Details
FileName | VirusShare_0c83af8102f81c1d4dcb2a8e3fca45cd |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 0c83af8102f81c1d4dcb2a8e3fca45cd |
Sha256 | cda8fe3b90bda475f5b270abb9965761832e4f1f02840df8f6062639f78fe4ee |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | skype |
---|---|
FTPInterval | 30 |
InstallFileName | skypeupdate.exe |
CampaignID | remote |
Domain | tarsia6703.conds.com, |
InstallMessageTitle | CyberGate |
KeyLoggerEnableFTP | TRUE |
ActiveXStartup | {KJ6IOH8M-THH4-63GX-F74Y-5EN337338LY8} |
FTPUserName | u263185159.fffdata |
Persistance | FALSE |
GoogleChromePasswords | NoLongerStored |
Password | cybergate |
Port | 8080, |
USBSpread | 1000 |
Mutex | 2T4F381OJ4K27D |
P2PSpread | |
InstallMessageBox | RemoteAdministrationanywhereintheworld. |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | skype |
FTPAddress | ftp.sakura.3owl.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | FALSE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | skype |
FTPPassword | fffdata |
MessageBoxButton | 0 |
MeltFile | TRUE |
RegKeyHKCU | skype |
FTPDirectory | ./ |
HideFile | TRUE |
EnableMessageBox | FALSE |
Virustotal
48 out of 53 AV Engines identified the sample as Malicious.