Details
Robot
FileName VirusShare_fb8c7cf2a6c5c7d25673419c2c83fbed
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 fb8c7cf2a6c5c7d25673419c2c83fbed
Sha256 bff9032649c204d029f3cefc0828672819c9b116f0cde2422e513f3d051acf18
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
RegKeyHKLM HKLM
FTPInterval 30
InstallFileName server.exe
CampaignID vtima
Domain aimenutchiwa.no-ip.org,aimenutchiwa2.no-ip.org,aimenutchiwa3.no-ip.org,
InstallMessageTitle Eror
KeyLoggerEnableFTP FALSE
ActiveXStartup {Y31XJ1AH-8FGO-6YVW-5WE5-L53NJH04HGR3}
FTPUserName ftp_user
Persistance TRUE
GoogleChromePasswords NoLongerStored
Password abcd1234
Port 81,81,81,
USBSpread FALSE
Mutex ***MUTEX***
P2PSpread
InstallMessageBox
MessageBoxIcon 16
ActivateKeylogger TRUE
StartupPolicies Policies
FTPAddress ftp.server.com
KeyloggerBackspace TRUE
ChangeCreationDate FALSE
InstallFlag TRUE
FTPPort 21
CyberGateVersion
InstallDir install
FTPPassword +
MessageBoxButton 0
MeltFile TRUE
RegKeyHKCU HKCU
FTPDirectory ./logs/
HideFile FALSE
EnableMessageBox FALSE
Virustotal

46 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report