Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-09-14 19:31:00 |
MD5 | 32c498fb153836dadf82fe95ac9169e1 |
Sha256 | 1ee5afadd513a961004c447a509015a75d097d328ddf1c866185f7baa999ccb0 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | + |
---|---|
CampaignID | vtima |
Password | 123 |
USBSpread | TRUE |
FTPAddress | ftp.server.com |
InstallDir | cllhost |
Persistance | TRUE |
InstallMessageTitle | ttulo da mensagem |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
FTPDirectory | ./logs/ |
Domain | doritospelado1.no-ip.org, |
InstallFileName | cllhost.exe |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 16 |
Port | 1137, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | TRUE |
MeltFile | FALSE |
Mutex | ***MUTEX*** |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | texto da mensagem |
InstallFlag | TRUE |
ActiveXStartup | {FVN2ID56-J8G8-2FJ5-X862-T17317OJ627T} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
48 out of 57 AV Engines identified the sample as Malicious.