Details
Robot
FileName VirusShare_55a534841e61a14973ada03474267b56
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 55a534841e61a14973ada03474267b56
Sha256 062f2f0913c1d01a242a6fddfd3f2c412bc588c31ec381811e1443423697c333
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM win32
FTPInterval 30
InstallFileName server.exe
CampaignID vtima
Domain loghd.ddns.com.br,loghd.ddns.com.br,loghd.ddns.com.br,
InstallMessageTitle Erro!
KeyLoggerEnableFTP FALSE
ActiveXStartup {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password lsl123
Port 15963,888,2000,
USBSpread FALSE
Mutex ***MUTEX***
P2PSpread
InstallMessageBox OWindowsnoconseguiencontraroarquivoxamp.dll
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir install
FTPPassword +
MessageBoxButton 0
MeltFile TRUE
RegKeyHKCU win32
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox TRUE
Virustotal

49 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report