Index of /publicDatasets/CTU-Malware-Capture-Botnet-130-1

	Name	Last modified	Size	Description
	Parent Directory		-
	96afb0f1ac3c437e663cd6f288eb929bc20ffa41b2ee09c7aa0b30335e7d7ad6.exe.zip	2015-12-16 10:26	13K
	2015-07-25_capture-win4.biargus	2015-07-25 14:03	4.5M
	2015-07-25_capture-win4.binetflow	2015-07-25 14:03	3.2M
	2015-07-25_capture-win4.capinfos	2015-07-25 13:44	763
	2015-07-25_capture-win4.dnstop	2015-08-28 21:09	1.9K
	2015-07-25_capture-win4.html	2015-07-25 14:03	353K
	2015-07-25_capture-win4.json	2015-07-25 14:03	2.5K
	2015-07-25_capture-win4.passivedns	2015-08-28 21:09	1.3K
	2015-07-25_capture-win4.pcap	2015-07-25 13:41	7.7M
	2015-07-25_capture-win4.rrd	2015-07-25 13:43	8.0M
	2015-07-25_capture-win4.tcpdstat	2016-12-05 22:29	1.7K
	2015-07-25_capture-win4.weblogng	2016-06-15 17:38	1.5M
	README.html	2017-01-14 17:09	2.8K
	README.md	2015-07-25 14:17	2.7K
	bro/	2017-08-31 09:45	-
	fast-flux-dga-first-analysis.txt	2017-01-14 17:09	2.9K

Timeline

• MD5 76cb79d267cee4b26780997f14042d1a
• Probable Name: MSIL/Spy.Agent
• VirusTotal
• HybridAnalysis

- Duration: 17 hours

Fri Jul 24 20:12:41 CEST 2015

Started win4

Fri Jul 24 20:17:23 CEST 2015

Infected

It worked and started to send HTTP request.

Sat Jul 25 13:41:43 CEST 2015

Poweroff

Analysis

Some of the info send by the malware

F=9474CF3CF13CC6D1
Host Name:                 WIN4
OS Name:                   Microsoft Windows 7 Ultimate 
OS Version:                6.1.7600 N/A Build 7600
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:   
Product ID:                00426-OEM-8992662-00497
Original Install Date:     5/25/2012, 15:44:43
System Boot Time:          7/24/2015, 10:58:40
System Manufacturer:       innotek GmbH
System Model:              VirtualBox
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                       [01]: x64 Family 6 Model 44 Stepping 2 GenuineIntel ~3204 Mhz
BIOS Version:              innotek GmbH VirtualBox, 12/1/2006
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory:     256 MB
Available Physical Memory: 58 MB
Virtual Memory: Max Size:  822 MB
Virtual Memory: Available: 554 MB
Virtual Memory: In Use:    268 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    Workgroup
Logon Server:              \\WIN4
Hotfix(s):                 N/A
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Desktop Adapter
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.0.2.104
                                 [02]: fe80::c06e:84b6:bcb8:a750