=…_.[…@……….L.be%..].”9….u.|0…&48+…..&.%…6…-…4IS..c.5…..
……g……Q..*..]..0.MA.e…3.j…?0….C.M.~….1…..GI..*.#……
.#.C..t…)…V.L…..iC.n#.N.8.+.!L’..o.0..B&…!`Zj.P..L.7.N…i…..-@<.+.jgb.=#..W..2a*.”mA..j
.%….|?p….2…..$…z>n.<9.J…..W’….3*~it/.C.F…J#[4..%…,.Y…Gn;.’.,..i.%/.ZA…….wJ..|..`….^m~..L
2017-01-16 00:24:15.211590 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 6168, win 256, length 0
E..(+(@…V….f4U.q….”.&..-..P….!……..
2017-01-16 00:24:15.212941 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 9088, win 256, length 0
E..(+)@…V….f4U.q….”.&..-.]P………….
2017-01-16 00:24:15.213939 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 11637, win 256, length 0
E..(+*@…V….f4U.q….”.&..-.RP………….
2017-01-16 00:24:15.214333 IP 192.168.1.102.63367 > 52.85.130.113.443: Flags [.], ack 12206, win 254, length 0
E..(++@…V….f4U.q….”.&..-..P………….
2017-01-16 00:24:16.141263 IP 192.168.1.102.65528 > 75.75.75.75.53: 12712+ A? cdn.content.prod.cms.msn.com. (46)
E..J…….-…fKKKK…5.6UM1…………cdn.content.prod.cms.msn.com…..
2017-01-16 00:24:16.154875 IP 192.168.1.102.65295 > 75.75.75.75.53: 19574+ A? tile-service.weather.microsoft.com. (52)
E..P…….&…fKKKK…5.<#MLv………..tile-service.weather microsoft.com…..
2017-01-16 00:24:16.155476 IP 192.168.1.102.64055 > 75.75.75.75.53: 20425+ A? cdn.onenote.net. (33)
E..=…….8…fKKKK.7.5.)0cO…………cdn.onenote.net…..
2017-01-16 00:24:16.155826 IP 192.168.1.102.55017 > 75.75.75.75.53: 59260+ A? service.weather.microsoft.com. (47)
E..K…….)…fKKKK…5.7%..|………..service.weather microsoft.com…..
2017-01-16 00:24:16.164962 IP 192.168.1.102.63368 > 23.205.208.55.80: Flags [S], seq 1224777799, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4`.@……..f…7…PI..G…… ……………..
2017-01-16 00:24:16.165119 IP 192.168.1.102.63369 > 23.205.208.55.80: Flags [S], seq 3763110570, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4`.@……..f…7…P.L…….. .J,…………..
2017-01-16 00:24:16.184650 IP 192.168.1.102.55017 > 75.75.76.76.53: 59260+ A? service.weather.microsoft.com. (47)
E..KrE….n….fKKLL…5.7$..|………..service.weather microsoft.com…..
2017-01-16 00:24:16.184656 IP 192.168.1.102.64055 > 75.75.76.76.53: 20425+ A? cdn.onenote.net. (33)
E..=rF….n….fKKLL.7.5.)/bO…………cdn.onenote.net…..
2017-01-16 00:24:16.184658 IP 192.168.1.102.65295 > 75.75.76.76.53: 19574+ A? tile-service.weather.microsoft.com. (52)
E..PrG….n….fKKLL…5.<“LLv………..tile-service.weather microsoft.com…..
2017-01-16 00:24:16.187123 IP 192.168.1.102.63371 > 23.205.208.36.443: Flags [S], seq 531787755, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4$K@…,y…f…$……o……. ..,…………..
2017-01-16 00:24:16.187502 IP 192.168.1.102.63372 > 104.95.178.202.443: Flags [S], seq 427651999, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..46.@……..fh_…….}s……. ..s…………..

2017-01-16 00:24:16.254235 IP 192.168.1.102.63372 > 104.95.178.202.443: Flags [P.], seq 0:192, ack 1, win 256, length 192
E…6.@……..fh_…….}s…<zP…&J………….X|X…..K.qJ…k.Ig..k…/..=…..8.,.+.0./…..$.#.(.’.
.       …..9.3…..=.<.5./.
.j.@.8.2…..V………cdn.onenote.net……….
…………………………………#………..
2017-01-16 00:24:16.254393 IP 192.168.1.102.63371 > 23.205.208.36.443: Flags [P.], seq 0:206, ack 1, win 256, length 206
E…$Q@…+….f…$……o..w..P….x………….X|X.eM.{.r….j….-..=….X..S\..8.,.+.0./…..$.#.(.’.
.       …..9.3…..=.<.5./.
.j.@.8.2…..d…”. …service.weather.microsoft.com……….
…………………………………#………..
2017-01-16 00:24:16.284044 IP 192.168.1.102.63368 > 23.205.208.55.80: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {1461:1607}], length 0
E..4`.@……..f…7…PI…a
.9………..
a
..a

 

Leave a Reply