Details
Robot
FileName
Malware Family AlienSpy
Date Added 2016-03-20 03:00:03
MD5 7def7bc86b1be23ebf1bc2f3b33df2a4
Sha256 a94ac7b501449059a655f704eb08db34883eb6421f241ced05df16aad1224520
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
JAR_FOLDER g4Y9Ie5d4RQ
JAR_EXTENSION xaJIcX
DELAY_INSTALL 2
PLUGIN_FOLDER whqBTVDCbRQ
PLUGIN_EXTENSION otoMM
SECURITY_TIMES 3
JAR_NAME BlUvcfpEeRc
VMWARE False
NICKNAME JSocket
SECURITY [{u'PROCESS': [u'MSASCui.exe', u'MsMpEng.exe', u'MpUXSrv.exe', u'MpCmdRun.exe'], u'NAME': u'Windows Defender'}, {u'PROCESS': [u'mbam.exe', u'mbamscheduler.exe', u'mbamservice.exe'], u'NAME': u'MalwareBytes'}, {u'PROCESS': [u'AdAwareService.exe', u'AdAwareTray.exe', u'WebCompanion.exe', u'AdAwareDesktop.exe'], u'NAME': u'Ad-Aware Antivirus'}, {u'PROCESS': [u'V3Main.exe', u'V3Svc.exe', u'V3Up.exe', u'V3SP.exe', u'V3Proxy.exe', u'V3Medic.exe'], u'NAME': u'Ahnlab V3 Internet Security 8.0'}, {u'PROCESS': [u'BgScan.exe', u'BullGuard.exe', u'BullGuardBhvScanner.exe', u'BullGuarScanner.exe', u'LittleHook.exe', u'BullGuardUpdate.exe'], u'NAME': u'Bull Guard Antivirus'}, {u'PROCESS': [u'clamscan.exe', u'ClamTray.exe', u'ClamWin.exe'], u'NAME': u'ClamWin Antivirus'}, {u'PROCESS': [u'cis.exe', u'CisTray.exe', u'cmdagent.exe', u'cavwp.exe', u'dragon_updater.exe'], u'NAME': u'COMODO Antivirus'}, {u'PROCESS': [u'MWAGENT.EXE', u'MWASER.EXE', u'CONSCTLX.EXE', u'avpmapp.exe', u'econceal.exe', u'escanmon.exe', u'escanpro.exe', u'TRAYSSER.EXE', u'TRAYICOS.EXE', u'econser.exe', u'VIEWTCP.EXE'], u'NAME': u'EScan Antivirus'}, {u'PROCESS': [u'FSHDLL64.exe', u'fsgk32.exe', u'fshoster32.exe', u'FSMA32.EXE', u'fsorsp.exe', u'fssm32.exe', u'FSM32.EXE', u'trigger.exe'], u'NAME': u'F-Secure Antivirus'}, {u'PROCESS': [u'FProtTray.exe', u'FPWin.exe', u'FPAVServer.exe'], u'NAME': u'F-PROT Antivirus'}, {u'PROCESS': [u'AVK.exe', u'GdBgInx64.exe', u'AVKProxy.exe', u'GDScan.exe', u'AVKWCtlx64.exe', u'AVKService.exe', u'AVKTray.exe', u'GDKBFltExe32.exe', u'GDSC.exe'], u'NAME': u'G DATA Antivirus'}, {u'PROCESS': [u'virusutilities.exe', u'guardxservice.exe', u'guardxkickoff_x64.exe'], u'NAME': u'IKARUS Antivirus'}, {u'PROCESS': [u'iptray.exe', u'freshclam.exe', u'freshclamwrap.exe'], u'NAME': u'Immunet Antivirus'}, {u'PROCESS': [u'K7RTScan.exe', u'K7FWSrvc.exe', u'K7PSSrvc.exe', u'K7EmlPxy.EXE', u'K7TSecurity.exe', u'K7AVScan.exe', u'K7CrvSvc.exe', u'K7SysMon.Exe', u'K7TSMain.exe', u'K7TSMngr.exe'], u'NAM
NETWORK [{u'PORT': 1605, u'DNS': u'opendoors.myftp.org'}]
JAR_REGISTRY DmrWsCoTGg1
DELAY_CONNECT 2
VBOX False
INSTALL True
JRE_FOLDER yElxkK
Virustotal

31 out of 55 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
myftp.org opendoors.myftp.org 0.0.0.0 0