Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
bro/ | 2017-08-31 09:45 | - | ||
2016-06-02_capture-win6.capinfos | 2016-06-03 14:15 | 763 | ||
README.md | 2016-06-03 14:14 | 1.1K | ||
README.html | 2017-01-13 22:08 | 1.5K | ||
2016-06-02_capture-win6.tcpdstat | 2016-09-03 16:52 | 1.8K | ||
2016-06-02_capture-win6.dnstop | 2016-06-03 14:15 | 3.0K | ||
2016-06-02_capture-win6.passivedns | 2016-06-03 14:15 | 3.5K | ||
fast-flux-dga-first-analysis.txt | 2017-01-13 22:08 | 5.7K | ||
2016-06-02_capture-win6.weblogng | 2016-06-15 17:38 | 21K | ||
2016-06-02_capture-win6.binetflow | 2016-12-05 22:25 | 35K | ||
2016-06-02_capture-win6.biargus | 2016-12-05 22:25 | 82K | ||
79acc1b8aaac2d3837e2f16e7a58ed658dbeb8802b6a32db85c0644ccc9039fa.exe.zip | 2016-06-03 14:15 | 100K | ||
2016-06-02_capture-win6.html | 2016-06-03 14:17 | 877K | ||
2016-06-02_capture-win6.json | 2016-06-03 14:17 | 890K | ||
2016-06-02_capture-win6.pcap | 2016-06-03 14:13 | 1.5M | ||
2016-06-02_capture-win6.rrd | 2016-06-03 14:14 | 8.0M | ||
IP of infected machine: 10.0.2.106
RobotHash
started win 6
infected succesful
At 04:11:46.102078 (capture time) there was no more connections to the CC. I will try to reboot it.
restarted, keep the same pcap
The malware is running again.
restarted because it was not sending
Poweroff because it stop sending again and it did not recover.