Details
Robot
FileName VirusShare_76009b7a1d6f55a2f9d5b49a5a5dbdf6
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 76009b7a1d6f55a2f9d5b49a5a5dbdf6
Sha256 d501b342c2342e4fa9689762324f09967e2ee4144a629803d3e2c1e52191dcac
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM updateSN
FTPInterval 30
InstallFileName update.exe
CampaignID Mplus
Domain tarajist1919.no-ip.biz,
InstallMessageTitle ttulodamensagem
KeyLoggerEnableFTP FALSE
ActiveXStartup {H46UPYA8-244O-PGQ2-386W-H21C02NN3VB1}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password 1234
Port 81,
USBSpread FALSE
Mutex 32323232
P2PSpread
InstallMessageBox textodamensagem
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir updateSN
FTPPassword +
MessageBoxButton 0
MeltFile FALSE
RegKeyHKCU updateSN
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox FALSE
Virustotal

48 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report