Details
Robot
FileName VirusShare_91b836cf352554a20272c511ea3c4b8a
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 91b836cf352554a20272c511ea3c4b8a
Sha256 b6baf9df5b7f5f4cda5981813769f8dc4c60a7cd2241cfbe44d0980c1a13b870
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName server.exe
CampaignID remote
Domain incognit0.no-ip.biz,
InstallMessageTitle Chat
KeyLoggerEnableFTP FALSE
ActiveXStartup {XH8R0X6T-64RW-E31E-3P36-1Q5NI0TH32X0}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password 1234
Port 100,
USBSpread 1000
Mutex 0BS073SKWN863G
P2PSpread
InstallMessageBox Sorrybutanerroroccuredatdxd39.dll.
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir install
FTPPassword +
MessageBoxButton 5
MeltFile TRUE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox TRUE
Virustotal

48 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report