Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
2015-10-23_win3.biargus | 2016-12-05 22:27 | 3.4M | ||
2015-10-23_win3.binetflow | 2016-12-05 22:27 | 1.2M | ||
2015-10-23_win3.capinfos | 2015-10-23 12:28 | 752 | ||
2015-10-23_win3.dnstop | 2015-10-23 12:28 | 2.1K | ||
2015-10-23_win3.html | 2015-10-23 12:34 | 358K | ||
2015-10-23_win3.json | 2015-10-23 12:34 | 5.3K | ||
2015-10-23_win3.passivedns | 2015-10-23 12:28 | 3.2K | ||
2015-10-23_win3.pcap | 2015-10-23 12:28 | 21M | ||
2015-10-23_win3.rrd | 2015-10-23 12:28 | 8.0M | ||
2015-10-23_win3.tcpdstat | 2016-12-05 22:27 | 1.7K | ||
2015-10-23_win3.weblogng | 2016-06-15 17:44 | 2.2M | ||
Angelina_Jolie_Sex.scr | 2015-09-17 10:48 | 5.2M | ||
README.html | 2017-01-14 17:00 | 2.0K | ||
README.md | 2015-10-23 12:27 | 1.4K | ||
bro/ | 2017-08-31 09:45 | - | ||
fast-flux-dga-first-analysis.txt | 2017-01-14 17:00 | 5.1K | ||
started win3
infected
We copied some fake documents in C:/Users/Administrator/Documents/ of the Administrator user to see if the malware is doing something with them. We copied using the shared folders, so no traffic was generated.
Up to now, nothing new happened
I rebooted the vm to see if something new would happen.
This is the time of the last communication with the CC. From this moment there were no packets send.
I will reboot the machine now to see what happens.
Rebooted the vm.
After the reboot it started working again. Not sure what happened.
Vm stopped