Timeline

• Probably: Miuref Malware
• MD5: 3b1756229e4bb6ad5f8859ff32d0077e
  
• VirusTotal
• Robohash

Tue Jun 9 11:09:27 CEST 2015

started already infected

Fri Jun 11 15:00:00 CEST 2015 (approx)

The bot stop sending packets from the malware. There are only packets from the windows.... Don't know what happened. The vm is running perfectly, and there were no errors.

Fri Jun 12 10:00:32 CEST 2015

To see what happens I restarted the Windows (not the vm).

Fri Jun 12 10:03:24 CEST 2015

The bot started again to do stuff with the Microsoft domain, so it was infected. I wonder what happened.

Tue Jun 14 ~12:00 CEST 2015

The bot stop sending packests again. We figure it out that the malware works for 2 days and then stops.

Tue Jun 16 13:37:14 CEST 2015

We are restarting it again and keeping the same pcap

Fri Jun 19 09:23:04 CEST 2015

poweroff