Details
Malware Family Sakula
Date Added April 24, 2016, 6:49 a.m.
MD5 b56de6c2fcecc400173cc7ee4e2f4cb5
Sha256 eeae369e71a84305d85606dda9ffaf3eb2d059c3c1efbd59f800a599360f0164
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID 1227
2_Domain 184.22.175.13
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain citrix.vipreclod.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID 1227
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
citrix.vipreclod.com 173.255.244.151 US
184.22.175.13 US
Geo Location
Yara Rules
Comments
comments powered by Disqus