Malware file analysis newbos2.exe 201.188.77.28 69.244.12.0 Callback Traffic PCAP file download

2016-09-26 21:02:20.049695 IP 192.168.1.102.58173 > 201.188.77.28.80: Flags [S], seq 1165935139, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…
M…f..M..=.PE~.#…… ……………..
2016-09-26 21:02:22.195319 IP 192.168.1.102.58173 > 201.188.77.28.80: Flags [S], seq 1165935139, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…
L…f..M..=.PE~.#…… ……………..
2016-09-26 21:02:23.429693 IP 192.168.1.102.58173 > 201.188.77.28.80: Flags [S], seq 1165935139, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0..@…
O…f..M..=.PE~.#….p. ………….
2016-09-26 21:02:24.664630 IP 192.168.1.102.58174 > 201.188.77.28.80: Flags [S], seq 2147887176, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…
J…f..M..>.P..(H…… ..K…………..
2016-09-26 21:02:25.804734 IP 192.168.1.102.58174 > 201.188.77.28.80: Flags [S], seq 2147887176, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…
I…f..M..>.P..(H…… ..K…………..
2016-09-26 21:02:26.976626 IP 192.168.1.102.58174 > 201.188.77.28.80: Flags [S], seq 2147887176, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0..@…
L…f..M..>.P..(H….p. ..Z……….
2016-09-26 21:02:27.642182 IP 192.168.1.102.58175 > 69.244.12.0.80: Flags [S], seq 911925547, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4C   @……..fE….?.P6Z.+…… .?……………
2016-09-26 21:02:30.648500 IP 192.168.1.102.58175 > 69.244.12.0.80: Flags [S], seq 911925547, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4C
@……..fE….?.P6Z.+…… .?……………
2016-09-26 21:02:36.648516 IP 192.168.1.102.58175 > 69.244.12.0.80: Flags [S], seq 911925547, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0C.@……..fE….?.P6Z.+….p. .T………..
2016-09-26 21:02:37.641311 IP 192.168.1.102.58176 > 77.93.103.109.80: Flags [S], seq 3195708956, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4t.@……..fM]gm.@.P.z…….. ……………..
2016-09-26 21:02:40.648501 IP 192.168.1.102.58176 > 77.93.103.109.80: Flags [S], seq 3195708956, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4t.@……..fM]gm.@.P.z…….. ……………..
2016-09-26 21:02:46.664170 IP 192.168.1.102.58176 > 77.93.103.109.80: Flags [S], seq 3195708956, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0t.@……..fM]gm.@.P.z……p. ………….
2016-09-26 21:02:47.642356 IP 192.168.1.102.58177 > 183.83.196.84.80: Flags [S], seq 3873883067, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4^.@…^-…f.S.T.A.P………. ..%…………..
2016-09-26 21:02:50.648579 IP 192.168.1.102.58177 > 183.83.196.84.80: Flags [S], seq 3873883067, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4^.@…^,…f.S.T.A.P………. ..%…………..
2016-09-26 21:02:56.648596 IP 192.168.1.102.58177 > 183.83.196.84.80: Flags [S], seq 3873883067, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0^.@…^/…f.S.T.A.P……..p. ..4……….
2016-09-26 21:02:57.642014 IP 192.168.1.102.58178 > 85.130.73.3.80: Flags [S], seq 1769489968, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4P.@…Il…fU.I..B.PixF0…… .[A…………..
2016-09-26 21:03:00.648632 IP 192.168.1.102.58178 > 85.130.73.3.80: Flags [S], seq 1769489968, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4P.@…Ik…fU.I..B.PixF0…… .[A…………..
2016-09-26 21:03:06.648663 IP 192.168.1.102.58178 > 85.130.73.3.80: Flags [S], seq 1769489968, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0P.@…In…fU.I..B.PixF0….p….P……….
2016-09-26 21:03:07.642319 IP 192.168.1.102.58179 > 159.224.223.15.80: Flags [S], seq 2554626588, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4*+@……..f…..C.P.D…….. ……………..
2016-09-26 21:03:10.648669 IP 192.168.1.102.58179 > 159.224.223.15.80: Flags [S], seq 2554626588, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4*,@……..f…..C.P.D…….. ……………..
2016-09-26 21:03:16.648726 IP 192.168.1.102.58179 > 159.224.223.15.80: Flags [S], seq 2554626588, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0*-@……..f…..C.P.D……p. .$,……….
2016-09-26 21:03:17.642546 IP 192.168.1.102.58180 > 92.115.105.39.80: Flags [S], seq 2588488880, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41.@…A….f\si’.D.P.I4……. ……………..
2016-09-26 21:03:20.648736 IP 192.168.1.102.58180 > 92.115.105.39.80: Flags [S], seq 2588488880, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41.@…A….f\si’.D.P.I4……. ……………..

Leave a Reply