Details
Malware Family Xtreme
Date Added March 16, 2017, 1:28 p.m.
MD5 48a4f0bf00afd074e8663e6feca6abec
Sha256 f9a40a3220d3859468b054529b83260a89815e7d99781390711219febe8b502f
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Realm
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex 9r6qu7mGQ
HKLM ava
Domain3 svitimas.duckdns.org:6000
Domain2 svitimas.duckdns.org:5000
Domain1 svitimas.duckdns.org:3030
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 svitimas.duckdns.org:10000
Install Dir InstallDir
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value te Computador
ID Trade
Domain20 :0
FTP UserName ftpuser
Custom Reg Name Google Updater
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {DAGL2363-AXDV-8O00-FBY0-O65FCXD4314K}
HKCU Explorer
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus