Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 23fd7604804d866473e8a8b57ee5b43b
Sha256 3e491a47b1ceee8da13ec6beef4b2c7f180d2b0fea50bc6b7f8571592d469897
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name csrss.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex aKtpCb3
HKLM ava Update
Domain3 :0
Domain2 zekinhareidelas.ddns.net:82
Domain1 zekinhareidelas.ddns.net:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir System
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value Binder
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {KAI7M728-VNGA-3N8Y-7K1E-6E43064H528M}
HKCU Win Update
Advertising
VirusTotal

60 out of 70 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus