Details
Malware Family Sakula
Date Added April 24, 2016, 6:49 a.m.
MD5 b72a0ca2732c963dd1f1fc34fe6fbd95
Sha256 2f705b8ca9037dc7df076e6634ff99d6cbc7e435977d2844a16154bfec456dc9
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID 1227
2_Domain 184.22.175.13
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain citrix.vipreclod.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID 1227
Advertising
VirusTotal

48 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
citrix.vipreclod.com 173.255.244.151 US
184.22.175.13 US
Geo Location
Yara Rules
Comments
comments powered by Disqus