Jadtre Unknown Malware Trojan Traffic Analysis PCAP file download sample mbfce24rgn65bx3g.er29sl.com

Download Attachments

  • 1 pcap readdat
    Date added: January 24, 2017 2:39 am Added by: admin File size: 25 KB Downloads: 78
SHA256: 065fdaa90c06c60f77fcae1420b1612eb266e55bbd417f60cedd33014be30529
File name: read.php?f=0.dat
Detection ratio: 5 / 55
Analysis date: 2017-01-24 02:35:57 UTC ( 0 minutes ago )

 

Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170123
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.RZM 20170124
Fortinet W32/Kryptik.FNGP!tr 20170124
Invincea virus.win32.jadtre.b 20170111

2017-01-23 20:52:10.544193 IP 192.168.1.102.50465 > 54.165.109.229.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..Lj.@…(….f6.m..!.P….k   ~.P…….GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: smoeroota.top
Connection: Keep-Alive

2017-01-23 20:52:40.577524 IP 192.168.1.102.63681 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y     …fKKKK…5.7…:………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:42.546840 IP 192.168.1.102.63682 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7…:………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:42.577669 IP 192.168.1.102.63681 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7…:………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:43.189174 IP 192.168.1.102.58262 > 75.75.75.75.53: 3995+ A? mbfce24rgn65bx3g.rzunt3u2.com.hsd1.md.comcast.net. (67)
E.._h…..x….fKKKK…5.K……………mbfce24rgn65bx3g.rzunt3u2.com.hsd1.md.comcast.net…..
2017-01-23 20:52:43.219805 IP 192.168.1.102.58262 > 75.75.76.76.53: 3995+ A? mbfce24rgn65bx3g.rzunt3u2.com.hsd1.md.comcast.net. (67)
E.._Rh………fKKLL…5.K……………mbfce24rgn65bx3g.rzunt3u2.com.hsd1.md.comcast.net…..
2017-01-23 20:52:43.262040 IP 192.168.1.102.58263 > 75.75.75.75.53: 60265+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7…i………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:44.261950 IP 192.168.1.102.58264 > 75.75.75.75.53: 60265+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7…i………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:44.286235 IP 192.168.1.102.58265 > 75.75.75.75.53: 56789+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7.m………….mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:44.558174 IP 192.168.1.102.63682 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..y….fKKKK…5.7…:………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:45.277355 IP 192.168.1.102.58263 > 75.75.76.76.53: 60265+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..KRm………fKKLL…5.7…i………..mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:45.277609 IP 192.168.1.102.58266 > 75.75.75.75.53: 56789+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47)
E..Kh…..x….fKKKK…5.7.l………….mbfce24rgn65bx3g.rzunt3u2.com…..
2017-01-23 20:52:45.413254 IP 192.168.1.102.58267 > 75.75.75.75.53: 65171+ A? mbfce24rgn65bx3g.er29sl.com. (45)
E..Ih…..y….fKKKK…5.5E…………..mbfce24rgn65bx3g.er29sl.com…..
2017-01-23 20:52:45.719634 IP 192.168.1.102.50468 > 54.175.146.166.80: Flags [S], seq 1019927426, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4qg@……..f6….$.P<……… ……………..
2017-01-23 20:52:45.754349 IP 192.168.1.102.50468 > 54.175.146.166.80: Flags [.], ack 853700286, win 256, length 0
E..(qh@……..f6….$.P<…2.n.P………….
2017-01-23 20:52:45.756985 IP 192.168.1.102.50468 > 54.175.146.166.80: Flags [P.], seq 0:94, ack 1, win 256, length 94: HTTP: POST / HTTP/1.1
E…qi@……..f6….$.P<…2.n.P…l|..POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.com
Content-Length: 167
Connection: close

Leave a Reply