Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-09-14 20:08:21 |
MD5 | 918628686dcd53bf9ee00a113eb5cc78 |
Sha256 | 2bae4fb7571083bd902932f53a4ad423c62403ea9aef766addfdfeb4fc2e3754 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | + |
---|---|
CampaignID | Crossfire |
Password | 123 |
USBSpread | FALSE |
FTPAddress | ftp.server.com |
InstallDir | install |
Persistance | TRUE |
InstallMessageTitle | ttulo da mensagem |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
FTPDirectory | ./logs/ |
Domain | invasaohacking.no-ip.org, |
InstallFileName | TIBIA REDBOT v2.exe |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 16 |
Port | 2001, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | TRUE |
MeltFile | TRUE |
Mutex | ***MUTEX*** |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | texto da mensagem |
InstallFlag | TRUE |
ActiveXStartup | {3A35T68V-74T8-84J0-174R-C1F308767PQ3} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
47 out of 57 AV Engines identified the sample as Malicious.