Index of /publicDatasets/CTU-Malware-Capture-Botnet-317-1

	Name	Last modified	Size	Description
	Parent Directory		-
	NrGdrX	2016-06-10 21:59	4.9K
	NrGdrX.deofuscated.html	2016-06-11 10:47	7.4K
	README.html	2016-07-01 19:47	1.3K
	README.md	2016-06-11 10:39	1.1K
	Win-Normal-1.rrd	2016-07-12 07:30	8.0M
	bro/	2017-08-31 09:45	-
	capture1.capinfos	2016-07-01 19:47	0
	capture1.dnstop	2016-07-01 19:47	19K
	capture1.html	2017-09-25 15:04	96M
	capture1.json	2017-09-25 15:04	206M
	capture1.passivedns	2016-07-01 19:47	133K
	capture1.pcap	2016-07-12 07:30	452M
	capture1.weblogng	2016-07-01 19:47	213K

Description

• Probable Name: Trojan.Script.Heuristic-js.iacgm? (one of the files downloaded)
• URL: https://goo.gl/NrGdrX
  • Redirected to: Location: https://www.googledrive.com/host/0BxqXKTpruwHMOEVibmdrNjNwOWs
    • Redirected to: Location: https://26ca0f7cda8bfb6ae3d1301a29dcf2563946356e-www.googledrive.com/host/0BxqXKTpruwHMOEVibmdrNjNwOWs
    • Unzipped-Content-Md5: mwBrCUKydJkinbFZAeTArA==
    • X-Goog-Hash: crc32c=7kyNcw==
• Last file downloaded and included here: NrGdrX

Timeline

Sat Jun 11 01:31:14 CEST 2016

Started windows-normal-1

Sat Jun 11 01:34:00 CEST 2016

infected with https://goo.gl/NrGdrX

https://virustotal.com/en/url/f75f607099028e4799b45f9670f131b2480c87bcd1c687734ea51612201b5642/analysis/1465606509/

That downloads this file... https://virustotal.com/en/file/c974f5d5294849c3d7869dddda349a9f81a148644bb484245fb6837085aad8ff/analysis/1465603719/ Trojan.Script.Heuristic-js.iacgm

Sat Jun 11 01:42:40 CEST 2016

It is still doing stuff but I will install the extension.

Sat Jun 11 01:43:16 CEST 2016

Extension installed