![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[IMG]](/icons/image2.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| training-capture-006.jpg | 2019-08-06 17:11 | 2.8M | |
| mitm.out | 2016-09-26 17:37 | 96M | |
| fast-flux-dga-first-analysis.txt | 2017-01-13 14:10 | 35K | |
| bro/ | 2017-08-31 09:45 | - | |
| README.md | 2017-10-30 21:43 | 1.6K | |
| README.html | 2017-10-30 21:43 | 2.3K | |
| 9597fc80f793bbeceed69be9b1344fdb.exe.zip | 2016-09-26 17:59 | 200K | |
| 2016-09-26_win7.weblogng | 2016-09-26 17:53 | 232 | |
| 2016-09-26_win7.tcpdstat | 2016-09-26 17:53 | 2.0K | |
| 2016-09-26_win7.rrd | 2016-09-26 17:40 | 8.0M | |
| 2016-09-26_win7.pcap | 2016-09-26 17:37 | 1.0G | |
| 2016-09-26_win7.passivedns | 2016-09-26 17:50 | 74K | |
| 2016-09-26_win7.netflow5 | 2016-11-08 21:17 | 32M | |
| 2016-09-26_win7.mitm.weblog | 2016-12-05 22:14 | 5.7M | |
| 2016-09-26_win7.dnstop | 2016-09-26 17:50 | 19K | |
| 2016-09-26_win7.capinfos | 2016-09-26 17:53 | 1.1K | |
| 2016-09-26_win7.binetflow | 2016-09-26 18:13 | 513M | |
| 2016-09-26_win7.biargus | 2016-09-26 18:12 | 491M | |
Duration : 24 days 03:52:22.
RobotHash
- Infected host: 192.168.1.117
- Default GW: 192.168.1.2started win7
executed the malware
nothing happendedexecuted the malware
nothing happendedstart IE
The malware started alone!!!The bot connected to a 443 port, but the domain is sinkholed sinkhole-01.sinkhole.tech
power off