Details
Robot
FileName
Malware Family Xtreme
Date Added 2019-03-08 06:25:16
MD5 422b47144b9b14870e285983d9270456
Sha256 31dec305d46594e86ede365d2d4683172fc4eba59576ab1299a1a2d208e19c20
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
Install Dir System
FTP Server ftp.ftpserver.com
Domain18 :0
Domain2 zekinhareidelas.ddns.net:82
Custom Reg Value ?h[J
Domain15 :0
Domain8 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Domain3 :0
Domain17 :0
Domain5 :0
Domain1 zekinhareidelas.ddns.net:81
Domain9 :0
Domain13 :0
HKLM ava Update
FTP Folder
Domain6 :0
Domain12 :0
Custom Reg Name HKCU
ActiveX Key {MV2L3D7U-A3MX-5I47-F10S-KO7BP72I0GQ3}
Injection %DEFAULTBROWSER%
Domain14 :0
Group Servers
Domain19 :0
Install Name csrss.exe
Domain20 :0
Version 2.9
Mutex mREDUM2izUwrLYeE
HKCU Win Update
FTP Password
Domain10 :0
Domain11 :0
ID Server
Domain16 :0
FTP UserName ftpuser
Domain4 :0
Domain7 :0
Virustotal

58 out of 69 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
ddns.net cometdb.ddns.net 128.199.50.200 SG