NEW Locky Ransomware PCAP file download traffic analysis gokeenakte.top NO C2 Used

Download Attachments

  • 1 pcap 1
    Date added: September 25, 2017 11:22 pm Added by: admin File size: 25 KB Downloads: 32
51 engines detected this file
SHA-256 8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285
File name 1
File size 617 KB
Last analysis 2017-09-25 04:21:44 UTC
Community score -50

2017-09-25 17:31:45.176820 IP 192.168.1.102.57004 > 47.89.249.183.80: Flags [P.], seq 0:482, ack 1, win 256, length 482: HTTP: GET /url/1 HTTP/1.1
E..
p @……..f/Y…..P!Ke.`…P…….GET /url/1 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: gokeenakte.top
Connection: Keep-Alive

2017-09-25 17:33:25.458134 IP 192.168.1.102.57009 > 91.203.5.162.80: Flags [S], seq 1347326132, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H%@….#…f[……PPN…….. .k……………
2017-09-25 17:33:31.173039 IP 192.168.1.102.57005 > 40.70.221.249.443: Flags [F.], seq 2336, ack 4383, win 258, length 0
E..(M.@……..f(F……’Q-..P..P………….
2017-09-25 17:33:31.213749 IP 192.168.1.102.57005 > 40.70.221.249.443: Flags [.], ack 4384, win 258, length 0
E..(M.@……..f(F……’Q-..P..P………….
2017-09-25 17:33:31.459273 IP 192.168.1.102.57009 > 91.203.5.162.80: Flags [S], seq 1347326132, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0H&@….&…f[……PPN……p. ………….
2017-09-25 17:33:36.338616 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 48:72, ack 49, win 32762, length 24
E..@Us@…(….f2..h…2V.kC~.0.P….7…0……#…$………..
2017-09-25 17:33:36.457114 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 73, win 32756, length 0
E..(Ut@…(….f2..h…2V.k[~.0.P…h~……..
2017-09-25 17:33:43.473893 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4@N@……..f..D….Pj……… ……………..
2017-09-25 17:33:46.474293 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4@O@……..f..D….Pj……… ……………..
2017-09-25 17:33:52.477158 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0@P@……..f..D….Pj…….p. ………….
2017-09-25 17:34:04.495275 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H’@….!…f[……P.`…….. ..e…………..
2017-09-25 17:34:07.498299 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H(@…. …f[……P.`…….. ..e…………..
2017-09-25 17:34:13.513209 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,nop,sackOK], length 0

Leave a Reply