Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

NEW LOCKY RANSOMWARE VARIANT g46mbrrzpfszonuk.onion NO C2 PCAP file download traffic analysis

49 engines detected this file
SHA-256 ce48b278f8b823c25b222a33027248299bff3cdc2a6bdb0fdceecb0922dd790a
File name jhdsgvc74
File size 653 KB
Last analysis 2017-09-25 08:23:44 UTC
Community score -78

ESET-NOD32

Win32/Filecoder.Locky.L

F-Secure

Trojan.RanSerKD.12397146

Fortinet

W32/Locky.FWSD!tr.ransom

GData

Trojan.RanSerKD.12397146

Ikarus

Trojan.Win32.Filecoder

K7AntiVirus

Trojan ( 0051497b1 )

K7GW

Trojan ( 0051497b1 )

Kaspersky

Trojan-Ransom.Win32.Locky.ztt

2017-09-25 17:50:32.217002 IP 192.168.1.102.58790 > 75.75.75.75.53: 46557+ A? ar-inversiones.com. (36)
E..@…….:…fKKKK…5.,……………ar-inversiones.com…..
2017-09-25 17:50:32.397644 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [S], seq 2979498304, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4M5@…KU…f%.z4.’.P…@…… ……………..
2017-09-25 17:50:32.546454 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [.], ack 2169675136, win 256, length 0
E..(M6@…K`…f%.z4.’.P…A.R..P….w……..
2017-09-25 17:50:32.556435 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [P.], seq 0:490, ack 1, win 256, length 490: HTTP: GET /jhdsgvc74 HTTP/1.1
E…M7@…Iu…f%.z4.’.P…A.R..P…0C..GET /jhdsgvc74 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: ar-inversiones.com/jhdsgvc74
Connection: Keep-Alive

 

2017-09-25 17:52:34.606370 IP 192.168.1.102.50739 > 75.75.75.75.53: 28660+ A? lordmartins.com. (33)
E..=…….;…fKKKK.3.5.).-o…………lordmartins.com…..

 

2017-09-25 17:53:19.760276 IP 192.168.1.102.64353 > 75.75.75.75.53: 11634+ A? g46mbrrzpfszonuk.onion. (40)
E..D…….’…fKKKK.a.5.0..-r………..g46mbrrzpfszonuk.onion…..