Details
Robot
FileName VirusShare_00bb332902ec39158db2046215e5a6db
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 00bb332902ec39158db2046215e5a6db
Sha256 d14d3c15fec084852c7c283fd8396705bb4fa6ffb5e591ae3a0424c48db38863
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName svchost.exe
CampaignID cyber
Domain albertiq4.no-ip.biz,
InstallMessageTitle CyberGate
KeyLoggerEnableFTP FALSE
ActiveXStartup {510O841C-3J67-4CK6-XERX-5X6KX6E53U1K}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password 123456
Port 100,
USBSpread 1000
Mutex GQ85GHM6B17361
P2PSpread
InstallMessageBox RemoteAdministrationanywhereintheworld.
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir WinDir
FTPPassword +
MessageBoxButton 0
MeltFile FALSE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox FALSE
Virustotal

50 out of 55 AV Engines identified the sample as Malicious.

Virustotal Report