Index of /publicDatasets/CTU-Malware-Capture-Botnet-130-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]96afb0f1ac3c437e663cd6f288eb929bc20ffa41b2ee09c7aa0b30335e7d7ad6.exe.zip2015-12-16 10:26 13K 
[   ]2015-07-25_capture-win4.biargus2015-07-25 14:03 4.5M 
[   ]2015-07-25_capture-win4.binetflow2015-07-25 14:03 3.2M 
[   ]2015-07-25_capture-win4.capinfos2015-07-25 13:44 763  
[   ]2015-07-25_capture-win4.dnstop2015-08-28 21:09 1.9K 
[TXT]2015-07-25_capture-win4.html2015-07-25 14:03 353K 
[   ]2015-07-25_capture-win4.json2015-07-25 14:03 2.5K 
[   ]2015-07-25_capture-win4.passivedns2015-08-28 21:09 1.3K 
[   ]2015-07-25_capture-win4.pcap2015-07-25 13:41 7.7M 
[   ]2015-07-25_capture-win4.rrd2015-07-25 13:43 8.0M 
[   ]2015-07-25_capture-win4.tcpdstat2016-12-05 22:29 1.7K 
[   ]2015-07-25_capture-win4.uniargus2016-12-05 22:29 7.1M 
[   ]2015-07-25_capture-win4.uninetflow2016-12-05 22:29 2.6M 
[   ]2015-07-25_capture-win4.weblogng2016-06-15 17:38 1.5M 
[TXT]README.html2017-01-14 17:09 2.8K 
[TXT]README.md2015-07-25 14:17 2.7K 
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-14 17:09 2.9K 

Timeline

- Duration: 17 hours

Fri Jul 24 20:12:41 CEST 2015

Started win4

Fri Jul 24 20:17:23 CEST 2015

Infected

It worked and started to send HTTP request.

Sat Jul 25 13:41:43 CEST 2015

Poweroff

Analysis

Some of the info send by the malware

F=9474CF3CF13CC6D1
Host Name:                 WIN4
OS Name:                   Microsoft Windows 7 Ultimate 
OS Version:                6.1.7600 N/A Build 7600
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:   
Product ID:                00426-OEM-8992662-00497
Original Install Date:     5/25/2012, 15:44:43
System Boot Time:          7/24/2015, 10:58:40
System Manufacturer:       innotek GmbH
System Model:              VirtualBox
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                       [01]: x64 Family 6 Model 44 Stepping 2 GenuineIntel ~3204 Mhz
BIOS Version:              innotek GmbH VirtualBox, 12/1/2006
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory:     256 MB
Available Physical Memory: 58 MB
Virtual Memory: Max Size:  822 MB
Virtual Memory: Available: 554 MB
Virtual Memory: In Use:    268 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    Workgroup
Logon Server:              \\WIN4
Hotfix(s):                 N/A
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Desktop Adapter
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.0.2.104
                                 [02]: fe80::c06e:84b6:bcb8:a750