Details
Robot
FileName VirusShare_023c168b5bd37acd293fd3b6bbc63fb4
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 023c168b5bd37acd293fd3b6bbc63fb4
Sha256 72223fa8e3b735f62b48563336bfcec3e025822c3da0b5f65f54690abd2dbfd7
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName server.exe
CampaignID
Domain ljcy520520.gicp.net,
InstallMessageTitle ttulodamensagem
KeyLoggerEnableFTP FALSE
ActiveXStartup {XY54GE15-6RH5-35G5-54L1-FGCEM3G1ATEC}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password abcd1234
Port 6300,
USBSpread TRUE
Mutex ***MUTEX***
P2PSpread server.exe#crack.exe#
InstallMessageBox textodamensagem
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate FALSE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir install
FTPPassword ???4
MessageBoxButton 0
MeltFile FALSE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile FALSE
EnableMessageBox FALSE
Virustotal

50 out of 53 AV Engines identified the sample as Malicious.

Virustotal Report