Details
Malware Family Sakula
Date Added April 23, 2016, 3 a.m.
MD5 bf0dcf47a0b2604ca3aa22037730477a
Sha256 deb1019ac68ad9947a9b02ecc0f788c4d750e02c15fe52f351a3021fb51e4d30
Robot Robots lovingly delivered by robohash.org
Config Sections
2_Copy File Name MediaCenter.exe
2_URI GET2 File /viewphoto.asp
1_Copy File Name MediaCenter.exe
1_Waiting Time 30000
1_URI GET3 File newimage.asp
2_URI GET1 Folder /photo/
1_URI GET1 Folder /photo/
2_Campaign ID 1227
2_Domain 184.22.175.13
2_URI GET3 Arg imageid
2_Copy File Path %Temp%\MicroMedia
1_Copy File Path %Temp%\MicroMedia
1_AutoRun Key MicroMedia
2_URI GET3 File newimage.asp
2_AutoRun Key MicroMedia
2_Waiting Time 30000
1_Domain citrix.vipreclod.com
1_URI GET2 File /viewphoto.asp
1_URI GET3 Arg imageid
1_Campaign ID 1227
Advertising
VirusTotal

46 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
citrix.vipreclod.com 173.255.244.151 US
184.22.175.13 US
Geo Location
Yara Rules
Comments
comments powered by Disqus