Tag: CERBER Ransomware lobsterscrewallt.top GET /search.php Malware PCAP File Download Traffic Analysis

SHA256:     fa33b75a4e095d6865420c7bd27d7233d7a0653896eb59611f3166466bbfb64a
File name:     1
Detection ratio:     4 / 61
Analysis date:     2017-03-24 23:53:30 UTC ( 1 minute ago )

Antivirus     Result     Update
CrowdStrike Falcon (ML)     malicious_confidence_100% (D)     20170130
Endgame     malicious (moderate confidence)     20170317
Invincea     worm.win32.kasidet.f     20170203
McAfee-GW-Edition     BehavesLike.Win32.ObfusRansom.dc     20170324

 

 

2017-03-24 21:59:48.601287 IP 192.168.1.102.53097 > 54.145.185.110.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /search.php HTTP/1.1
E..M{*@….r…f6..n.i.P+….Y..P…….GET /search.php HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: lobsterscrewallt.top
Connection: Keep-Alive

2017-03-24 22:00:43.944049 IP 192.168.1.102.58976 > 149.202.64.0.6892: UDP, length 27
E..7………..f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944056 IP 192.168.1.102.58976 > 149.202.64.1.6892: UDP, length 27
E..7wM….,….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944104 IP 192.168.1.102.58976 > 149.202.64.2.6892: UDP, length 27
E..7C…..`1…f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944170 IP 192.168.1.102.58976 > 149.202.64.3.6892: UDP, length 27
E..7f…..=….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944174 IP 192.168.1.102.58976 > 149.202.64.4.6892: UDP, length 27
E..7Z^….I{…f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944247 IP 192.168.1.102.58976 > 149.202.64.5.6892: UDP, length 27
E..7?…..c….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944250 IP 192.168.1.102.58976 > 149.202.64.6.6892: UDP, length 27
E..7k…..8….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944321 IP 192.168.1.102.58976 > 149.202.64.7.6892: UDP, length 27
E..7………..f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944372 IP 192.168.1.102.58976 > 149.202.64.8.6892: UDP, length 27
E..7m+….6….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944376 IP 192.168.1.102.58976 > 149.202.64.9.6892: UDP, length 27
E..7
……0…f..@  .`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944445 IP 192.168.1.102.58976 > 149.202.64.10.6892: UDP, length 27
E..7`…..CJ…f..@
.`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944448 IP 192.168.1.102.58976 > 149.202.64.11.6892: UDP, length 27
E..79…..j….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944520 IP 192.168.1.102.58976 > 149.202.64.12.6892: UDP, length 27
E..7E…..^8…f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944524 IP 192.168.1.102.58976 > 149.202.64.13.6892: UDP, length 27
E..7dB….?….f..@..`…#..2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944595 IP 192.168.1.102.58976 > 149.202.64.14.6892: UDP, length 27
E..7………..f..@..`…#.~2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944598 IP 192.168.1.102.58976 > 149.202.64.15.6892: UDP, length 27
E..7qx….2V…f..@..`…#.}2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944669 IP 192.168.1.102.58976 > 149.202.64.16.6892: UDP, length 27
E..7F…..]….f..@..`…#.|2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944672 IP 192.168.1.102.58976 > 149.202.64.17.6892: UDP, length 27
E..7a8….B….f..@..`…#.{2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944743 IP 192.168.1.102.58976 > 149.202.64.18.6892: UDP, length 27
E..7………..f..@..`…#.z2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944746 IP 192.168.1.102.58976 > 149.202.64.19.6892: UDP, length 27
E..7t…../<…f..@..`…#.y2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944804 IP 192.168.1.102.58976 > 149.202.64.20.6892: UDP, length 27
E..7pE….3….f..@..`…#.x2021bcf6b65b0091c5010000097
2017-03-24 22:00:43.944855 IP 192.168.1.102.58976 > 149.202.64.21.6892: UDP, length 27
E..7    ……*…f..@..`…#.w2021bcf6b65b0091c5010000097