Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 086fe45e37aab6443e938b6bc4519294
Sha256 4b7f1d716decabec5fe68b0e062c3cab8aeeed7b326c0b5e1f17569ae4e8b110
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name Server.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex --((Mutex))--
HKLM KLM
Domain3 :0
Domain2 :0
Domain1 mjood-k-s-a.no-ip.biz:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir system32
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection notepad.exe
FTP Folder
Custom Reg Value
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {K8AM3J1W-8G6Y-RHAM-KP5E-Y72755AI52PF}
HKCU HKCU
Advertising
VirusTotal

58 out of 69 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus