Details
Malware Family Sakula
Date Added April 24, 2016, 6:49 a.m.
MD5 b5d4b2acb118fb91ffcf15dbfb68f397
Sha256 e50fb1323a8c9374b4cc5c90c6a10ec702e9b041d03fa5ef591ada9e2554b19e
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID 1227
2_Domain 184.22.175.13
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain citrix.vipreclod.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID 1227
Advertising
VirusTotal

47 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
citrix.vipreclod.com 173.255.244.151 US
184.22.175.13 US
Geo Location
Yara Rules
Comments
comments powered by Disqus