Details
Malware Family Sakula
Date Added March 10, 2016, 3 a.m.
MD5 aa07dd8540788ab32c4e25cd1ef8ca05
Sha256 043f53f225b3b4e74533e80ddfd0889aef85ecf930732d105f2aeaef3955eea4
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID honeywell
2_Domain www.northpoleroute.com
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain www.polarroute.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID honeywell
Advertising
VirusTotal

46 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
www.polarroute.com polarroute.com 0
www.northpoleroute.com northpoleroute. 0
Geo Location
Yara Rules
Comments
comments powered by Disqus