Locky Crypt Ransomware Trojan Malware Traffic Analysis PCAP file download 2016-10-27

Download Attachments

  • 1 pcap conserpa
    Date added: October 28, 2016 1:14 am Added by: admin File size: 15 KB Downloads: 110
SHA256: 47920080055e1707943b1f993ad547e3b0ea0d1a15ff825c500ad5f934c082e6
File name: GHBuyd472?kTWXhebIfE=DvNOqYLy
Detection ratio: 50 / 56
Analysis date: 2016-10-28 01:11:25 UTC ( 0 minutes ago )
Antivirus Result Update
ALYac Trojan.Ransom.LockyCrypt 20161028
AVG Ransom_r.ACW 20161028
AVware Win32.Malware!Drop 20161027
Ad-Aware Trojan.Generic.17941000 20161028
AegisLab Heur.Advml.Gen!c 20161027
AhnLab-V3 Trojan/Win32.Locky.N2088417378 20161027
Antiy-AVL Trojan[Spy]/Win32.Zbot 20161027
Arcabit Trojan.Generic.D111C208 20161028
Avast Win32:Malware-gen 20161027
Avira (no cloud) TR/Crypt.Xpack.nvmw 20161027
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161027
BitDefender Trojan.Generic.17941000 20161028
Bkav W32.Clod8c1.Trojan.b2ae 20161027
CAT-QuickHeal TrojanSpy.Zbot 20161027

 

2016-10-27 18:49:28.308802 IP 192.168.1.102.55548 > 200.83.4.62.80: Flags [P.], seq 0:318, ack 1, win 256, length 318: HTTP: GET /GHBuyd472?kTWXhebIfE=DvNOqYLy HTTP/1.1
E..feA@……..f.S.>…P..2…l.P…….GET /GHBuyd472?kTWXhebIfE=DvNOqYLy HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: conserpa.vtrbandaancha.net
Connection: Keep-Alive

2016-10-27 18:49:28.466753 IP 192.168.1.102.55548 > 200.83.4.62.80: Flags [.], ack 1733, win 256, length 0
E..(eB@……..f.S.>…P..3E..s.P…=………

E..(e.@……..f.S.>…P…….`P…Y………
2016-10-27 18:49:34.500099 IP 192.168.1.102.55550 > 200.83.4.62.80: Flags [P.], seq 0:209, ack 1, win 256, length 209: HTTP: GET /favicon.ico HTTP/1.1
E…e.@……..f.S.>…P…….`P…K…GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: conserpa.vtrbandaancha.net
Connection: Keep-Alive

2016-10-27 18:49:34.672240 IP 192.168.1.102.55549 > 54.230.143.26.443: Flags [.], ack 3908, win 253, length 0
E..(*.@…G….f6………-0X.&`P….N……..
2016-10-27 18:49:34.688676 IP 192.168.1.102.55550 > 200.83.4.62.80: Flags [.], ack 483, win 254, length 0

E..(2m@….D…f…….Po.l….lP…i$……..
2016-10-27 18:50:13.409115 IP 192.168.1.102.55556 > 184.25.181.246.80: Flags [P.], seq 0:122, ack 1, win 256, length 122: HTTP: GET /api/1.0/getTileUpdate(en-US) HTTP/1.1
E…2n@……..f…….Po.l….lP….X..GET /api/1.0/getTileUpdate(en-US) HTTP/1.1
Connection: Keep-Alive
User-Agent: Microsoft-WNS/10.0
Host: sway-cdn.com

 

2016-10-27 18:50:13.516825 IP 192.168.1.102.55555 > 104.97.102.12.443: Flags [.], ack 6841, win 256, length 0
E..(#.@…G?…fhaf…….VW5…P….a……..
2016-10-27 18:50:13.518334 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [.], ack 4771, win 256, length 0
E..(2s@….>…f……..,2.5….P…!………
2016-10-27 18:50:13.526909 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [P.], seq 189:315, ack 4771, win 256, length 126
E…2t@……..f……..,2.5….P………..F…BA……I….B..G….=..*.:2w&_.C..n..43Z<3BC.  ..IV-.-…..H.5d…………..(……..X…….{b..2.p.C. =.)..[wE+.J..
2016-10-27 18:50:13.549514 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [P.], seq 315:466, ack 5013, win 255, length 151
E…2u@……..f……..,2……P….
……………Nt.,.k]6..:…..w.I[…..e…U..N^….[……b.0..”23.zX.mx…….U…d_wV9..ROX..t.’.o.p…V5..#O
PLlxx.Y.?.x.:……v.n.2J..f..^3……`
2016-10-27 18:50:13.614310 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [.], ack 5749, win 252, length 0
E..(2v@….;…f……..,2.J….P………….
2016-10-27 18:50:48.349458 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [P.], seq 111:135, ack 105, win 32553, length 24
E..@/.@……..fl..r…2!>.a….P..).E…0………………….
2016-10-27 18:50:48.477346 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [.], ack 129, win 32547, length 0
E..(/.@……..fl..r…2!>.y….P..#no……..
2016-10-27 18:51:10.258770 IP 192.168.1.102.55556 > 184.25.181.246.80: Flags [.], ack 198, win 255, length 0
E..(2w@….:…f…….Po.m\…1P…g………
2016-10-27 18:51:10.258814 IP 192.168.1.102.55556 > 184.25.181.246.80: Flags [F.], seq 122, ack 198, win 255, length 0
E..(2x@….9…f…….Po.m\…1P…g………
2016-10-27 18:51:13.565653 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [F.], seq 466, ack 5749, win 252, length 0
E..(2y@….8…f……..,2.J….P………….
2016-10-27 18:51:13.566012 IP 192.168.1.102.55555 > 104.97.102.12.443: Flags [F.], seq 468, ack 6841, win 256, length 0
E..(#.@…G>…fhaf…….VW5…P….`……..
2016-10-27 18:51:13.610432 IP 192.168.1.102.55557 > 184.25.181.246.443: Flags [R.], seq 467, ack 5780, win 0, length 0
E..(2z@….7…f……..,2.K….P………….
2016-10-27 18:51:13.622722 IP 192.168.1.102.55555 > 104.97.102.12.443: Flags [R.], seq 469, ack 6872, win 0, length 0
E..(#.@…G=…fhaf…….VX5…P….=……..
2016-10-27 18:51:34.625571 IP 192.168.1.102.55549 > 54.230.143.26.443: Flags [.], ack 3940, win 252, length 0
E..(+.@…G….f6………-0X.&.P…./……..
2016-10-27 18:51:41.851459 IP 192.168.1.102.55519 > 23.211.124.41.80: Flags [.], ack 3863389215, win 256, length 0
E..(S^@…Qg…f..|)…P…..F..P………….
2016-10-27 18:51:41.866952 IP 192.168.1.102.55521 > 23.211.124.41.80: Flags [.], ack 1022801911, win 251, length 0
E..(S_@…Qf…f..|)…P2. N<…P…7………
2016-10-27 18:51:43.451201 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [P.], seq 135:159, ack 129, win 32547, length 24
E..@/.@……..fl..r…2!>.y….P..#…..0………………….
2016-10-27 18:51:43.585628 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [.], ack 153, win 32541, length 0
E..(/.@……..fl..r…2!>……P…nE……..
2016-10-27 18:52:38.562534 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [P.], seq 159:183, ack 153, win 32541, length 24
E..@/.@……..fl..r…2!>……P……..0………………….
2016-10-27 18:52:38.698905 IP 192.168.1.102.53911 > 108.168.236.114.5938: Flags [.], ack 177, win 32535, length 0
E..(/.@……..fl..r…2!>……P…n………

Share

Leave a Reply