Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-11-07 20:02:52 |
MD5 | a92692360cc8a529e305b9fa710c096e |
Sha256 | 90f87806f9d4c867c2fa5d92fcd3aedb8f69a7280870b88ceb54cd36605e1016 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | + |
---|---|
CampaignID | connections |
Password | 123456 |
USBSpread | 1000 |
FTPDirectory | ./logs/ |
FTPAddress | ftp.server.com |
InstallDir | explorer |
Persistance | TRUE |
InstallMessageTitle | CyberGate |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
Mutex | 4838O0FG84W200 |
Domain | hitmano.no-ip.biz, |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 16 |
Port | 82, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | TRUE |
MeltFile | FALSE |
InstallFileName | explorer.exe |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | TESTING 123 - dont quit else cpu shut down !!! |
InstallFlag | TRUE |
ActiveXStartup | {NXCTTY2S-7H73-8IG5-X6PS-FBFXABCAIAH2} |
EnableMessageBox | FALSE |
ActivateKeylogger | TRUE |
MessageBoxButton | 1 |
Virustotal
51 out of 53 AV Engines identified the sample as Malicious.