RED3.exe bhvaticanskeys.com 181.129.104.139.449 Trickbot Malware Banking Trojan PCAP download traffic sample

JA3 Fingerprint: f735bbc6b69723b9df7b0e7ef27872af First seen: 2018-10-02 18:04:16 UTC Last seen: 2020-01-15 05:53:57 UTC Status: Blacklisted Malware samples: 1’816 Destination IPs: 193 Malware: TrickBot Listing date: 2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.168.86.25.56294 > 94.23.64.40.80: Flags [P.], seq 1:444, ack 1, win 64240, length 443: HTTP: GET /RED3.exe HTTP/1.1 E…..@…;…V.^.@(…P-C.>.ca.P…ch..GET /RED3.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: bbvaticanskeys.com Connection: Keep-Alive Cookie: SERVERID104280=112034|XiBGX|XiBGX 2020-01-16 06:18:01.968837 IP 94.23.64.40.80 > 192.168.86.25.56294: Flags [.], seq 1:1461, ack 444, […]

Trickbot Kovter TrickLoader TrickLoader Malware Trojan PCAP File Download Traffic Sample 91.219.28.77.443

https://www.symantec.com/security_response/writeup.jsp?docid=2016-101811-2408-99&tabid=2 SHA256: 069ac0b81c552fba6ab768759249691d407ad8b67a98bf82548a951f468f629b File name: safafaasfasdddd.exe Detection ratio: 33 / 56 Analysis date: 2016-11-02 03:15:50 UTC ( 0 minutes ago ) Ad-Aware Trojan.GenericKD.3660757 20161102 AegisLab Heur.Advml.Gen!c 20161102 AhnLab-V3 Trojan/Win32.Kovter.N2144515957 20161101 Arcabit Trojan.Generic.D37DBD5 20161102 Avast Win32:Malware-gen 20161102 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161101 BitDefender Trojan.GenericKD.3660757 20161102 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024 Cyren W32/Trojan.TLFS-2881 20161102 DrWeb Trojan.DownLoader22.63827 20161102 ESET-NOD32 Win32/Agent.RYE 20161101 Emsisoft Trojan.GenericKD.3660757 (B) 20161102 F-Secure Trojan.GenericKD.3660757 20161102 Fortinet W32/Trickster.R!tr 20161102 GData Trojan.GenericKD.3660757 20161102 Invincea virus.win32.virut.bo 20161018 K7GW Trojan ( 004f5bd31 ) 20161102 Kaspersky Trojan.Win32.Trickster.r 20161102 Malwarebytes Trojan.TrickBot 20161102 McAfee Artemis!9018D65EBD6B 20161102   2016-11-01 21:35:48.411099 IP 192.168.1.102.51121 > 203.199.134.21.80: Flags [P.], seq 0:297, ack […]