Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 e6046096ac23ca8a269cae6c8dc5c6b0
Sha256 d945ad4146bb0cd5b233db1b5a442b07a74ed61121c6b0e6ab0a092f9d969386
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name svchost.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex shHz6g5a
HKLM ava Update
Domain3 :0
Domain2 zekinhareidelas.ddns.net:82
Domain1 zekinhareidelas.ddns.net:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir System
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value Create server
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {RVA8AT6P-333F-I30C-XT6I-A63G224X7JRQ}
HKCU Win Update
Advertising
VirusTotal

59 out of 69 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus