Trickbot Kovter TrickLoader TrickLoader Malware Trojan PCAP File Download Traffic Sample 91.219.28.77.443

Download Attachments

  • 1 pcap safafaasfasdddd
    Date added: November 2, 2016 3:21 am Added by: admin File size: 15 KB Downloads: 127

https://www.symantec.com/security_response/writeup.jsp?docid=2016-101811-2408-99&tabid=2

SHA256: 069ac0b81c552fba6ab768759249691d407ad8b67a98bf82548a951f468f629b
File name: safafaasfasdddd.exe
Detection ratio: 33 / 56
Analysis date: 2016-11-02 03:15:50 UTC ( 0 minutes ago )
Ad-Aware Trojan.GenericKD.3660757 20161102
AegisLab Heur.Advml.Gen!c 20161102
AhnLab-V3 Trojan/Win32.Kovter.N2144515957 20161101
Arcabit Trojan.Generic.D37DBD5 20161102
Avast Win32:Malware-gen 20161102
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161101
BitDefender Trojan.GenericKD.3660757 20161102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.TLFS-2881 20161102
DrWeb Trojan.DownLoader22.63827 20161102
ESET-NOD32 Win32/Agent.RYE 20161101
Emsisoft Trojan.GenericKD.3660757 (B) 20161102
F-Secure Trojan.GenericKD.3660757 20161102
Fortinet W32/Trickster.R!tr 20161102
GData Trojan.GenericKD.3660757 20161102
Invincea virus.win32.virut.bo 20161018
K7GW Trojan ( 004f5bd31 ) 20161102
Kaspersky Trojan.Win32.Trickster.r 20161102
Malwarebytes Trojan.TrickBot 20161102
McAfee Artemis!9018D65EBD6B 20161102

 

2016-11-01 21:35:48.411099 IP 192.168.1.102.51121 > 203.199.134.21.80: Flags [P.], seq 0:297, ack 1, win 256, length 297: HTTP: GET /pdf/safafaasfasdddd.exe HTTP/1.1
E..Q’.@….$…f…….P.T..P.m.P…….GET /pdf/safafaasfasdddd.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: futuras.com
Connection: Keep-Alive

2016-11-01 21:36:39.098541 IP 192.168.1.102.58180 > 75.75.75.75.53: 48799+ A? myexternalip.com. (34)
E..>c;….~….fKKKK.D.5.*……………myexternalip.com…..
2016-11-01 21:36:39.122419 IP 192.168.1.102.51122 > 78.47.139.102.80: Flags [S], seq 1153720242, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x:@……..fN/.f…PD._……. .F……………
2016-11-01 21:36:39.252886 IP 192.168.1.102.51122 > 78.47.139.102.80: Flags [.], ack 2606881224, win 256, length 0
E..(x;@……..fN/.f…PD._..a..P…1………
2016-11-01 21:36:39.253523 IP 192.168.1.102.51122 > 78.47.139.102.80: Flags [P.], seq 0:94, ack 1, win 256, length 94: HTTP: GET /raw HTTP/1.1
E…x<@……..fN/.f…PD._..a..P…….GET /raw HTTP/1.1
User-Agent: TrickLoader
Host: myexternalip.com
Connection: Keep-Alive

2016-11-01 21:36:39.424287 IP 192.168.1.102.51122 > 78.47.139.102.80: Flags [.], ack 229, win 255, length 0
E..(x=@……..fN/.f…PD.`..a..P…0K……..
2016-11-01 21:36:39.458850 IP 192.168.1.102.51123 > 91.219.28.77.443: Flags [S], seq 2520488089, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.;@….R…f[..M…..;…….. ……………..
2016-11-01 21:36:42.473180 IP 192.168.1.102.51123 > 91.219.28.77.443: Flags [S], seq 2520488089, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.<@….Q…f[..M…..;…….. ……………..

Leave a Reply