Details
Malware Family Xtreme
Date Added March 25, 2018, 6:25 a.m.
MD5 81160e72402be519311eb81cf4775f6f
Sha256 734811008ab890768ec957d9c3526f914b9e1428ac7a7b4d7f6630f73835e3bc
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Vitima
Install Name taskhost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex unFKbiru
HKLM tualizar
Domain3 :0
Domain2 :0
Domain1 97923608.ddns.net:1177
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir Windows
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection winlogon.exe
FTP Folder
Custom Reg Value Vitima
ID Vitima
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {7SVI7811-L0U8-B366-40J8-M34NB46W4SL2}
HKCU Windows
Advertising
VirusTotal

57 out of 67 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus