Razy Trojan Malware oylau2003.ddns.net PCAP File download traffic sample

Download Attachments

  • 1 pcap c8701
    Date added: July 3, 2017 10:03 pm Added by: admin File size: 19 KB Downloads: 64
SHA256: 5e123d4f7b03118196a1f27cfa5a56a3ca8723c3d0e5b02d3719459ab303221b
File name: 7c8701febd.exe
Detection ratio: 42 / 61
Analysis date: 2017-07-03 22:01:16 UTC ( 0 minutes ago )
Ad-Aware Gen:Variant.Razy.6869 20170703
AegisLab Troj.W32.Gen.mein 20170703
AhnLab-V3 Trojan/Win32.Agent.R202451 20170703
ALYac Gen:Variant.Razy.6869 20170703
Arcabit Trojan.Razy.D1AD5 20170703
Avast Win32:Evo-gen [Susp] 20170703
AVG Win32:Evo-gen [Susp] 20170703
Avira (no cloud) TR/Dropper.Gen 20170703
AVware Trojan.Win32.Generic!BT 20170703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170703
BitDefender Gen:Variant.Razy.6869 20170703

 

2017-07-03 15:25:01.264665 IP 192.168.1.102.60223 > 107.154.161.190.80: Flags [P.], seq 0:410, ack 1, win 256, length 410: HTTP: GET /download/7c8701febd.exe HTTP/1.1
E…LY@….u…fk….?.PV..ax…P…S3..GET /download/7c8701febd.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: directlink.cz
Connection: Keep-Alive

 

2017-07-03 15:26:42.312240 IP 192.168.1.102.60499 > 75.75.75.75.53: 51646+ A? oylau2003.ddns.net. (36)
E..@b……….fKKKK.S.5.,…………..        oylau2003.ddns.net…..
2017-07-03 15:26:42.332629 IP 192.168.1.102.60253 > 103.68.223.134.3232: Flags [S], seq 123003361, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4!.@….B…fgD…]…T…….. .e……………

Leave a Reply