![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| 2015-10-23_win3.biargus | 2016-12-05 22:27 | 3.4M | |
| 2015-10-23_win3.binetflow | 2016-12-05 22:27 | 1.2M | |
| 2015-10-23_win3.capinfos | 2015-10-23 12:28 | 752 | |
| 2015-10-23_win3.dnstop | 2015-10-23 12:28 | 2.1K | |
| 2015-10-23_win3.html | 2015-10-23 12:34 | 358K | |
| 2015-10-23_win3.json | 2015-10-23 12:34 | 5.3K | |
| 2015-10-23_win3.passivedns | 2015-10-23 12:28 | 3.2K | |
| 2015-10-23_win3.pcap | 2015-10-23 12:28 | 21M | |
| 2015-10-23_win3.rrd | 2015-10-23 12:28 | 8.0M | |
| 2015-10-23_win3.tcpdstat | 2016-12-05 22:27 | 1.7K | |
| 2015-10-23_win3.weblogng | 2016-06-15 17:44 | 2.2M | |
| Angelina_Jolie_Sex.scr | 2015-09-17 10:48 | 5.2M | |
| README.html | 2017-01-14 17:00 | 2.0K | |
| README.md | 2015-10-23 12:27 | 1.4K | |
| bro/ | 2017-08-31 09:45 | - | |
| fast-flux-dga-first-analysis.txt | 2017-01-14 17:00 | 5.1K | |
started win3
infected
We copied some fake documents in C:/Users/Administrator/Documents/ of the Administrator user to see if the malware is doing something with them. We copied using the shared folders, so no traffic was generated.
Up to now, nothing new happened
I rebooted the vm to see if something new would happen.
This is the time of the last communication with the CC. From this moment there were no packets send.
I will reboot the machine now to see what happens.
Rebooted the vm.
After the reboot it started working again. Not sure what happened.
Vm stopped