Details
Malware Family Xtreme
Date Added Feb. 23, 2017, 2:13 p.m.
MD5 63316eb272851afeded2bed9ab832541
Sha256 97383191b953f0566d656aaf141b678df069fac47d7d880ad61499e8847322dc
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Crossfire
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex ByMDG7Nt1yEsp4
HKLM ava
Domain3 :0
Domain2 :0
Domain1 ssvitimas.duckdns.org:1000
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir InstallDir
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value Crossfire
ID CF
Domain20 :0
FTP UserName ftpuser
Custom Reg Name GoogleUpdater
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {G2M673B5-PNEB-CC8O-A20A-7MH87Q78A0L7}
HKCU Explorer
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus