Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-09-14 20:49:01 |
MD5 | 0abab172e5055508a08514a3cf7dccc0 |
Sha256 | 6b696dc94388b74a6bde006457701ead2b5743ebbfd486e8be1868e514f4088d |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | |
---|---|
CampaignID | Lammer |
Password | 123 |
USBSpread | 1000 |
FTPAddress | |
InstallDir | Microsoft |
Persistance | TRUE |
InstallMessageTitle | LAMMER |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
FTPDirectory | ./ |
Domain | goecgarotinho.no-ip.org, |
InstallFileName | Pluguin.exe |
FTPPort | |
REGKeyHKCU | Avirnt |
MessageBoxIcon | 16 |
Port | 81, |
CyberGateVersion | |
StartupPolicies | |
REGKeyHKLM | Avgnt |
FTPUserName | |
ChangeCreationDate | TRUE |
MeltFile | FALSE |
Mutex | Pluguin |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | VOC FOI HACKEADO ...SEU SISTEMA SER FORMATADO. |
InstallFlag | TRUE |
ActiveXStartup | {J5464825-MW71-GERY-3N4H-8W4YO142T0SJ} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
49 out of 56 AV Engines identified the sample as Malicious.