Details
Malware Family PoisonIvy
Date Added June 4, 2018, 6:25 a.m.
MD5 ba38eb35dc8e6688e4b4aa4f8951ed7f
Sha256 e54aca22d4f7c50a304d5c138e52ccd3509074a344e24dbdd873012e0274cbb2
Robot Robots lovingly delivered by robohash.org
Config Sections
Enable ActiveX 01
Install Path
HKLM Value Windows Update AutoUpdate Server
Enable HKLM 01
Campaign ID ESIEA-DEMO
Inject Default Browser 01
ActiveX Key {377FB59C-840A-12D2-2835-AF9957F932C0}
Enable Thread Persistence 01
Domains commands.control.demo:3460|
Inject Exe explorer.exe
Password admin
Install Name wuauctl.exe
Advertising
VirusTotal

61 out of 65 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
commands.control.demo 0
Geo Location
Yara Rules
Comments
comments powered by Disqus