Index of /publicDatasets/CTU-Malware-Capture-Botnet-149-1

	Name	Last modified	Size	Description
	Parent Directory		-
	2015-12-09_capture-win4.pcap	2015-12-08 08:17	201M
	2015-12-09_capture-win4.rrd	2015-12-09 12:03	8.0M
	README.md	2015-12-09 12:04	881
	2015-12-09_capture-win4.dnstop	2015-12-09 12:04	23K
	2015-12-09_capture-win4.passivedns	2015-12-09 12:04	2.2M
	2015-12-09_capture-win4.capinfos	2015-12-09 12:06	765
	2015-12-09_capture-win4.json	2015-12-09 12:07	391K
	2015-12-09_capture-win4.html	2015-12-09 12:07	887K
	2015-12-09_capture-win4.biargus	2015-12-12 18:51	105M
	2015-12-09_capture-win4.binetflow	2015-12-12 18:51	93M
	e4f7fa6a0846e4649cc41d116c40f97835d3bb7d3d0391d3540482f077aa4493.exe.zip	2015-12-16 10:26	1.0M
	2015-12-09_capture-win4.weblogng	2016-06-15 17:53	111K
	2015-12-09_capture-win4.tcpdstat	2016-10-11 20:10	1.8K
	2015-12-09_capture-win4.netflow5	2016-11-04 19:10	35M
	fast-flux-dga-first-analysis.txt	2017-01-14 17:00	39M
	README.html	2017-01-14 17:00	1.2K
	bro/	2017-08-31 09:45	-

Description

• Probable Name: Kelihos
• MD5: 990e5daa285f5c9c6398811edc68a659
  
• SHA1: e1f7cf8becf38ac1d3bfd8f744df370c5b988fc3
  

• SHA256: e4f7fa6a0846e4649cc41d116c40f97835d3bb7d3d0391d3540482f077aa4493

• VirusTotal
• HybridAnalysis

• RobotHash

Timeline

Sat Dec 5 12:31:18 CET 2015

started win4

Sat Dec 5 12:33:32 CET 2015

Infected sucessfully.

Wed Dec 7 08:20:00 CET 2015 (approx)

Something happened because the bot stop sending traffic. Completely. I don't know why it happened.

Wed Dec 9 11:27:11 CET 2015

I'm stopping the vm