Details
FileName | VirusShare_35a162fd3f39f8e7369fe60580352da4 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 35a162fd3f39f8e7369fe60580352da4 |
Sha256 | 2e8589fd9cb7124ab7620ad5f45d299ab4785123848537d37ddcee0637ce9a71 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 25 |
InstallFileName | servercybergate.exe |
CampaignID | mrayoubhacker |
Domain | mrayoubhacker.no-ip.info, |
InstallMessageTitle | error |
KeyLoggerEnableFTP | TRUE |
ActiveXStartup | {0038T0WE-8011-2AW6-Y4DB-KH7644644QI8} |
FTPUserName | serverrich |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | hackerrich |
Port | 81, |
USBSpread | 1000 |
Mutex | 67EA36861E8Q06 |
P2PSpread | |
InstallMessageBox | instalnetframworkv6 |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.drivehq.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | serverrich |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | HKCU |
FTPDirectory | ./da7aya/ |
HideFile | TRUE |
EnableMessageBox | TRUE |
Virustotal
47 out of 53 AV Engines identified the sample as Malicious.