Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 e1455bd50fedec09b6817ad6bedca5bc
Sha256 f7ca3515710afe3eae8f9fc9c9ec75109cc93672b124abbd6e96fa2dde64f48e
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex 0GudNRQbtPJDw
HKLM ests
Domain3 :0
Domain2 zekinhareidelas.ddns.net:82
Domain1 zekinhareidelas.ddns.net:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir System32
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value $
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {RD2B5FL4-E5RT-Y8M7-AEPD-0O3Q33OSA5GJ}
HKCU test
Advertising
VirusTotal

56 out of 69 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus