Details
Malware Family Xtreme
Date Added Jan. 6, 2018, 6:25 a.m.
MD5 0ad58f9cc9627b4613dad681d9149c40
Sha256 ac2d815dd7b93133398c6a97af0e68bf1e29e1bd7bf52fc555f8b6ccf47f4c5b
Robot Robots lovingly delivered by robohash.org
Config Sections
Group ROTMG
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex 31TUF7Mci
HKLM ava
Domain3 :0
Domain2 carla47.duckdns.org:5000
Domain1 carla47.duckdns.org:3030
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir InstallDiR
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value ROTMG
ID Realm
Domain20 :0
FTP UserName ftpuser
Custom Reg Name GoogleUpdate
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {LX565AS1-823N-43FF-LIR7-7P6A5MB8BMP1}
HKCU Explorer
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus