Malware Family Xtreme
Date Added March 25, 2018, 6:25 a.m.
MD5 81160e72402be519311eb81cf4775f6f
Sha256 734811008ab890768ec957d9c3526f914b9e1428ac7a7b4d7f6630f73835e3bc
Robot Robots lovingly delivered by
Config Sections
Group Vitima
Install Name taskhost.exe
FTP Server
Domain9 :0
Version 2.9
Mutex unFKbiru
HKLM tualizar
Domain3 :0
Domain2 :0
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir Windows
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection winlogon.exe
FTP Folder
Custom Reg Value Vitima
ID Vitima
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {7SVI7811-L0U8-B366-40J8-M34NB46W4SL2}
HKCU Windows

57 out of 67 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
comments powered by Disqus