Details
FileName | VirusShare_9a9e22a026a35cc845951d8eb4dc5097 |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | 9a9e22a026a35cc845951d8eb4dc5097 |
Sha256 | ffd03ac7b886287f27d14ac25d6e0441d53043f870681432316a53a68d50c54c |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | server.exe |
CampaignID | VictimBitch |
Domain | ratv2.zapto.org, |
InstallMessageTitle | CyberGate |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {R6CDN7O3-160V-7X30-KJH2-PAQUWUWG3XKY} |
FTPUserName | ftp_user |
Persistance | FALSE |
GoogleChromePasswords | NoLongerStored |
Password | 123456 |
Port | 82, |
USBSpread | 1000 |
Mutex | H5X5IO8RCTT5RL |
P2PSpread | |
InstallMessageBox | RemoteAdministrationanywhereintheworld. |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | FALSE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | TRUE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | FALSE |
EnableMessageBox | FALSE |
Virustotal
50 out of 53 AV Engines identified the sample as Malicious.