Index of /publicDatasets/CTU-Malware-Capture-Botnet-188-3

	Name	Last modified	Size	Description
	Parent Directory		-
	2016-10-20_win9.biargus	2016-10-20 17:18	520M
	2016-10-20_win9.binetflow	2016-10-20 17:19	502M
	2016-10-20_win9.capinfos	2016-10-20 16:57	1.1K
	2016-10-20_win9.dnstop	2016-10-20 16:53	9.2K
	2016-10-20_win9.mitm.weblog	2017-01-11 12:55	24K
	2016-10-20_win9.netflow5	2016-11-07 20:37	114M
	2016-10-20_win9.passivedns	2016-10-20 16:53	19K
	2016-10-20_win9.pcap	2016-10-20 16:35	929M
	2016-10-20_win9.tcpdstat	2016-10-20 16:58	2.1K
	2016-10-20_win9.weblogng	2016-10-20 16:58	60M
	48616dd47e12e369feef53a57830158a.exe.zip	2016-10-20 19:02	7.5M
	README.html	2017-01-11 12:55	2.0K
	README.md	2016-10-20 17:15	1.4K
	bro/	2017-08-31 09:45	-
	mitm.out	2016-09-23 15:27	946K

Description

• Probable Name: Trojan.Rasftuby
• MD5: 48616dd47e12e369feef53a57830158a
• SHA1: e411689b8c9192b421b9864087f8b7bf91491465
• SHA256: eb57bcc950cdbfe87743a6335a19aeced27cd9b800da01cd5cf899c7881d6af6
• Password of zip file: infected

• Duration: 27 days 01:15:11

• VirusTotal
• HybridAnalysis

• RobotHash

Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .mitm
  • Mitm proxy interception file of http and https
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• .rrd
  • RRD file for graphs
• .weblogng
  • WEB log of http traffic
• .exe.zip
  • Original malware file
• bro
  • Folder with all the bro output files
• .biargus
  • Argus binary file with all the flows
• .binetflow
  • Argus text file with bidirectional flows. Report time 3600 secs.

IP Addresses

- Infected host: 192.168.1.119
- Default GW: 192.168.1.2

Timeline

Fri Sep 23 15:20:37 CEST 2016

started win9

Fri Sep 23 15:26:32 CEST 2016

infected

Fri Sep 23 15:27:29 CEST 2016 "Application error" .. clicked "Finish"

Thu Oct 20 16:35:44 CEST 2016

power off