Text Example

Razy/Panda Trojan Malware 9z68lXaL.exe PCAP file download traffic analysis sample

Download Attachments

  • 1 pcap 9z6
    Date added: May 21, 2017 9:26 pm Added by: admin File size: 18 KB Downloads: 111
SHA256: 904ba982fd067daed01ebcd896a8b8cf3e21e1a4069aadb236825f2f5180e326
File name: 9z68lXaL.exe
Detection ratio: 54 / 59
Analysis date: 2017-05-21 21:23:40 UTC ( 1 minute ago )

 

 

BitDefender Gen:Variant.Razy.155999 20170521
Bkav W32.TaharaK.Trojan 20170520
CAT-QuickHeal TrojanRansom.Shade 20170520
Comodo TrojWare.Win32.Injector.~DMGM 20170521
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.TZVH-3564 20170521
DrWeb Trojan.PWS.Panda.9309 20170521
Emsisoft Gen:Variant.Razy.155999 (B) 20170521
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Injector.DMGM 20170521
F-Secure Gen:Variant.Razy.155999 20170521

2017-05-21 16:06:18.212574 IP 192.168.1.102.55464 > 104.24.123.74.80: Flags [P.], seq 2582031664:2582032130, ack 3928753541, win 541, length 466: HTTP: GET /upload/9z68lXaL.exe HTTP/1.1
E…..@…N….fh.{J…P…0.,..P…….GET /upload/9z68lXaL.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: rigpriv.com
Connection: Keep-Alive
Cookie: __cfduid=d478ac9f52a3801df9f32948ee4b03b4f1495397051

2017-05-21 16:07:06.744496 IP 192.168.1.102.55471 > 191.232.80.58.443: Flags [.], ack 5270, win 256, length 0
E..(..@……..f..P:….|5yp=…P….”……..
2017-05-21 16:07:06.751833 IP 192.168.1.102.55471 > 191.232.80.58.443: Flags [F.], seq 1705, ack 5270, win 256, length 0
E..(..@……..f..P:….|5yp=…P….!……..
2017-05-21 16:07:06.819164 IP 192.168.1.102.55471 > 191.232.80.58.443: Flags [.], ack 5271, win 256, length 0
E..(..@……..f..P:….|5yq=…P…. ……..
2017-05-21 16:07:09.498445 IP 192.168.1.102.55473 > 85.217.170.81.80: Flags [S], seq 2758385259, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41.@……..fU..Q…P.i.k…… .q……………
2017-05-21 16:07:09.498449 IP 192.168.1.102.55472 > 85.217.170.81.80: Flags [S], seq 1888110957, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..41.@……..fU..Q…Pp.Im…… ……………..
2017-05-21 16:07:15.498426 IP 192.168.1.102.55473 > 85.217.170.81.80: Flags [S], seq 2758385259, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..01.@……..fU..Q…P.i.k….p. ………….
2017-05-21 16:07:15.514045 IP 192.168.1.102.55472 > 85.217.170.81.80: Flags [S], seq 1888110957, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..01.@……..fU..Q…Pp.Im….p. ………….

Leave a Reply