Index of /publicDatasets/CTU-Malware-Capture-Botnet-156-1

	Name	Last modified	Size	Description
	Parent Directory		-
	2016-29-4_capture-win4.pcap	2016-04-29 21:31	57M
	2016-29-4_capture-win4.rrd	2016-04-29 21:33	8.0M
	2016-29-4_capture-win4.dnstop	2016-04-29 21:34	4.5K
	2016-29-4_capture-win4.passivedns	2016-04-29 21:34	3.5K
	2016-29-4_capture-win4.capinfos	2016-04-29 21:34	761
	2016-29-4_capture-win4.json	2016-04-29 21:36	2.1K
	2016-29-4_capture-win4.html	2016-04-29 21:36	352K
	README.md	2016-05-01 12:57	866
	5aef49f8e68a57d8e526042b8d913c14.exe.zip	2016-05-28 12:53	499K
	2016-29-4_capture-win4.weblogng	2016-06-15 19:07	421
	2016-29-4_capture-win4.tcpdstat	2016-09-03 16:53	1.8K
	2016-29-4_capture-win4.biargus	2016-12-05 22:26	624K
	2016-29-4_capture-win4.binetflow	2016-12-05 22:26	324K
	fast-flux-dga-first-analysis.txt	2017-01-13 22:18	17K
	README.html	2017-01-13 22:18	1.2K
	bro/	2017-08-31 09:45	-

Description

• Probably Name: Trojan.Regin.B.sm
• MD5: 5aef49f8e68a57d8e526042b8d913c14
  
• SHA1: 6f7422880e08f4c7ae6d904308e6ee49b5abc509
  

• SHA256: f6bd44d3511daa361d7bca7cb55f362b9212c40a3260f7eca14232053e1be2d6

• VirusTotal
• HybridAnalysis

• RobotHash

Timeline

Mon Apr 4 23:19:34 CEST 2016

started win4

Mon Apr 4 23:23:59 CEST 2016

infected

Tue Apr 4 07:40:00 CEST 2016 approx

The win machine stop responding

Tue Apr 5 10:11:26 CEST 2016

VM reseted using the same pcap

Fri Apr 29 21:32:53 CEST 2016

power off