Details
FileName | VirusShare_fb8c7cf2a6c5c7d25673419c2c83fbed |
---|---|
Malware Family | CyberGate |
Date Added | 2015-03-23 20:29:25 |
MD5 | fb8c7cf2a6c5c7d25673419c2c83fbed |
Sha256 | bff9032649c204d029f3cefc0828672819c9b116f0cde2422e513f3d051acf18 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
RegKeyHKLM | HKLM |
---|---|
FTPInterval | 30 |
InstallFileName | server.exe |
CampaignID | vtima |
Domain | aimenutchiwa.no-ip.org,aimenutchiwa2.no-ip.org,aimenutchiwa3.no-ip.org, |
InstallMessageTitle | Eror |
KeyLoggerEnableFTP | FALSE |
ActiveXStartup | {Y31XJ1AH-8FGO-6YVW-5WE5-L53NJH04HGR3} |
FTPUserName | ftp_user |
Persistance | TRUE |
GoogleChromePasswords | NoLongerStored |
Password | abcd1234 |
Port | 81,81,81, |
USBSpread | FALSE |
Mutex | ***MUTEX*** |
P2PSpread | |
InstallMessageBox | |
MessageBoxIcon | 16 |
ActivateKeylogger | TRUE |
StartupPolicies | Policies |
FTPAddress | ftp.server.com |
KeyloggerBackspace | TRUE |
ChangeCreationDate | FALSE |
InstallFlag | TRUE |
FTPPort | 21 |
CyberGateVersion | |
InstallDir | install |
FTPPassword | + |
MessageBoxButton | 0 |
MeltFile | TRUE |
RegKeyHKCU | HKCU |
FTPDirectory | ./logs/ |
HideFile | FALSE |
EnableMessageBox | FALSE |
Virustotal
46 out of 54 AV Engines identified the sample as Malicious.