Details
Robot
FileName
Malware Family Sakula
Date Added 2016-03-20 03:00:03
MD5 3044c9807bcf2a68381908c47cb7e985
Sha256 2f1128365438c91472344bfe57f88a8f40e69005a23a2a3cca0e299bdb6d0331
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
2_URI GET3 Arg imageid
2_URI GET2 File /viewphoto.asp
2_AutoRun Key MicroMedia
1_AutoRun Key MicroMedia
2_URI GET1 Folder /photo/
1_URI GET3 Arg imageid
1_Domain citrix.vipreclod.com
1_URI GET3 File newimage.asp
2_Copy File Path %Temp%\MicroMedia
2_Domain 184.22.175.13
2_Campaign ID 1227
1_Copy File Name MediaCenter.exe
1_URI GET1 Folder /photo/
1_URI GET2 File /viewphoto.asp
2_Copy File Name MediaCenter.exe
1_Copy File Path %Temp%\MicroMedia
1_Campaign ID 1227
2_Waiting Time 30000
1_Waiting Time 30000
2_URI GET3 File newimage.asp
Virustotal

45 out of 57 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
184.22.175.13 US