98i76u6h.exe 199.7.136.88.8143 DRIDEX Banking Trojan Malware Full PCAP File download Traffic Sample

SHA256: 58c0732e25960252fd9dc8727c1131248091f3117f66b01329bb80c969614438
File name: 98i76u6h.exe
Detection ratio: 52 / 56
Analysis date: 2016-11-16 01:21:56 UTC ( 0 minutes ago )
AVware Trojan.Win32.Generic!BT 20161116
Ad-Aware Trojan.GenericKD.2941863 20161116
AegisLab Troj.Notifier.W32!c 20161115
AhnLab-V3 Trojan/Win32.Dridex.N1842102519 20161115
Antiy-AVL Trojan/Win32.BTSGeneric 20161116
Arcabit Trojan.Generic.D2CE3A7 20161115
Avast Win32:Trojan-gen 20161116
Avira (no cloud) TR/Crypt.Xpack.259424 20161116
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161115
BitDefender Trojan.GenericKD.2941863 20161116
Bkav W32.Clod7bc.Trojan.3dde 20161112
CAT-QuickHeal Backdoor.Drixed 20161115
ClamAV Win.Trojan.Dridex-47 20161115
Comodo TrojWare.Win32.Dridex.WQ 20161115
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Dridex.C.gen!Eldorado 20161116
DrWeb Trojan.Dridex.287 20161116
ESET-NOD32 Win32/Dridex.AA 20161116
Emsisoft Trojan.GenericKD.2941863 (B) 20161116
F-Prot W32/Dridex.C.gen!Eldorado 20161116

2016-11-15 18:52:49.411547 IP 192.168.1.102.56371 > 75.75.75.75.53: 1615+ A? www.users.freenetname.co.uk. (45)
E..Iq@….p….fKKKK.3.5.5O..O………..www.users.freenetname.co.uk…..
2016-11-15 18:52:49.532485 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [S], seq 2048770334, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4Os@……..f..    ….Pz……… ..j…………..
2016-11-15 18:52:49.653091 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [.], ack 2733790834, win 256, length 0
E..(Ot@……..f..    ….Pz…..VrP…
………
2016-11-15 18:52:49.658143 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [P.], seq 0:413, ack 1, win 256, length 413: HTTP: GET /~gerryj/jh45wf/98i76u6h.exe HTTP/1.1
E…Ou@…    y…f..    ….Pz…..VrP…….GET /~gerryj/jh45wf/98i76u6h.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 21 Dec 2015 09:23:13 GMT
If-None-Match: “1943fc2-29e00-5276509ca8240”
Host: www.users.freenetname.co.uk
Connection: Keep-Alive

2016-11-15 18:52:49.821604 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [.], ack 177, win 255, length 0
E..(Ov@……..f..    ….Pz…..W”P….}……..
2016-11-15 18:52:51.865641 IP 192.168.1.102.64181 > 74.125.192.125.443: Flags [.], seq 624467595:624467596, ack 3082831751, win 253, length 1
E..)^}@….H…fJ}.}….%8….G.P…”Q……..
2016-11-15 18:52:56.614340 IP 192.168.1.102.52949 > 199.7.136.88.8143: Flags [S], seq 3739820722, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4o=@…z….f…X……”……. .Ma…………..
2016-11-15 18:52:59.615376 IP 192.168.1.102.52949 > 199.7.136.88.8143: Flags [S], seq 3739820722, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4o>@…z….f…X……”……. .Ma…………..
2016-11-15 18:53:00.035059 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [.], ack 178, win 255, length 0
E..(Ow@……..f..    ….Pz…..W#P….|……..
2016-11-15 18:53:04.767291 IP 192.168.1.102.52948 > 212.159.9.151.80: Flags [F.], seq 413, ack 178, win 255, length 0
E..(Ox@……..f..    ….Pz…..W#P….{……..
2016-11-15 18:53:05.616179 IP 192.168.1.102.52949 > 199.7.136.88.8143: Flags [S], seq 3739820722, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0o?@…z….f…X……”…..p. .ap……….
2016-11-15 18:53:36.889918 IP 192.168.1.102.64181 > 74.125.192.125.443: Flags [.], seq 0:1, ack 1, win 253, length 1