Details
Robot
FileName bff26609edc95d3fee35e1ba8a325d53d28e63209a1fba4a7e96f644bad5b0b9
Malware Family Xtreme
Date Added 2015-03-23 20:29:25
MD5 6b8b0ba6422ed99c8f7aaf5462a4fb80
Sha256 c91219c8855977883d36990728345c0019c19fb84a580f87c1a305ba0dec79df
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
Version 2.9
Domain3 77777772.no-ip.org:2000
Domain4 77777772.no-ip.org:3000
Domain1 77777772.no-ip.org:81
Install Name svchost.exe
Domain20 :0
FTP Server ftp.ftpserver.com
Domain11 77777772.no-ip.org:4000
ID Server
Domain12 77777772.no-ip.org:4002
Domain9 77777772.no-ip.org:3004
Custom Reg Name HKCU
Install Dir WindosSetup
Domain14 77777772.no-ip.org:1100
Group Servers
Domain18 :0
Domain6 77777772.no-ip.org:3001
Domain10 77777772.no-ip.org:3005
Domain7 77777772.no-ip.org:3002
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP UserName ftpuser
Domain19 :0
Injection %DEFAULTBROWSER%
Domain13 77777772.no-ip.org:4003
HKLM KLM
Domain15 77777772.no-ip.org:1300
Mutex ykWRdrddadsaUnVcgaBD
FTP Password
Domain16 77777772.no-ip.org:1500
HKCU HKCU
Domain8 77777772.no-ip.org:3003
FTP Folder
ActiveX Key {27VO0E4R-II7G-A00O-2LG4-J7DR8V265C3V}
Custom Reg Value Server
Domain5 77777772.no-ip.org:4001
Domain2 77777772.no-ip.org:82
Domain17 77777772.no-ip.org:1400
Virustotal

0 out of 0 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.biz ronaldo1155.no-ip.biz 41.103.95.118 DZ