Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-11-07 14:35:48 |
MD5 | 9366855dc179cd99e94c18696e9625d6 |
Sha256 | d09ea936aa1f0c6c8f4a877adadb4d61681239e8925d0d5c28f84635292e7fad |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | + |
---|---|
CampaignID | remote |
Password | cybergate |
USBSpread | 1000 |
FTPDirectory | ./logs/ |
FTPAddress | ftp.server.com |
InstallDir | svchost.exe |
Persistance | TRUE |
InstallMessageTitle | CyberGate |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
Mutex | 8W555Q2F7Q82M0 |
Domain | 37.24.146.196, |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 16 |
Port | 80, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | TRUE |
MeltFile | TRUE |
InstallFileName | server.exe |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | Remote Administration anywhere in the world. |
InstallFlag | TRUE |
ActiveXStartup | {L0O0A30M-1267-U476-F855-DN6LKI04DU35} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
39 out of 46 AV Engines identified the sample as Malicious.