Details
FileName | VirusShare_578f5f840a7d186b33b16830f1ddd6e6 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 578f5f840a7d186b33b16830f1ddd6e6 |
Sha256 | 397a22a15aabd6278d0eeedc01b91e5740bc241891151445e3c030bd977abe40 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | Wind32 |
---|---|
FTPInterval | 30 |
InstallFileName | Wind32.exe |
CampaignID | Militar |
Domain | hardpenetration.no-ip.org,renan-hi.no-ip.org, |
InstallMessageTitle | ttulodamensagem |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {VUQV35AO-N65G-M4D5-14M1-SM14U1B81132} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 123 |
Port | 2000,2000, |
USBSpread | TRUE |
Mutex | ***MUTEX*** |
P2PSpread | |
InstallMessageBox | textodamensagem |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | Wind32 |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | msnmsgr |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | FALSE |
Virustotal
48 out of 54 AV Engines identified the sample as Malicious.