Details
Malware Family Xtreme
Date Added March 30, 2017, 6:25 a.m.
MD5 ab36f6ce1f3957733170f9e7bdb45850
Sha256 1e55478bf87f4b89da81c9bd408f80b88c41981522550ad130085f3bb2d9d570
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Crossfire
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex ZXizpez70N3lFx
HKLM ava
Domain3 svitimast.ddns.net:10000
Domain2 svitimast.ddns.net:6000
Domain1 svitimast.ddns.net:3030
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 svitimast.ddns.net:5000
Install Dir InstallDiR
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value Crossfire
ID Trade
Domain20 :0
FTP UserName ftpuser
Custom Reg Name Google Update
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {6F8RTQ2R-R66A-Q23N-NMX7-82TJ4G68VM2W}
HKCU Explorer
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus