Details
Malware Family CyberGate
Date Added Aug. 8, 2015, 12:37 p.m.
MD5 01d16045ceaa31e204d77d075b01aaf4
Sha256 1d334c23b4333483af2e78dffd383058c6c99303c20416e9c36d0c1412787466
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Systemy
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain trojan123.no-ip.biz,
ActiveXStartup {70OVP33T-7A5Q-11U3-3V17-E77EUSQ725QI}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName Systemy32.exe
REGKeyHKCU Systemy32
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 56789,
Advertising
VirusTotal

45 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
trojan123.no-ip.biz 189.12.228.213 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus