UnInstall.exe Cerber Ransomware Malware Traffic Analysis PCAP file Download 149.202.64.0.6892: UDP, length 27

Download Attachments

  • 1 pcap uninstall
    Date added: March 25, 2017 2:39 am Added by: admin File size: 108 KB Downloads: 77

 

SHA256: 1f4acebd331ff6fe617afe32da66b7577056a903f077bd79c4bdc534bb044d94
File name: UnInstall.exe
Detection ratio: 19 / 59
Analysis date: 2017-03-25 02:27:04 UTC ( 0 minutes ago )
AegisLab Ransom.Hpcerber.Sm51!c 20170325
Avast Win32:Malware-gen 20170325
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Inject2.51570 20170325
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Filecoder.Cerber.I 20170325
Fortinet W32/Kryptik.FQBM!tr 20170325
Invincea virus.win32.virut.bn 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170325
McAfee Ransomware-FLJJ!DF9E8845DE72 20170325
McAfee-GW-Edition BehavesLike.Win32.Conficker.gh 20170325
Palo Alto Networks (Known Signatures) generic.ml 20170325
Qihoo-360 HEUR/QVM02.0.0487.Malware.Gen 20170325
Rising Malware.Generic.1!tfe (cloud:nN3uADiketB) 20170325
SentinelOne (Static ML) static engine – malicious 20170315
Sophos Mal/Cerber-X 20170325

2017-03-24 21:39:57.755565 IP 192.168.1.102.53049 > 82.165.129.119.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /UnInstall.exe HTTP/1.1
E..J/.@…3….fR..w.9.Pa.d.B\doP…aR..GET /UnInstall.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 82.165.129.119
Connection: Keep-Alive

2017-03-24 21:40:08.813612 IP 192.168.1.102.64829 > 149.202.64.0.6892: UDP, length 27
E..7…….)…f..@..=…#.sa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813678 IP 192.168.1.102.64829 > 149.202.64.1.6892: UDP, length 27
E..7s…..0….f..@..=…#.ra8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813681 IP 192.168.1.102.64829 > 149.202.64.2.6892: UDP, length 27
E..7?j….dq…f..@..=…#.qa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813756 IP 192.168.1.102.64829 > 149.202.64.3.6892: UDP, length 27
E..7a…..B….f..@..=…#.pa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813758 IP 192.168.1.102.64829 > 149.202.64.4.6892: UDP, length 27
E..7V…..M….f..@..=…#.oa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813823 IP 192.168.1.102.64829 > 149.202.64.5.6892: UDP, length 27
E..7;…..h1…f..@..=…#.na8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813877 IP 192.168.1.102.64829 > 149.202.64.6.6892: UDP, length 27
E..7f…..=….f..@..=…#.ma8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813879 IP 192.168.1.102.64829 > 149.202.64.7.6892: UDP, length 27
E..7…….Q…f..@..=…#.la8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813955 IP 192.168.1.102.64829 > 149.202.64.8.6892: UDP, length 27
E..7h…..:….f..@..=…#.ka8022f1aa8d50098750100000c1
2017-03-24 21:40:08.813957 IP 192.168.1.102.64829 > 149.202.64.9.6892: UDP, length 27
E..7.d…..p…f..@     .=…#.ja8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814033 IP 192.168.1.102.64829 > 149.202.64.10.6892: UDP, length 27
E..7\I….G….f..@
.=…#.ia8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814035 IP 192.168.1.102.64829 > 149.202.64.11.6892: UDP, length 27
E..75…..n@…f..@..=…#.ha8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814110 IP 192.168.1.102.64829 > 149.202.64.12.6892: UDP, length 27
E..7AY….bx…f..@..=…#.ga8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814113 IP 192.168.1.102.64829 > 149.202.64.13.6892: UDP, length 27
E..7`…..C….f..@..=…#.fa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814197 IP 192.168.1.102.64829 > 149.202.64.14.6892: UDP, length 27
E..7…….0…f..@..=…#.ea8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814199 IP 192.168.1.102.64829 > 149.202.64.15.6892: UDP, length 27
E..7m8….6….f..@..=…#.da8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814276 IP 192.168.1.102.64829 > 149.202.64.16.6892: UDP, length 27
E..7Bo….a^…f..@..=…#.ca8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814278 IP 192.168.1.102.64829 > 149.202.64.17.6892: UDP, length 27
E..7\…..F….f..@..=…#.ba8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814355 IP 192.168.1.102.64829 > 149.202.64.18.6892: UDP, length 27
E..7…….6…f..@..=…#.aa8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814357 IP 192.168.1.102.64829 > 149.202.64.19.6892: UDP, length 27
E..7pN….3|…f..@..=…#.`a8022f1aa8d50098750100000c1
2017-03-24 21:40:08.814432 IP 192.168.1.102.64829 > 149.202.64.20.6892: UDP, length 27
E..7l…..7….f..@..=…#._a8022f1aa8d50098750100000c1

Leave a Reply