Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
Binetflows-per-hour/ | 2016-10-10 13:54 | - | ||
bro/ | 2017-08-31 09:45 | - | ||
suricata/ | 2019-03-23 14:41 | - | ||
2015-03-19_winnormal.capinfos | 2016-03-19 13:47 | 754 | ||
README.md | 2017-02-14 09:31 | 1.7K | ||
README.html | 2017-02-14 09:31 | 2.4K | ||
2015-03-19_winnormal.dnstop | 2016-03-19 13:47 | 20K | ||
2015-03-19_winnormal.passivedns | 2016-03-19 13:47 | 171K | ||
2015-03-19_winnormal.binetflow.after.infection | 2016-10-04 16:38 | 465K | ||
2015-03-19_winnormal.weblogng | 2016-06-15 18:04 | 498K | ||
2015-03-19_winnormal.binetflow.before.infection | 2016-10-04 16:38 | 942K | ||
2015-03-19_winnormal.binetflow | 2016-08-29 06:38 | 1.4M | ||
2015-03-19_winnormal.biargus | 2016-08-29 06:38 | 1.5M | ||
a0840a39ec90e1f603e2f4be42a87026.exe.zip | 2016-05-28 12:48 | 3.3M | ||
Win-Normal-1.rrd | 2016-03-19 13:42 | 8.0M | ||
2015-03-19_winnormal.html | 2016-03-19 13:48 | 61M | ||
2015-03-19_winnormal.json | 2016-03-19 13:48 | 123M | ||
2015-03-19_winnormal.pcap | 2016-03-19 13:42 | 175M | ||
SHA256: be3530e4cc04333c113d4b06c6010ef040814e977f37cc6a6b59556e36d9c920
RobotHash
In order to better analyze this mixed capture, we also executed the malware alone, without any user interaction. The capture can be found here. Whoever please note that the malware capture was done quite some time after the mixed capture, so some differences may appear. According to this capture, the malware seems to do only few connections.
Start win normal 1
Infected with a0840a39ec90e1f603e2f4be42a87026.exe
After navigating some pages, leave the google chrome with an empty tab
Close dropbox
Close skype
Type something in the google chrome bar
Close chrome
Power off windows