ANSWERS – Malware PCAP Traffic Analysis – Can you name the different types of malware? 2016-08-27

By | August 27, 2016

Here are the files that were executed to generate the traffic and pcap in the previous post:

 

Eorezo – sunnyday.exe

https://malwr.com/analysis/YzcxYTM0MzYxNGUyNDBjZjkyZjdlYzAyNzdkMTg5OWU/
https://virustotal.com/en/file/d1ae1454cca36dce4a687846ec394c542b13e829755c40653fbd495d95b02197/analysis/1472172878/

Farfli – netstream.exe

https://virustotal.com/en/file/969063116b1c717cd07015e04ecd6c2a6ad883da7dbcd2a4cd157100fa9c7b50/analysis/1472173093/

Citidel

https://virustotal.com/en/file/0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd/analysis/1472173251/

SHA256:     0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd
File name:     PROTESTO.exe
Detection ratio:     40 / 54
Analysis date:     2016-08-26 01:00:51 UTC ( 0 minutes ago )

Banking Trojan CRDF.Trojan.Trojan-Spy.Banker.Citadel109468358

SHA256:     3903a5ba4a893621c272bde6bfc9407b8f4595e8965b907e22fe4a1ac9f7b535
File name:     us.exe
Detection ratio:     47 / 56
Analysis date:     2016-08-26 01:03:48 UTC ( 0 minutes ago )

ZBOT / Banking Trojan

SHA256:     a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
File name:     inst1.exe
Detection ratio:     38 / 53

Papras / Password Stealer / Banking Trojan
Eorezo – sunnyday.exe

https://malwr.com/analysis/YzcxYTM0MzYxNGUyNDBjZjkyZjdlYzAyNzdkMTg5OWU/
https://virustotal.com/en/file/d1ae1454cca36dce4a687846ec394c542b13e829755c40653fbd495d95b02197/analysis/1472172878/

Farfli – netstream.exe

https://virustotal.com/en/file/969063116b1c717cd07015e04ecd6c2a6ad883da7dbcd2a4cd157100fa9c7b50/analysis/1472173093/

Citidel

https://virustotal.com/en/file/0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd/analysis/1472173251/

SHA256:     0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd
File name:     PROTESTO.exe
Detection ratio:     40 / 54
Analysis date:     2016-08-26 01:00:51 UTC ( 0 minutes ago )

Banking Trojan CRDF.Trojan.Trojan-Spy.Banker.Citadel109468358

SHA256:     3903a5ba4a893621c272bde6bfc9407b8f4595e8965b907e22fe4a1ac9f7b535
File name:     us.exe
Detection ratio:     47 / 56
Analysis date:     2016-08-26 01:03:48 UTC ( 0 minutes ago )

ZBOT / Banking Trojan

SHA256:     a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
File name:     inst1.exe
Detection ratio:     38 / 53

Papras / Password Stealer / Banking Trojan

SHA256:     ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
File name:     inst3.exe
Detection ratio:     39 / 55
Analysis date:     2016-08-26 01:08:30 UTC ( 0 minutes ago )

https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Eorezo/detailed-analysis.aspx

SHA256:     ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
File name:     inst3.exe
Detection ratio:     39 / 55
Analysis date:     2016-08-26 01:08:30 UTC ( 0 minutes ago )

https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Eorezo/detailed-analysis.aspx

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *