Details
Robot
FileName
Malware Family Sakula
Date Added 2016-04-24 06:49:23
MD5 a8151c7f674f5076d953cc9e430883dc
Sha256 ebd7d5d3266f4631d65ab35f1652ea53842e861bcf9fa81ae523990d0ab56dbd
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
2_URI GET3 Arg imageid
2_URI GET2 File /viewphoto.asp
2_AutoRun Key MicroMedia
1_AutoRun Key MicroMedia
2_URI GET1 Folder /photo/
1_URI GET3 Arg imageid
1_Domain www.polarroute.com
1_URI GET3 File newimage.asp
2_Copy File Path %Temp%\MicroMedia
2_Domain www.northpoleroute.com
2_Campaign ID honeywell
1_Copy File Name MediaCenter.exe
1_URI GET1 Folder /photo/
1_URI GET2 File /viewphoto.asp
2_Copy File Name MediaCenter.exe
1_Copy File Path %Temp%\MicroMedia
1_Campaign ID honeywell
2_Waiting Time 30000
1_Waiting Time 30000
2_URI GET3 File newimage.asp
Virustotal

0 out of 0 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
northpoleroute.com www.northpoleroute.com 0