Details
Robot
FileName VirusShare_a05d79b6960ac712d7deb9fa8c68f1bf
Malware Family Xtreme
Date Added 2015-03-23 20:29:25
MD5 a05d79b6960ac712d7deb9fa8c68f1bf
Sha256 2a3d0f1c3af6ab2c9bf699141915c038055c9842f37c284dbb256a366e5eda91
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
Version 2.9
Domain3 :0
Domain4 :0
Domain1 back90.zapto.org:1177
Install Name Server.exe
Domain20 :0
FTP Server ftp.ftpserver.com
Domain11 :0
ID Server
Domain12 :0
Domain9 :0
Custom Reg Name HKCU
Install Dir InstallDir
Domain14 :0
Group Servers
Domain18 :0
Domain6 :0
Domain10 :0
Domain7 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP UserName ftpuser
Domain19 :0
Injection %DEFAULTBROWSER%
Domain13 :0
HKLM KLM
Domain15 :0
Mutex --((Mutex))--
FTP Password
Domain16 :0
HKCU HKCU
Domain8 :0
FTP Folder
ActiveX Key {XT60GTIL-O317-F2XN-5385-83784461408T}
Custom Reg Value sicLibrary
Domain5 :0
Domain2 :0
Domain17 :0
Virustotal

47 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
zapto.org back90.zapto.org 000.000.000.000 None