| SHA256: | a15d9dd8f751b241d7171587719f50ed0f7ef57dd54b78e17bca4ee5a922c971 |
| File name: | raj.exe |
| Detection ratio: | 44 / 60 |
| Analysis date: | 2017-05-09 01:53:13 UTC ( 0 minutes ago ) |
| ALYac | Gen:Variant.Razy.169955 | 20170509 |
| Arcabit | Trojan.Generic.D4C215F | 20170509 |
| Avast | Win32:Malware-gen | 20170509 |
| AVG | Generic_r.SQM | 20170509 |
| Avira (no cloud) | TR/Crypt.ZPACK.lrzkx | 20170509 |
| AVware | Trojan.Win32.Injector.cdgy (v) | 20170508 |
| BitDefender | Trojan.GenericKD.4989279 | 20170509 |
| Bkav | HW32.Packed.9625 | 20170508 |
| CAT-QuickHeal | Trojan.Dynamer | 20170508 |
| ClamAV | Win.Trojan.Agent-6307522-0 | 20170508 |
| DrWeb | Trojan.Winlock.13915 | 20170508 |
| Emsisoft | Trojan.GenericKD.4989279 (B) | 20170508 |
| Endgame | malicious (high confidence) | 20170503 |
| ESET-NOD32 | Win32/TrojanDownloader.Agent.DGM | 20170509 |
| F-Secure | Trojan.GenericKD.4989279 | 20170508 |
| Fortinet | W32/Sennoma.ABK!tr | 20170508 |
| GData | Trojan.GenericKD.4989279 | 20170508 |
| Ikarus | Trojan-Downloader.Win32.Agent | 20170508 |
| Invincea | ransom.win32.crowti.a | 20170413 |
| K7AntiVirus | Riskware ( 0040eff71 ) | 20170508 |
| K7GW | Riskware ( 0040eff71 ) | 20170508 |
| Kaspersky | Trojan.Win32.Sennoma.abk | 20170508 |
| Malwarebytes | Backdoor.Bot | 20170509 |
| McAfee | Artemis!407B6C1AA288 | 20170509 |
| McAfee-GW-Edition | BehavesLike.Win32.Expiro.cc | 20170508 |
2017-05-08 19:49:29.759767 IP 192.168.1.102.54520 > 178.62.104.165.80: Flags [P.], seq 0:395, ack 1, win 256, length 395: HTTP: GET /raj.exe HTTP/1.1
E…<*@….(…f.>h….P…….|P…P[..GET /raj.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: 178.62.104.165
Connection: Keep-Alive
2017-05-08 19:49:35.480794 IP 192.168.1.102.54521 > 185.121.177.53.53: Flags [P.], seq 0:31, ack 1, win 256, length 3147940+ A? funchat.bit. (29)
E..G?&@……..f.y.5…5..I;.D..P….R…..D………..funchat.bit…..
2017-05-08 19:49:35.505692 IP 192.168.1.102.54521 > 185.121.177.53.53: Flags [F.], seq 31, ack 48, win 256, length 0
E..(?’@……..f.y.5…5..IZ.D.:P…#………
2017-05-08 19:49:40.776524 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1875535261, win 256, length 0
E..(>.@……..f..$y……..o.e.P…C………
2017-05-08 19:49:40.782055 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 0:104, ack 1, win 256, length 104
E…>.@……..f..$y……..o.e.P….|……c…_..Y………R….;…!.J2x..Wn..z…../.5…
….. .
.2.8…………………..
…………..
2017-05-08 19:49:40.935054 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1468, win 256, length 0
E..(>.@……..f..$y……..o.kXP…=………
2017-05-08 19:49:40.961149 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 104:238, ack 1468, win 256, length 134
E…>.@……..f..$y……..o.kXP….=……F…BA..m.D….;…n6.m……a S.J..)……..qC….K..Q..`.<(cl…?j..@……….0.)/..;U.J._…..f.l……L}o.`..fK..E..r.3.R. Y.
2017-05-08 19:49:41.113067 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [.], ack 1527, win 256, length 0
E..(>.@……..f..$y…….qo.k.P…<………
2017-05-08 19:49:41.117958 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 238:547, ack 1527, win 256, length 309
E..]>.@….J…f..$y…….qo.k.P………..0…`.D%.c.#%……..r;.:.W-..m..[~u…4….OE.r…..A..no1…..M..,c..)c/rq,…D…z..”_prp…`’……x..R…H6….)..v.4…..`…>.P/…t2……9g…..m…5.K…………]….O@zn.R……X..(3.y…A..S.L.-……3)..”;.[X1Qk…X:.5……..p…m..6..N&.+.,KU…s..(……:\i…G.u4…….-..y.(..2…,kV..
2017-05-08 19:49:41.419113 IP 192.168.1.102.54526 > 185.13.36.121.443: Flags [P.], seq 547:1608, ack 1527, win 256, length 1061
E..M>.@….Y…f..$y……..o.k.P….m…… …eZ…..4=..A..7C…V..Z1`xS….zO../k.UO…%._.k^.
.).fb.J…?..7….
.t ..S.).)…’).3.. …..B.-……..’.t.”…~..Q..T…..IC..X.o..\D..^….E.y……1Sab5..9….k\..]..qY.s….]..CH.3us.:HA`.l……|….#…D].u…F..d..”….^ ..)..f.x[.=…EvF…8.y.Yg..”.”Z’..K.k|u..SX……./n..(Tl.>5B..Q….J\D………K…U…=k/.5……oS..E.A
…m.ykj…-fg……wJ.[..& ..:..Z…..h.{e!G..z……Ny.==.u.0…….2.t…0.#-…..b.V.w……P5.EZ4I.!%..sVi.].r..n……XjP.,..a..[…..s….”..6H……..5+o .9…..>…. …E…(T1.0…l…..S…Y.”…a……\N…EjM2….ynN,…..*q………q{.
..(…Y.sHp…….kz………….a0.8.Mg…C,Di…..T…..`.~jS-…..W..l.Z….9.bF…..Py..n/….?..wy.1*.s.Vz$….6…..R…z.*..d.&T.|..b.%.T……..%.FB!a….^.
\_K..R….]A….\2Y…%.>.9 .T…MBR……#.rS.:……DJ.c….n……!….Ccl.3..YW….w… w.>.IP[…. B…_……..G6’BSF(…..gH.Q……..Id..).K..’w……..>1..:..?..)X……p..
:.j..p…..c.&….s.TA.~.3…*sa..2.&.”9..B..4.3……!….,..b..^*.U….VB…….
Bc….m_y..zt…T.”..?.e..g….V
Written By
2020-06-23 15:26:21.518710 IP 10.1.10.15.49742 > 217.8.117.45.80: Flags [P.], seq 1:502, ack 1, win 16425, length 501: HTTP: GET /zxcv.EXE HTTP/1.1 E....=@...wX . ...u-.N.P'&"i....P.@).Q..GET /zxcv.EXE HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-us User-Agent: Mozill...
AZORult/RacoonStealer can steal banking information including passwords and credit card details as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. Raccoon is an info...
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallet...
Hostile IPs: 172.217.164.131 172.217.9.206 172.253.63.132 188.127.249.210 195.201.225.248 217.8.117.45 34.107.4.68 91.193.75.172 96.6.6.64 Dynamic Analysis Report Classification:DownloaderSpyware Threat Names:AZORult v3Gen:Varian...
