Fraser.exe Malware Trojan Downloader Dropper asril4646.hopto.org PCAP File Download Traffic Analysis

2017-01-15 23:32:14.584440 IP 192.168.1.102.62766 > 192.0.77.17.80: Flags [P.], seq 0:306, ack 1, win 256, length 306: HTTP: GET /6yIk9wSjWP.exe?download=Fraser.exe HTTP/1.1
E..Zff@……..f..M….P..l…..P….o..GET /6yIk9wSjWP.exe?download=Fraser.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: cldup.com
Connection: Keep-Alive

2017-01-15 23:32:29.957578 IP 192.168.1.102.50135 > 75.75.75.75.53: 49661+ A? asril4646.hopto.org. (37)
E..A.!………fKKKK…5.-p………….        asril4646.hopto.org…..
2017-01-15 23:32:29.993815 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….2…f.T.I.>….f……. ……………..
2017-01-15 23:32:30.669691 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….1…f.T.I.>….f……. ……………..
2017-01-15 23:32:31.343371 IP 192.168.1.102.62782 > 185.84.181.73.3478: Flags [S], seq 318334479, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@….4…f.T.I.>….f…..p. ………….
2017-01-15 23:32:31.945681 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@…./…f.T.I.?..~.h……. .4……………
2017-01-15 23:32:32.615504 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@……..f.T.I.?..~.h……. .4……………
2017-01-15 23:32:33.295177 IP 192.168.1.102.62783 > 185.84.181.73.3478: Flags [S], seq 2125490187, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@….1…f.T.I.?..~.h…..p. .H………..
2017-01-15 23:32:33.919261 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….,…f.T.I.@….$……. .C……………
2017-01-15 23:32:34.598590 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..40.@….+…f.T.I.@….$……. .C……………
2017-01-15 23:32:35.269234 IP 192.168.1.102.62784 > 185.84.181.73.3478: Flags [S], seq 3001689288, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..00.@……..f.T.I.@….$…..p. .W………..
2017-01-15 23:32:45.448924 IP 192.168.1.102.50136 > 75.75.75.75.53: 38377+ A? asril4646.hopto.org. (37)
E..A.”………fKKKK…5.-.,…………        asril4646.hopto.org…..

Please follow and like us: