Details
FileName | |
---|---|
Malware Family | Xtreme |
Date Added | 2016-01-26 03:00:03 |
MD5 | 368ae97bfde3a732d871d240c510d45a |
Sha256 | 578cdb87186450575edbbcef543b5b8399a3bc730bd3a9be48cfbc79b08a0576 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
Install Dir | InstallDir |
---|---|
FTP Server | ftp.ftpserver.com |
Domain18 | :0 |
Domain2 | rasha.ddns.net:3000 |
Custom Reg Value | h5 |
Domain15 | :0 |
Domain8 | :0 |
Custom Reg Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
Domain3 | :0 |
Domain17 | :0 |
Domain5 | :0 |
Domain1 | 127.0.0.1:81 |
Domain9 | :0 |
Domain13 | :0 |
HKLM | KLM |
FTP Folder | |
Domain6 | :0 |
Domain12 | :0 |
Custom Reg Name | HKCU |
ActiveX Key | {WVH6P7QT-8263-MQ70-6FXU-27QS2HK6GQ03} |
Injection | %DEFAULTBROWSER% |
Domain14 | :0 |
Group | Servers |
Domain19 | :0 |
Install Name | Server.exe |
Domain20 | :0 |
Version | 2.8.1 |
Mutex | LkxTremg |
HKCU | HKCU |
FTP Password | |
Domain10 | :0 |
Domain11 | :0 |
ID | Server |
Domain16 | :0 |
FTP UserName | ftpuser |
Domain4 | :0 |
Domain7 | :0 |
Virustotal
49 out of 55 AV Engines identified the sample as Malicious.