Details
Robot
FileName VirusShare_3f22560ebac5fc58a7d281bdae160c9b
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 3f22560ebac5fc58a7d281bdae160c9b
Sha256 3334a3b1bfa7c9dd6e251d251fd4afc6c18ab5af6c814120dc8d5778a71e9126
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM services
FTPInterval 30
InstallFileName Windows.exe
CampaignID victaimas5
Domain bombilla.zapto.org,denis77.zapto.org,
InstallMessageTitle CyberGate
KeyLoggerEnableFTP FALSE
ActiveXStartup {OIEO5B5Q-AX51-YB40-63UC-6U8FL56OY468}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password 1234
Port 4665,4665,
USBSpread 1000
Mutex 52O7R1UW5P4V0D
P2PSpread
InstallMessageBox RemoteAdministrationanywhereintheworld.
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies services
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir Windows
FTPPassword +
MessageBoxButton 0
MeltFile FALSE
RegKeyHKCU services
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox FALSE
Virustotal

0 out of 0 AV Engines identified the sample as Malicious.

Virustotal Report