Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-11-07 14:34:36 |
MD5 | 567b224045bd5503dfb9ce53b3def564 |
Sha256 | 368d9aaa062d631e8381222e2a4db0ae4712eb808f0f6d4f59047fb1a9a61efa |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | + |
---|---|
CampaignID | nono |
Password | 306564899 |
USBSpread | 1000 |
FTPDirectory | ./logs/ |
FTPAddress | ftp.server.com |
InstallDir | install |
Persistance | TRUE |
InstallMessageTitle | CyberGate |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
Mutex | LWHF1EY8320K6J |
Domain | 192.168.1.4,192.168.1.3,127.0.0.1,192.168.1.2,hotlove.hopto.org, |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 16 |
Port | 999,999,999,999,999, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | FALSE |
MeltFile | TRUE |
InstallFileName | FlashPlayer.exe |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | Remote Administration anywhere in the world. |
InstallFlag | TRUE |
ActiveXStartup | {LUG6WA8K-NF1F-UJC6-85EV-L1YB01AB0FWC} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
47 out of 53 AV Engines identified the sample as Malicious.