Details
Robot
FileName VirusShare_65b210e89f548405aec1da18fe9f1880
Malware Family Xtreme
Date Added 2015-03-23 20:29:25
MD5 65b210e89f548405aec1da18fe9f1880
Sha256 b43905f34de4058c4519c354757b733cfb8fbc875e21d4c059340b6634167728
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
Version 2.9
Domain3 :0
Domain4 :0
Domain1 127.0.0.1:81
Install Name Server.exe
Domain20 :0
FTP Server ftp.ftpserver.com
Domain11 :0
ID Server
Domain12 :0
Domain9 :0
Custom Reg Name HKCU
Install Dir InstallDir
Domain14 :0
Group Servers
Domain18 :0
Domain6 :0
Domain10 :0
Domain7 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP UserName ftpuser
Domain19 :0
Injection %DEFAULTBROWSER%
Domain13 :0
HKLM KLM
Domain15 :0
Mutex --((Mutex))--
FTP Password
Domain16 :0
HKCU HKCU
Domain8 :0
FTP Folder
ActiveX Key {5460C4DF-B266-909E-CB58-E32B79832EB2}
Custom Reg Value Servers
Domain5 :0
Domain2 :0
Domain17 :0
Virustotal

49 out of 50 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.biz aissa44.no-ip.biz 000.000.000.000 None