sub.exe totalwellbeing.com.au Cerber Ransomware Trojan Malware PCAP file download traffic sample

Download Attachments

  • 1 pcap sub
    Date added: January 24, 2017 2:45 am Added by: admin File size: 56 KB Downloads: 95
SHA256: 849aa2e275d84c05213f95f764331df0dd743b17b32f61174ac45946544f67eb
File name: sub.exe
Detection ratio: 16 / 55
Analysis date: 2017-01-24 02:42:52 UTC ( 0 minutes ago )
Avast Win32:Malware-gen 20170124
Avira (no cloud) TR/Crypt.Xpack.gsrsm 20170123
CrowdStrike Falcon (ML) malicious_confidence_76% (W) 20161024
DrWeb Trojan.Encoder.5994 20170124
ESET-NOD32 NSIS/Injector.SH 20170124
GData Win32.Trojan.Agent.XY7YM7 20170124
Invincea ransom.win32.critroni.b 20170111
Kaspersky Trojan-Ransom.Win32.Zerber.bghv 20170124
Malwarebytes Ransom.Cerber 20170124
McAfee Artemis!130678330541 20170124
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.fc 20170124
Rising Trojan.Injector!8.C4-pKe2N6RHzqF (cloud) 20170124
Sophos Mal/Generic-S 20170124
Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170123

2017-01-23 20:55:04.860000 IP 192.168.1.102.50480 > 162.214.17.204.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /wp-includes/images/wlw/sub.exe HTTP/1.1
E..b5.@…L….f…..0.P.M.`\.j\P….|..GET /wp-includes/images/wlw/sub.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: totalwellbeing.com.au
Connection: Keep-Alive

2017-01-23 20:55:18.692931 IP 192.168.1.102.57682 > 90.2.1.0.6892: UDP, length 25
E..5………..fZ….R…!.,df9e07b4fa6400684501000dd
2017-01-23 20:55:18.692999 IP 192.168.1.102.57682 > 90.2.1.1.6892: UDP, length 25
E..5D……….fZ….R…!.+df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693053 IP 192.168.1.102.57682 > 90.2.1.2.6892: UDP, length 25
E..5-F….._…fZ….R…!.*df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693059 IP 192.168.1.102.57682 > 90.2.1.3.6892: UDP, length 25
E..5c……….fZ….R…!.)df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693141 IP 192.168.1.102.57682 > 90.2.1.4.6892: UDP, length 25
E..5Y:…..i…fZ….R…!.(df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693198 IP 192.168.1.102.57682 > 90.2.1.5.6892: UDP, length 25
E..5………..fZ….R…!.’df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693250 IP 192.168.1.102.57682 > 90.2.1.6.6892: UDP, length 25
E..5.p…..1…fZ….R…!.&df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693255 IP 192.168.1.102.57682 > 90.2.1.7.6892: UDP, length 25
E..51……….fZ….R…!.%df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693336 IP 192.168.1.102.57682 > 90.2.1.8.6892: UDP, length 25
E..5c7…..h…fZ….R…!.$df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693383 IP 192.168.1.102.57682 > 90.2.1.9.6892: UDP, length 25
E..5-……….fZ..     .R…!.#df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693442 IP 192.168.1.102.57682 > 90.2.1.10.6892: UDP, length 25
E..5E}….. …fZ..
.R…!.”df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693492 IP 192.168.1.102.57682 > 90.2.1.11.6892: UDP, length 25
E..5………..fZ….R…!.!df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693493 IP 192.168.1.102.57682 > 90.2.1.12.6892: UDP, length 25
E..51……….fZ….R…!. df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693581 IP 192.168.1.102.57682 > 90.2.1.13.6892: UDP, length 25
E..5………..fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693631 IP 192.168.1.102.57682 > 90.2.1.14.6892: UDP, length 25
E..5.k…../…fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693633 IP 192.168.1.102.57682 > 90.2.1.15.6892: UDP, length 25
E..5Y……….fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693715 IP 192.168.1.102.57682 > 90.2.1.16.6892: UDP, length 25
E..5@3…..d…fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693774 IP 192.168.1.102.57682 > 90.2.1.17.6892: UDP, length 25
E..5p……….fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693776 IP 192.168.1.102.57682 > 90.2.1.18.6892: UDP, length 25
E..5………..fZ….R…!..df9e07b4fa6400684501000dd
2017-01-23 20:55:18.693843 IP 192.168.1.102.57682 > 90.2.1.19.6892: UDP, length 25
E..5X……{…fZ….R…!..df9e07b4fa6400684501000dd

2017-01-23 20:55:19.683716 IP 192.168.1.102.57682 > 91.239.25.242.6892: UDP, length 25
E..5R……….f[….R…!oMdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683720 IP 192.168.1.102.57682 > 91.239.25.243.6892: UDP, length 25
E..5…….:…f[….R…!oLdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683799 IP 192.168.1.102.57682 > 91.239.25.244.6892: UDP, length 25
E..5>……….f[….R…!oKdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683849 IP 192.168.1.102.57682 > 91.239.25.245.6892: UDP, length 25
E..5…….(…f[….R…!oJdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683901 IP 192.168.1.102.57682 > 91.239.25.246.6892: UDP, length 25
E..5%……….f[….R…!oIdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683905 IP 192.168.1.102.57682 > 91.239.25.247.6892: UDP, length 25
E..5fk…..X…f[….R…!oHdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.683957 IP 192.168.1.102.57682 > 91.239.25.248.6892: UDP, length 25
E..5………..f[….R…!oGdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684030 IP 192.168.1.102.57682 > 91.239.25.249.6892: UDP, length 25
E..5S……….f[….R…!oFdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684085 IP 192.168.1.102.57682 > 91.239.25.250.6892: UDP, length 25
E..5;……….f[….R…!oEdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684090 IP 192.168.1.102.57682 > 91.239.25.251.6892: UDP, length 25
E..5ph…..W…f[….R…!oDdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684136 IP 192.168.1.102.57682 > 91.239.25.252.6892: UDP, length 25
E..5g……….f[….R…!oCdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684196 IP 192.168.1.102.57682 > 91.239.25.253.6892: UDP, length 25
E..5$\…..a…f[….R…!oBdf9e07b4fa6400684501000dd
2017-01-23 20:55:19.684259 IP 192.168.1.102.57682 > 91.239.25.254.6892: UDP, length 25
E..5.8………f[….R…!oAdf9e07b4fa6400684501000dd
2017-01-23 20:55:20.688939 IP 192.168.1.102.57682 > 91.239.25.255.6892: UDP, length 25
E..5?……9…f[….R…!o@df9e07b4fa6400684501000dd

Leave a Reply