Details
FileName | VirusShare_63041fa934971c3829aa68b7ca29473e |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 63041fa934971c3829aa68b7ca29473e |
Sha256 | 00a16230c275af7606f3d05d7b126839f22c177ac575e6b8b17776ff91aa35e6 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | svchost.exe |
CampaignID | Cyber |
Domain | cybergatedenek.no-ip.biz, |
InstallMessageTitle | CyberGate |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {7D57PU53-6G54-V570-1435-BGE8R5A63AAC} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 123456 |
Port | 82, |
USBSpread | 1000 |
Mutex | 72Y1NL35W5032U |
P2PSpread | |
InstallMessageBox | RemoteAdministrationanywhereintheworld. |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | Winbooter |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | FALSE |
Virustotal
48 out of 54 AV Engines identified the sample as Malicious.