Details
FileName | VirusShare_6522cde98c73cd9bbd465d87516071ce |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 6522cde98c73cd9bbd465d87516071ce |
Sha256 | e4da230b0f2e9536969689ddc06eca1b3beb19f9e6a0894aa1bb5430050980e5 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | svchost.exe |
CampaignID | Cybergate |
Domain | windowsupdateusa.serveftp.com, |
InstallMessageTitle | FileError |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {F42CGD35-KS73-6H0G-D7S1-33B5VCJU1437} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | windsor74 |
Port | 2929, |
USBSpread | 1000 |
Mutex | 4XJOOIV4144PR2 |
P2PSpread | |
InstallMessageBox | Thefileseemstobecorruptand/ormissingcomponents. |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | FALSE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | system32 |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | TRUE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | TRUE |
Virustotal
0 out of 0 AV Engines identified the sample as Malicious.