Details
Malware Family Xtreme
Date Added April 8, 2017, 6:25 a.m.
MD5 0ae3161d144afd6c467d601947fd7601
Sha256 5137efa4e364d88e1f1852708601a2812f7d9d4af1b9303251ee4eb8c37b0940
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex N7iBVqJDiKkNPdowx
HKLM KLM
Domain3 :0
Domain2 vaisefuder.ddns.net:200
Domain1 vaisefuder.ddns.net:300
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir InstallDir
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value \Users
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {1P0FHA28-GSQ3-Y77P-O6N2-K0C8AP708O60}
HKCU HKCU
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus