Infamous Sality Malware Family Trojan Traffic Sample

By | June 19, 2015

Sality is a family of file infectors that’s been around for a long time. It seems the virus first appeared back in 2003, originating in Russia.

 

1970-01-01 -3:-59:-13.423508 IP 46.105.103.219.80 > 10.0.2.15.1071: Flags [P.], seq 1:71, ack 159, win 65535, length 70
E..n.6..@….ig.
….P./……b.P…….HTTP/1.1 404 Not Found
Content-Type: text/html
Connection: close
1970-01-01 -3:-58:-55.532428 IP 10.0.2.15.1083 > 46.105.103.219.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E…..@…W(
….ig..;.P+6…+..P…1G..GET /sobakavolos.gif?1f006=380946 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Host: 46.105.103.219
Cache-Control: no-cache
1970-01-01 -3:-58:-55.532503 IP 46.105.103.219.80 > 10.0.2.15.1083: Flags [.], ack 159, win 65535, length 0
E..(.\..@..!.ig.
….P.;.+..+6..P…….
1970-01-01 -3:-58:-52.544216 IP 46.105.103.219.80 > 10.0.2.15.1083: Flags [P.], seq 1:71, ack 159, win 65535, length 70
E..n.]..@….ig.
….P.;.+..+6..P…?…HTTP/1.1 404 Not Found
Content-Type: text/html
Connection: close
1970-01-01 -3:-58:-50.810254 IP 10.0.2.15.1088 > 46.105.103.219.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E…..@…W.
….ig..@.P…,.5..P….r..GET /sobakavolos.gif?204a4=264520 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Host: 46.105.103.219
Cache-Control: no-cache
1970-01-01 -3:-58:-50.810322 IP 46.105.103.219.80 > 10.0.2.15.1088: Flags [.], ack 159, win 65535, length 0
E..(.e..@….ig.
….P.@.5……P…{…
1970-01-01 -3:-58:-49.379840 IP 10.0.2.15.1089 > 61.95.152.112.6800: UDP, length 23
E..3……X.
…=_.p.A……. ……..= ….x”.Z..9
1970-01-01 -3:-58:-49.900755 IP 10.0.2.15.1090 > 189.46.37.34.6670: UDP, length 21
E..1……K.
…..%”.B…..N……”-..$cIp.s…=`
1970-01-01 -3:-58:-48.941795 IP 10.0.2.15.1091 > 93.114.121.71.6028: UDP, length 21
E..1……W-
…]ryG.C…..f……”-..$cIp.s…=`
1970-01-01 -3:-58:-47.465116 IP 10.0.2.15.1092 > 188.24.175.116.6024: UDP, length 40
E..D…….E
……t.D…0Q?..$..\……. .*..0..5..9……..~.H?..F
1970-01-01 -3:-58:-47.822135 IP 46.105.103.219.80 > 10.0.2.15.1088: Flags [P.], seq 1:71, ack 159, win 65535, length 70
E..n.f..@….ig.
….P.@.5……P…….HTTP/1.1 404 Not Found
Content-Type: text/html
Connection: close

Share Button

2 thoughts on “Infamous Sality Malware Family Trojan Traffic Sample

  1. Pingback: Margaret Cunniffe and David Brown are Australian Fraudsters based in Melbourne Victoria that deceive real business people via Synergize Vip Vip Club and Connect Network Fundraise but are nothing more than con-artists.

  2. Pingback: Joseph de Saram#Rhodium

Leave a Reply

Your email address will not be published. Required fields are marked *