Spyware
XDSpy
According to ESET Research, XDDown is a primary malware component and is strictly a downloader.
According to ESET Research, XDDown is a primary malware component and is strictly a downloader. It persists on the system using the traditional Run key. It downloads additional plugins from the hardcoded C&C server using the HTTP protocol. The HTTP replies contain PE binaries encrypted with a hardcoded two-byte XOR key. Plugins include a module for reconnaissance on the affected system, crawling drives, file exfiltration, SSID gathering, and grabbing saved passwords.
Family metadata imported from Malpedia (Fraunhofer FKIE).