Description
- Probable Name: Miuref
- MD5: 8dc809e0f25220e1d6b578eee2e80c33
- SHA1: 44a1c528c97771a3281422abbf4389bba171017d
- SHA256: e12a2c2b633ac12cec3e0d32950dcd5011d2aba4a9b95506c0fd3913446d7c22
- Password of zip file: infected
- This capture was not intercepted by the mitmproxy
Duration: 8.13 days
- VirusTotal
- HybridAnalysis
RobotHash
Files
- .capinfos
- .dnstop
- .mitm
- Mitm proxy interception file of http and https
- .passivedns
- .pcap
- .rrd
- .weblogng
- .exe.zip
- bro
- Folder with all the bro output files
- .biargus
- Argus binary file with all the flows
- .binetflow
- Argus text file with bidirectional flows. Report time 3600 secs.
- .uniargus
- Argus binary file. Unidirectional flows, 5s of report time.
- .uninetflow
- Argus text file with unidirectional flows. Report time 5 secs. TAB as column separator.
IP Addresses
- Infected host: 192.168.1.114
- Default GW: 192.168.1.2
Timeline
Wed Aug 3 20:41:06 CEST 2016
started win4
Wed Aug 3 20:43:42 CEST 2016
infected
Thu Aug 11 12:59:00 CEST 2016
power off
Analysis
The malware connects to servers using the port 443/TCP, but the traffic is not TLS or SSL.