Details
FileName | VirusShare_28de9e0940c03a51765a4301f2a14dd2 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 28de9e0940c03a51765a4301f2a14dd2 |
Sha256 | 24a937360c4d8afefeaf51121a96892bb0b31ec12198e76d3bca089a6ce92f27 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | Systray.exe |
CampaignID | Cyber |
Domain | imfireingmylazor.zapto.org, |
InstallMessageTitle | ERROR |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {1P60OUO6-2WS5-QA10-63U5-04M544VD070Q} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 123456 |
Port | 2155, |
USBSpread | 1000 |
Mutex | 7811082XT04PF0 |
P2PSpread | |
InstallMessageBox | Theprogramhasbeenterminated0XC1000104001 |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | TRUE |
Virustotal
47 out of 53 AV Engines identified the sample as Malicious.