Details
Robot
FileName VirusShare_b85d890568b710f785ed10783ce43455
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 b85d890568b710f785ed10783ce43455
Sha256 885f5a586816aa364ca1d5bf6bfe703c3dcb671f33188a588698bf2dc4fed53f
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName server.exe
CampaignID vtima
Domain 127.0.0.1,
InstallMessageTitle ttulodamensagem
KeyLoggerEnableFTP FALSE
ActiveXStartup {3M08W8IP-PA32-T50V-802I-QYUABHSCH5I7}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password abcd1234
Port 81,
USBSpread FALSE
Mutex ***MUTEX***
P2PSpread
InstallMessageBox textodamensagem
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate TRUE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir spynet
FTPPassword +
MessageBoxButton 0
MeltFile TRUE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile TRUE
EnableMessageBox FALSE
Virustotal

46 out of 51 AV Engines identified the sample as Malicious.

Virustotal Report