Details
Malware Family Sakula
Date Added April 24, 2016, 6:49 a.m.
MD5 0bad14470a28d51225307c55fecd4d6f
Sha256 302f8832c2065929abf89a586d4024cb8528c306d1f8c08790cf7860afa9259c
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID 1227
2_Domain 184.22.175.13
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain citrix.vipreclod.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID 1227
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
citrix.vipreclod.com 173.255.244.151 US
184.22.175.13 US
Geo Location
Yara Rules
Comments
comments powered by Disqus