Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 422b47144b9b14870e285983d9270456
Sha256 31dec305d46594e86ede365d2d4683172fc4eba59576ab1299a1a2d208e19c20
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name csrss.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex mREDUM2izUwrLYeE
HKLM ava Update
Domain3 :0
Domain2 zekinhareidelas.ddns.net:82
Domain1 zekinhareidelas.ddns.net:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir System
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value ?h[J
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {MV2L3D7U-A3MX-5I47-F10S-KO7BP72I0GQ3}
HKCU Win Update
Advertising
VirusTotal

58 out of 69 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus