Details
Malware Family Xtreme
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 c581463531d2cf4403ff6a698b51fdd8
Sha256 e856b08c7507da34677731f33054611518f0f8c4ca7bac7dfbb745949cb4c8cd
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name Server.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex Sr6zj0hMkPrZs7B3
HKLM KLM
Domain3 :0
Domain2 :0
Domain1 rayan.no-ip.biz:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir InstallDir
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {QGC88GXX-5CX3-8P3K-QJ0U-6L7Q758740BK}
HKCU HKCU
Advertising
VirusTotal

52 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus