nnapoakea.top read.php?f=0.dat CERBER Ransomware 35.166.4.* 37.15.20.* 77.1.12.* 91.239.24.* PCAP File Download Traffic Sample

Download Attachments

  • pcap appda
    Date added: December 17, 2016 5:22 am Added by: admin File size: 68 KB Downloads: 71

http://nnapoakea.top/read.php?f=0.dat

SHA256:     5a1a12fb2668af622c7882003561c1abff5b99dc9db3d51a55cbfd4dd3d797e9
File name:     read.php?f=0.dat
Detection ratio:     7 / 55
Analysis date:     2016-12-17 01:16:52 UTC ( 1 minute ago )

Antivirus     Result     Update
AVware     Trojan.Win32.Generic!BT     20161217
AhnLab-V3     Trojan/Win32.Cerber.R192010     20161216
Bkav     HW32.Packed.F166     20161216
Invincea     virus.win32.sality.at     20161216
Qihoo-360     HEUR/QVM20.1.0000.Malware.Gen     20161217
Symantec     Heur.AdvML.B     20161217
VIPRE     Trojan.Win32.Generic!BT     20161217

SHA256:     5a1a12fb2668af622c7882003561c1abff5b99dc9db3d51a55cbfd4dd3d797e9
File name:     read.php?f=1.dat
Detection ratio:     7 / 55

Antivirus     Result     Update
Invincea     virus.win32.sality.at     20161216
AhnLab-V3     Trojan/Win32.Cerber.R192010     20161216
AVware     Trojan.Win32.Generic!BT     20161217
VIPRE     Trojan.Win32.Generic!BT     20161217
Bkav     HW32.Packed.F166     20161216
Qihoo-360     HEUR/QVM20.1.0000.Malware.Gen     20161217
Symantec     Heur.AdvML.B     20161217

2016-12-17 00:00:18.590572 IP 192.168.1.102.59801 > 75.75.75.75.53: 52283+ A? nnapoakea.top. (31)
E..;,……….fKKKK…5.’…;……….        nnapoakea.top…..
2016-12-17 00:00:29.499334 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 288121, win 1003, length 0
E..(R.@……..f#..-.r.P(R.j….P………….
2016-12-17 00:00:52.712693 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [P.], seq 292:584, ack 288121, win 1003, length 292: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..LR.@……..f#..-.r.P(R.j….P…….GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us91.239.24
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: nnapoakea.top
Connection: Keep-Alive

2016-12-17 00:00:53.978994 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 291041, win 1003, length 0
E..(R.@……..f#..-.r.P(R…..zP….M……..
2016-12-17 00:00:53.979790 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 293961, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P………….
2016-12-17 00:00:53.981207 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags91.239.24 [.], ack 296881, win 1003, length 0
E..(S.@……..f#..-.r.P(R…..JP….}……..
2016-12-17 00:00:53.981988 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 299801, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P…t………
2016-12-17 00:00:53.982836 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 302721, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P…h………
2016-12-17 00:00:54.087105 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 305641, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P…]E……..
2016-12-17 00:00:54.087968 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 308561, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P…Q………
2016-12-17 00:00:54.107016 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 323161, win 1003, length 0
E..(S.@……..f#..-.r.P(R……P………….
2016-12-17 00:00:54.130419 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 331921, win 1003, length 0
E..(S.@……..f#..-.r.P(R….?*P………….
2016-12-17 00:00:54.203658 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 334841, win 1003, length 0
E..(S.@……..f#..-.r.P(R….J.P….4……..
2016-12-17 00:00:54.205053 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags91.239.24 [.], ack 337761, win 1003, length 0
E..(S   @……..f#..-.r.P(R….U.P………….
2016-12-17 00:00:54.205672 IP 192.168.1.102.60018 > 35.166.4.45.80: Flags [.], ack 340681, win 1003, length 02016-12-17 00:01:33.936525 IP 192.168.1.102.50260 > 37.15.20.0.6892: UDP, length 25
E..5U{………f%….T…!.~ac71ae205179044695010009a
2016-12-17 00:01:33.936581 IP 192.168.1.102.50260 > 37.15.20.1.6892: UDP, length 25
E..5l……….f%….T…!.}ac71ae205179044695010009a
2016-12-17 00:01:33.936632 IP 192.168.1.102.50260 > 37.15.20.2.6892: UDP, length 25
E..5    …..7….f%….T…!.|ac71ae205179044695010009a
2016-12-17 00:01:33.936688 IP 192.168.1.102.50260 > 37.15.20.3.6892: UDP, length 25
E..50C…..U…f%….T…!.{ac71ae205179044695010009a
2016-12-17 00:01:33.936743 IP 192.168.1.102.50260 > 37.15.20.4.6892: UDP, length 25
E..5{……….f%….T…!.zac71ae205179044695010009a
2016-12-17 00:01:33.936750 IP 192.168.1.102.50260 > 37.15.20.5.6892: UDP, lengt77.1.12.23h 25
E..5B……….f%….T…!.yac71ae205179044695010009a
2016-12-17 00:01:33.936799 IP 192.168.1.102.50260 > 37.15.20.6.6892: UDP, length 25
E..5’……….f%….T…!.xac71ae205179044695010009a
2016-12-17 00:01:33.936890 IP 192.168.1.102.50260 > 37.15.20.7.6892: UDP, length 25
E..5.;….”Y…f%….T…!.wac71ae205179044695010009a
2016-12-17 00:01:33.936943 IP 192.168.1.102.50260 > 37.15.20.8.6892: UDP, length 25
E..5.I….>J…f%….T…!.vac71ae205179044695010009a37.15.20
2016-12-17 00:01:33.936951 IP 192.168.1.102.50260 > 37.15.20.9.6892: UDP, length 25
E..5;……….f%..     .T…!.uac71ae205179044695010009a
2016-12-17 00:01:33.937054 IP 192.168.1.102.50260 > 37.15.20.10.6892: UDP, length 25
E..5^……….f%..
.T…!.tac71ae205179044695010009a
2016-12-17 00:01:33.937063 IP 192.168.1.102.50260 > 37.15.20.11.6892: UDP, length 25
E..5g……
…f%….T…!.sac71ae205179044695010009a
2016-12-17 00:01:33.937113 IP 192.168.1.102.50260 > 37.15.20.12.6892: UDP, length 25
E..5,A…..N…f%….T…!.rac71ae205179044695010009a
2016-12-17 00:01:33.937195 IP 192.168.1.102.50260 > 37.15.20.13.6892: UDP, length 25
E..5……*….f%….T…!.qac71ae205179044695010009a
2016-12-17 00:01:33.937250 IP 192.168.1.102.50260 > 37.15.20.14.6892: UDP, length 25
E..5p……….f%….T…!.pac71ae205179044695010009a
2016-12-17 00:01:33.937257 IP 192.168.1.102.50260 > 37.15.20.15.6892: UDP, length 25
E..5I……n…f%….T…!.oac71ae205179044695010009a
2016-12-17 00:01:33.937305 IP 192.168.1.102.50260 > 37.15.20.16.6892: UDP, length 25
E..5>……….f%….T…!.nac71ae205179044695010009a
2016-12-17 00:01:33.938748 IP 192.168.1.102.50260 > 77.1.12.13.6892: UDP, length 25
E..5/d…..7…fM….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.938797 IP 192.168.1.102.50260 > 77.1.12.14.6892: UDP, length 25
E..5Jz….. …fM….T…!.~ac71ae205179044695010009a
2016-12-17 00:01:33.938886 IP 192.168.1.102.50260 > 77.1.12.15.6892: UDP, length 25
E..5s……….fM….T…!.}ac71ae205179044695010009a
2016-12-17 00:01:33.938894 IP 192.168.1.102.50260 > 77.1.12.16.6892: UDP, length 25
E..5.f…..3…fM….T…!.|ac71ae205179044695010009a
2016-12-17 00:01:33.938992 IP 192.168.1.102.50260 > 77.1.12.17.6892: UDP, length 25
E..5=……….fM….T…!.{ac71ae205179044695010009a91.239.24
2016-12-17 00:01:33.939050 IP 192.168.1.102.50260 > 77.1.12.18.6892: UDP, length 25
E..5X……….fM….T…!.zac71ae205179044695010009a
2016-12-17 00:01:33.939058 IP 192.168.1.102.50260 > 77.1.12.19.6892: UDP, length 25
E..5a……….fM….T…!.yac71ae205179044695010009a
2016-12-17 00:01:33.939107 IP 192.168.1.102.50260 > 77.1.12.20.6892: UDP, length 25
E..5*6…..^…fM….T…!.xac71ae205179044695010009a
2016-12-17 00:01:33.939194 IP 192.168.1.102.50260 > 77.1.12.21.6892: UDP, length 25
E..5………..fM….T…!.wac71ae205179044695010009a
2016-12-17 00:01:33.939203 IP 192.168.1.102.50260 > 77.1.12.22.6892: UDP, length 25
E..5v……….fM….T…!.vac71ae205179044695010009a
2016-12-17 00:01:33.939253 IP 192.168.1.102.50260 > 77.1.12.23.6892: UDP, length 25
E..5O0…..a…fM….T…!.uac71ae205179044695010009a
2016-12-17 00:01:33.939336 IP 192.168.1.102.50260 > 77.1.12.24.6892: UDP, length 25
E..5S……….fM….T…!.tac71ae205179044695010009a
2016-12-17 00:01:33.939345 IP 192.168.1.102.50260 > 77.1.12.25.6892: UDP, length 25
E..5j……….fM….T…!.sac71ae205179044695010009a
2016-12-17 00:01:33.939441 IP 192.168.1.102.50260 > 77.1.12.26.6892: UDP, length 25
E..5………..fM….T…!.rac71ae205179044695010009a
2016-12-17 00:01:33.939449 IP 192.168.1.102.50260 > 77.1.12.27.6892: UDP, length 25
E..56r………fM….T…!.qac71ae205179044695010009a
2016-12-17 00:01:33.939540 IP 192.168.1.102.50260 > 77.1.12.28.6892: UDP, length 25
E..5}4…..X…fM….T…!.pac71ae205179044695010009a
2016-12-17 00:01:33.939549 IP 192.168.1.102.50260 > 77.1.12.29.6892: UDP, length 25
E..5D……….fM….T…!.oac71ae205179044695010009a
2016-12-17 00:01:33.939598 IP 192.168.1.102.50260 > 77.1.12.30.6892: UDP, length 25
E..5″……{…fM….T…!.nac71ae205179044695010009a
2016-12-17 00:01:33.939683 IP 192.168.1.102.50260 > 77.1.12.31.6892: UDP, length 25
E..5.B…..H…fM….T…!.mac71ae205179044695010009a
2016-12-17 00:01:33.939738 IP 192.168.1.102.50260 > 91.239.24.0.6892: UDP, length 25
E..5………..f[….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.939746 IP 192.168.1.102.50260 > 91.239.24.1.6892: UDP, length 25
E..5;-………f[….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.939798 IP 192.168.1.102.50260 > 91.239.24.2.6892: UDP, length 25
E..5^……….f[….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.939878 IP 192.168.1.102.50260 > 91.239.24.3.6892: UDP, length 25
E..5g……….f[….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.939887 IP 192.168.1.102.50260 > 91.239.24.4.6892: UDP, length 25
E..5,……(…f[….T…!..ac71ae205179044695010009a
2016-12-17 00:01:33.939936 IP 192.168.1.102.50260 > 91.239.24.5.6892: UDP, length 25

Leave a Reply