Description

• Probable Name:
• MD5: 234e1bb765bd2b4e5f5e563b174d6ccb
• SHA1: e56c969ca5f98c4c0bed73790cf80ae872d06ead
• SHA256: 3444097d3b13676438b8e9f1c9ed17e59ecf4a60d90c41efaeb76ac50c64c42a
• Password of zip file: infected

• Duration: 15 days 14:31:28.

• VirusTotal
• HybridAnalysis

• RobotHash

Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .mitm
  • Mitm proxy interception file of http and https
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• .rrd
  • RRD file for graphs
• .weblogng
  • WEB log of http traffic
• .exe.zip
  • Original malware file
• bro
  • Folder with all the bro output files
• .biargus
  • Argus binary file with all the flows
• .binetflow
  • Argus text file with bidirectional flows. Report time 3600 secs.

IP Addresses

- Infected host: 10.0.2.112
- Default GW: 10.0.2.1

Timeline

Tue Jun 21 23:42:50 CEST 2016

Started win12.

Tue Jun 21 23:54:14 CEST 2016

infected

Fri Jul 1 19:42:34 CEST 2016

Click on the OK of the errors

Thu Jul 7 14:14:18 CEST 2016

power of