Details
Malware Family Xtreme
Date Added March 8, 2019, 6:25 a.m.
MD5 e7920d1f9230400963ef54ccde1cbc08
Sha256 ec22808a04f709997d330490db9f63083e4d2fd09f06ea1fb6ed8ad773031ab3
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name csrss.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.9
Mutex mREDUM2izUwrLYeE
HKLM ava Update
Domain3 :0
Domain2 zekinhareidelas.ddns.net:82
Domain1 zekinhareidelas.ddns.net:81
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir System
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection %DEFAULTBROWSER%
FTP Folder
Custom Reg Value IP: 127.0.0.1
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {MV2L3D7U-A3MX-5I47-F10S-KO7BP72I0GQ3}
HKCU Win Update
Advertising
VirusTotal

61 out of 70 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus