Details
Malware Family PoisonIvy
Date Added June 4, 2018, 6:25 a.m.
MD5 e167b6311a7c435b4d65287ace236591
Sha256 11d90ca6295a41392941e25f6ca9bddb5522cf09647ae235be5729eaef525b0d
Robot Robots lovingly delivered by robohash.org
Config Sections
Enable ActiveX 01
Install Path
HKLM Value Windows Update AutoUpdate Server
Enable HKLM 01
Campaign ID ESIEA-DEMO
Inject Default Browser 01
ActiveX Key {377FB59C-840A-12D2-2835-AF9957F932C0}
Enable Thread Persistence 01
Domains commands.control.demo:3460|
Inject Exe explorer.exe
Password admin
Install Name wuauctl.exe
Advertising
VirusTotal

62 out of 65 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
commands.control.demo 0
Geo Location
Yara Rules
Comments
comments powered by Disqus