#Description - Probable name: Cridex - This is a capture made in a home environment using two VirtualBox Windows - Infected VMs: - First VM - Name: Tiny71 - IP: 192.168.0.150 - Second VM - Name: Tiny72 - IP: 192.168.0.151 - MD5: Cridex - SHA1: 8101d94701466153c6407ca90d9b24c6b959a169 - SHA256: e43a7da30d7bdbec0919090d3a7419cafc781bb9bb6051b180f4776ce9025526 - Filename: 54bc2102bbfa0cd23d30b086082887f3.exe

Timeline

Sun Feb 23 09:20:09 CET 2014

started win14

Sun Feb 23 09:21:23 CET 2014

infected win14 with ../../../malware-to-test/shared-folder/54bc2102bbfa0cd23d30b086082887f3.exe: PE32 executable (GUI) Intel 80386, for MS Windows

Mon Apr 7 10:17:23 CEST 2014

Huge powerdown on Sun 06, at 10am… powering up now.

Thu May 29 17:45:45 CEST 2014

reset pcap in win14 because of full disk

Fri Jun 6 09:14:13 CEST 2014

Jin run out of space. I stopped it without desinfecting. The pcap is safe.

Fri Jun 13 11:15:29 CEST 2014

started win14 infected

Mon Jun 30 09:49:31 CEST 2014

poweroff because of change of ip in jin. Still infected.

Suricata run with rules updated on 2022-08-25