Trojan Crypt Password Stealer Malware turbo.exe 157.56.31.43 Port 3544/UDP PCAP file download Traffic Sample

Download Attachments

  • pcap turbo
    Date added: February 20, 2017 4:55 am Added by: admin File size: 41 KB Downloads: 42
SHA256: b31c4f30f37be6a0ea904019fcce94319fd59215fe06d52a265946be088d2592
File name: turbo.exe
Detection ratio: 48 / 58
Analysis date: 2017-02-20 04:48:47 UTC ( 0 minutes ago )
Cyren W32/Trojan.YHFN-2823 20170220
DrWeb Trojan.PWS.Stealer.15842 20170220
ESET-NOD32 a variant of Win32/Injector.DKFX 20170219
Emsisoft Trojan.GenericKD.4236515 (B) 20170220
F-Secure Trojan.GenericKD.4236515 20170220
Fortinet W32/Injector.DJWH!tr 20170220
GData Trojan.GenericKD.4236515 20170220
Ikarus Trojan.Win32.Injector 20170219
K7AntiVirus Trojan ( 005036d71 ) 20170220
K7GW Trojan ( 005036d71 ) 20170220
Kaspersky Trojan.Win32.Agent.neytzz 20170220
Malwarebytes Trojan.Crypt 20170220
McAfee Trojan-FLBV!22730AE47ACC 20170220
McAfee-GW-Edition Trojan-FLBV!22730AE47ACC

2017-02-18 07:20:52.112791 IP 192.168.1.102.55812 > 182.255.5.201.80: Flags [P.], seq 0:416, ack 1, win 256, length 416: HTTP: GET /~bemkmund/two/turbo.exe HTTP/1.1
E…=.@…<….f…….P0.H..P.0P…k…GET /~bemkmund/two/turbo.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Range: bytes=243275-
Unless-Modified-Since: Mon, 23 Jan 2017 15:24:32 GMT
If-Range: “983c9c-1b5000-546c498a46c00”
Host: 182.255.5.201
Connection: Keep-Alive

2017-02-18 07:21:19.360454 IP 192.168.1.102.63306 > 157.56.31.43.3544: UDP, length 61
E..Y    B………f.8.+.J…E……..RH…’.`…..:……………………………..}8….
2017-02-18 07:21:43.787645 IP 192.168.1.102.63306 > 157.56.31.43.3544: UDP, length 61
E..Y    C………f.8.+.J…E……..RH…’.`…..:……………………………..}8….
2017-02-18 07:22:07.487712 IP 192.168.1.102.63306 > 157.56.31.43.3544: UDP, length 61
E..Y    D………f.8.+.J…E……..RH…’.`…..:……………………………..}8….

Leave a Reply