Index of /publicDatasets/CTU-Malware-Capture-Botnet-64

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[DIR]bro/2017-08-31 09:45 -  
[   ]2014-04-07_capture-win6.weblogng2016-06-15 18:21 583  
[TXT]README.md2015-08-29 13:21 726  
[   ]2014-04-07_capture-win6.capinfos2015-08-29 16:45 763  
[TXT]README.html2017-01-16 20:27 917  
[   ]2014-04-07_capture-win6.tcpdstat2017-01-16 20:27 1.7K 
[   ]2014-04-07_capture-win6.passivedns2015-08-29 13:21 2.1K 
[   ]2014-04-07_capture-win6.dnstop2015-08-29 13:21 2.1K 
[TXT]fast-flux-dga-first-analysis.txt2017-01-16 20:27 3.4K 
[   ]2014-04-07_capture-win6.binetflow2017-01-16 20:27 18K 
[   ]2014-04-07_capture-win6.biargus2017-01-16 20:27 28K 
[   ]2014-04-07_capture-win6.json2015-04-10 10:08 302K 
[TXT]2014-04-07_capture-win6.html2015-04-10 10:08 523K 
[   ]62f06f0b41b5b9945036c69d2419f99a.zip2014-03-30 23:10 658K 
[   ]2014-04-07_capture-win6.pcap2014-04-06 09:47 1.6M 
[   ]2014-04-07_capture-win6.rrd2014-04-07 10:57 8.0M 

Analysis

VirusTotal Link of the exe - The exe has MD5: a63d2a94bb30d6926360933b13af5291 - The zip file has another MD5: 62f06f0b41b5b9945036c69d2419f99a

Timeline

Sun Mar 30 23:04:44 CEST 2014

started win6

Sun Mar 30 23:06:40 CEST 2014

infected with 62f06f0b41b5b9945036c69d2419f99a.zip inside is the executable file gruppo.txt                                                                                          .exe

Mon Apr 7 10:17:23 CEST 2014

Huge powerdown on Sun 06, at 10am... powering up now.