HISTORICAL Malware Sample – BitCoin Miner – Traffic Sample Indicators Analysis

By | July 25, 2015

2012-10-04 09:27:19.695169 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [P.], seq 1:711, ack 71, win 64240, length 710

E…………!o…..#(.K?.1….’P…….{“error”: null, “id”: 1, “result”: [[“mining.notify”, “ae6812eb4cd7735a302a8a9dd95cf71f”], “f80e8a14”, 4]}

{“params”: [63], “id”: null, “method”: “mining.set_difficulty”}

{“params”: [“8de”, “72216db0a2e9151d8b8172470729848cbeecf1080cb8f37f65d047efb2c749f3”, “01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2303122606062f503253482f04a5c4035208”, “092f7374726174756d2f000000000100fb422a010000001976a9143c5adb00f1457309f084675941f114b8c09b6af188ac00000000”, [“fc25ce83ea8ce3200ed2f56e7cf1ec43a8837118ddd965759c8fbe4d12a04f82”, “ee78512684f4bb06bcbed1aa01703e10bbb733dc16cccaf387df0b18f656f234”], “00000001”, “1b4e2a39”, “5203c4a4”, true], “id”: null, “method”: “mining.notify”}

 

2012-10-04 09:27:19.695655 IP 192.168.248.165.1099 > 178.33.111.19.9000: Flags [P.], seq 71:144, ack 711, win 63530, length 73

E..q.g@……….!o..K#(…’?.4.P..* V..{“id”: 2, “method”: “mining.authorize”, “params”: [“hitmanuk.4”, “123”]}

 

2012-10-04 09:27:19.698172 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [.], ack 144, win 64240, length 0

E..(………!o…..#(.K?.4….pP…y~……..

2012-10-04 09:27:19.776772 IP 4.2.2.2.53 > 192.168.248.165.53: 50660 1/0/0 A 178.33.111.19 (48)

E..L……………..5.5.8……………mine.pool-x.eu………………!o.

2012-10-04 09:27:19.781656 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [P.], seq 711:752, ack 144, win 64240, length 41

E..Q…….|.!o…..#(.K?.4….pP…….{“error”: null, “id”: 2, “result”: true}

 

2012-10-04 09:27:19.882237 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [P.], seq 711:752, ack 144, win 64240, length 41

E..Q…….{.!o…..#(.K?.4….pP…….{“error”: null, “id”: 2, “result”: true}

 

2012-10-04 09:27:19.882265 IP 192.168.248.165.1099 > 178.33.111.19.9000: Flags [.], ack 752, win 63489, length 0

E..(.h@……….!o..K#(…p?.4.P…|D..

2012-10-04 09:27:54.224215 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [P.], seq 752:1292, ack 144, win 64240, length 540

E..D………!o…..#(.K?.4….pP….+..{“params”: [“8df”, “72216db0a2e9151d8b8172470729848cbeecf1080cb8f37f65d047efb2c749f3”, “01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2303122606062f503253482f04e1c4035208”, “092f7374726174756d2f000000000100fb422a010000001976a9143c5adb00f1457309f084675941f114b8c09b6af188ac00000000”, [“fc25ce83ea8ce3200ed2f56e7cf1ec43a8837118ddd965759c8fbe4d12a04f82”, “ee78512684f4bb06bcbed1aa01703e10bbb733dc16cccaf387df0b18f656f234”], “00000001”, “1b4e2a39”, “5203c4e0”, false], “id”: null, “method”: “mining.notify”}

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *