Details
FileName | VirusShare_76009b7a1d6f55a2f9d5b49a5a5dbdf6 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 76009b7a1d6f55a2f9d5b49a5a5dbdf6 |
Sha256 | d501b342c2342e4fa9689762324f09967e2ee4144a629803d3e2c1e52191dcac |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | updateSN |
---|---|
FTPInterval | 30 |
InstallFileName | update.exe |
CampaignID | Mplus |
Domain | tarajist1919.no-ip.biz, |
InstallMessageTitle | ttulodamensagem |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {H46UPYA8-244O-PGQ2-386W-H21C02NN3VB1} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 1234 |
Port | 81, |
USBSpread | FALSE |
Mutex | 32323232 |
P2PSpread | |
InstallMessageBox | textodamensagem |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | updateSN |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | FALSE |
RegKeyHKCU | updateSN |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | FALSE |
Virustotal
48 out of 54 AV Engines identified the sample as Malicious.