Details
Malware Family Xtreme
Date Added March 23, 2015, 8:29 p.m.
MD5 0cd368b36a24a368298041421d31b32f
Sha256 95119b998d50d47a8060affacd111fa49f8a4581638f15a2fe4116e775ecca3c
Robot Robots lovingly delivered by robohash.org
Config Sections
CampaignID cyb3r1
FTPPassword adious
Version 2.9
Mutex htezZcxqdDCm75M
HKLM KLM
Domain3 89.72.36.69:8443
Domain2 www.crashoveride.com:8080
Domain1 www.skullbox.com:443
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
CustomRegKey HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Domain18 :0
Domain17 :0
InstallDir InstallDir
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTPUserName z3r0c00l
CustomRegName HKCU
FTPServer ftp.serialkiller.com
ActiveXKey {5460C4DF-B266-909E-CB58-E32B79832EB2}
Domain20 :0
InstallName avg
Domain19 :0
CustomRegValue apolicylookup
FTPFolder 22tang0
Domain9 :0
CampaignGroup warri0r99
Domain8 :0
Domain16 :0
HKCU HKCU
Advertising
VirusTotal

47 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
www.skullbox.com 98.139.135.199 US
www.crashoveride.com 205.233.73.65 US
Geo Location
Yara Rules
Comments
comments powered by Disqus