Details
Robot
FileName VirusShare_9a9e22a026a35cc845951d8eb4dc5097
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 9a9e22a026a35cc845951d8eb4dc5097
Sha256 ffd03ac7b886287f27d14ac25d6e0441d53043f870681432316a53a68d50c54c
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName server.exe
CampaignID VictimBitch
Domain ratv2.zapto.org,
InstallMessageTitle CyberGate
KeyLoggerEnableFTP FALSE
ActiveXStartup {R6CDN7O3-160V-7X30-KJH2-PAQUWUWG3XKY}
FTPUserName ftp_user
Persistance FALSE
GoogleChromePasswords NoLongerStored
Password 123456
Port 82,
USBSpread 1000
Mutex H5X5IO8RCTT5RL
P2PSpread
InstallMessageBox RemoteAdministrationanywhereintheworld.
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate FALSE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir install
FTPPassword +
MessageBoxButton 0
MeltFile TRUE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile FALSE
EnableMessageBox FALSE
Virustotal

50 out of 53 AV Engines identified the sample as Malicious.

Virustotal Report