Details
FileName | VirusShare_91b836cf352554a20272c511ea3c4b8a |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 91b836cf352554a20272c511ea3c4b8a |
Sha256 | b6baf9df5b7f5f4cda5981813769f8dc4c60a7cd2241cfbe44d0980c1a13b870 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | server.exe |
CampaignID | remote |
Domain | incognit0.no-ip.biz, |
InstallMessageTitle | Chat |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {XH8R0X6T-64RW-E31E-3P36-1Q5NI0TH32X0} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | 1234 |
Port | 100, |
USBSpread | 1000 |
Mutex | 0BS073SKWN863G |
P2PSpread | |
InstallMessageBox | Sorrybutanerroroccuredatdxd39.dll. |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | TRUE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | + |
MessageBoxButton | 5 |
MeltFile | TRUE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | TRUE |
EnableMessageBox | TRUE |
Virustotal
48 out of 54 AV Engines identified the sample as Malicious.