Description

• Probable Name: Vawtrak (at the begging there is some normal traffic)
• MD5: c5d81a096cbc34edd0046e33cffbe070
• SH1: 950f56462ac46d1e698bae4b62bb82f3a5c385b1
• SHA256: 34d8dc64e8e425b5a78799ee124f43c8b4045f611e5187d8266abda6dfb50e45
• Zip password: infected

• Infected IP: 10.0.2.200

• VirusTotal
• HybridAnalysis

• RobotHash

Timeline

Sat Mar 19 18:56:07 CET 2016

Started win normal 2

Sat Mar 19 18:57:11 CET 2016

Open googlechrome

Sat Mar 19 19:00:32 CET 2016

search "test page for me" in google

Sat Mar 19 19:01:11 CET 2016

Accessed normally a link in www.linkedin.com

Sat Mar 19 19:02:03 CET 2016

infected

Sat Mar 19 19:05:14 CET 2016

I reopened the chrome browser because it was closed

Tue Mar 22 15:47:21 CET 2016

Started the mail sink daemon

Fri Jul 1 19:53:49 CEST 2016

Rebooted because since 2016 May 20 that it is not sending packets

Fri Jul 1 20:04:22 CEST 2016

Poweroff