Details
FileName | VirusShare_8399f5060768e98f68664ad738d58b5e |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 8399f5060768e98f68664ad738d58b5e |
Sha256 | 3b5a30d5b656c9cce079332cb850fdd212ea3a564da307676b8c37a68bafefa4 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | |
---|---|
FTPInterval | 15 |
InstallFileName | MSOCXCOMP.exe |
CampaignID | Alex4921 |
Domain | todd.boldlygoingnowhere.org, |
InstallMessageTitle | Exception |
KeyLoggerEnableFTP | TRUE |
ActiveXStartup | {8067NSEO-EV32-44F8-0SYW-02PUG537JS3G} |
FTPUserName | alex4921 |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 4921 |
Port | 666, |
USBSpread | |
Mutex | CGFX4921 |
P2PSpread | |
InstallMessageBox | UnhandledProgramExceptionPressOKtoExit |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | mr.n.antithesisgames.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | Debug7 |
FTPPassword | 49211337 |
MessageBoxButton | 0 |
MeltFile | TRUE |
RegKeyHKCU | |
FTPDirectory | ./LGS/ |
HideFile | TRUE |
EnableMessageBox | TRUE |
Virustotal
48 out of 54 AV Engines identified the sample as Malicious.