Details
Robot
FileName VirusShare_578f5f840a7d186b33b16830f1ddd6e6
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 578f5f840a7d186b33b16830f1ddd6e6
Sha256 397a22a15aabd6278d0eeedc01b91e5740bc241891151445e3c030bd977abe40
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM Wind32
FTPInterval 30
InstallFileName Wind32.exe
CampaignID Militar
Domain hardpenetration.no-ip.org,renan-hi.no-ip.org,
InstallMessageTitle ttulodamensagem
KeyLoggerEnableFTP FALSE
ActiveXStartup {VUQV35AO-N65G-M4D5-14M1-SM14U1B81132}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password 123
Port 2000,2000,
USBSpread TRUE
Mutex ***MUTEX***
P2PSpread
InstallMessageBox textodamensagem
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir Wind32
FTPPassword +
MessageBoxButton 0
MeltFile FALSE
RegKeyHKCU msnmsgr
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox FALSE
Virustotal

48 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report