Text Example

NetWired Netwire Malware Trojan Backdoor Traffic Analysis Sample FULL PCAP download asril4646.hopto.org

Download Attachments

  • 1 pcap 777
    Date added: January 21, 2017 11:30 pm Added by: admin File size: 23 KB Downloads: 146
SHA256: 41483ee139d27f4d5e7d85c4d6bc461e4d698f0e3bb6d44b7da58d191fd1916c
File name: Dcx4HVf_If.exe?download=Super.exe
Detection ratio: 40 / 55
Analysis date: 2017-01-21 23:26:42 UTC ( 0 minutes ago )
Kaspersky Trojan.Win32.Autoit.abfdb 20170121
Malwarebytes Trojan.Dropper.SFX 20170121
McAfee Generic.grp 20170121
McAfee-GW-Edition Generic.grp 20170121
eScan Trojan.GenericKD.4193802 20170121
Microsoft Backdoor:Win32/NetWiredRC!rfn 20170121
Panda Trj/CI.A 20170121
Qihoo-360 HEUR/QVM06.2.97AB.Malware.Gen 20170122
Rising Malware.Undefined!8.C-GCgyogYtbVV (cloud) 20170121
Sophos Troj/Agent-AVAI 20170121
Symantec ML.Relationship.HighConfidence [Infostealer.Limitail] 20170121
Tencent Win32.Backdoor.Netwire.7675 20170122
TrendMicro TROJ_FRS.0NA000AJ17 20170121
TrendMicro-HouseCall TROJ_FRS.0NA000AJ17 20170122
VIPRE Trojan.Win32.Generic!BT 20170122

2017-01-21 01:32:54.086537 IP 192.168.1.102.50629 > 192.0.77.17.80: Flags [P.], seq 0:305, ack 1, win 256, length 305: HTTP: GET /Dcx4HVf_If.exe?download=Super.exe HTTP/1.1
E..Yh-@….Q…f..M….P…o..*.P…….GET /Dcx4HVf_If.exe?download=Super.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: cldup.com
Connection: Keep-Alive

017-01-21 01:33:27.886052 IP 192.168.1.102.61205 > 75.75.75.75.53: 7873+ A? asril4646.hopto.org. (37)
E..AG……….fKKKK…5.-………….. asril4646.hopto.org…..
2017-01-21 01:33:27.918497 IP 192.168.1.102.50634 > 185.84.181.73.3478: Flags [S], seq 3682526496, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41-@……..f.T.I…..~. …… ..c…………..
2017-01-21 01:33:28.584642 IP 192.168.1.102.50634 > 185.84.181.73.3478: Flags [S], seq 3682526496, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41.@……..f.T.I…..~. …… ..c…………..
2017-01-21 01:33:29.247218 IP 192.168.1.102.50634 > 185.84.181.73.3478: Flags [S], seq 3682526496, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..01/@……..f.T.I…..~. ….p….r……….
2017-01-21 01:33:29.868782 IP 192.168.1.102.50635 > 185.84.181.73.3478: Flags [S], seq 1451685649, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..410@……..f.T.I….V……… ..i…………..
2017-01-21 01:33:30.522376 IP 192.168.1.102.50635 > 185.84.181.73.3478: Flags [S], seq 1451685649, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..411@……..f.T.I….V……… ..i…………..
2017-01-21 01:33:31.176974 IP 192.168.1.102.50635 > 185.84.181.73.3478: Flags [S], seq 1451685649, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..012@……..f.T.I….V…….p. ..y……….
2017-01-21 01:33:31.727983 IP 192.168.1.102.50636 > 185.84.181.73.3478: Flags [S], seq 2318671318, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..413@……..f.T.I…..4…….. ……………..
2017-01-21 01:33:32.383178 IP 192.168.1.102.50636 > 185.84.181.73.3478: Flags [S], seq 2318671318, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..414@……..f.T.I…..4…….. ……………..
2017-01-21 01:33:33.036215 IP 192.168.1.102.50636 > 185.84.181.73.3478: Flags [S], seq 2318671318, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..015@……..f.T.I…..4……p. ………….
2017-01-21 01:33:43.183304 IP 192.168.1.102.61206 > 75.75.75.75.53: 23192+ A? asril4646.hopto.org. (37)
E..AG……….fKKKK…5.-.?Z……….. asril4646.hopto.org…..

Leave a Reply