Details
FileName | VirusShare_023c168b5bd37acd293fd3b6bbc63fb4 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 023c168b5bd37acd293fd3b6bbc63fb4 |
Sha256 | 72223fa8e3b735f62b48563336bfcec3e025822c3da0b5f65f54690abd2dbfd7 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | server.exe |
CampaignID | |
Domain | ljcy520520.gicp.net, |
InstallMessageTitle | ttulodamensagem |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {XY54GE15-6RH5-35G5-54L1-FGCEM3G1ATEC} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | abcd1234 |
Port | 6300, |
USBSpread | TRUE |
Mutex | ***MUTEX*** |
P2PSpread | server.exe#crack.exe# |
InstallMessageBox | textodamensagem |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | FALSE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | ???4 |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | FALSE |
EnableMessageBox | FALSE |
Virustotal
50 out of 53 AV Engines identified the sample as Malicious.