Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 231ddde4a715407d0e6b8bc60c88bb62
Sha256 6dcc57b2617bc415211f50c45c7518769300912edd0f2a477fd287f020a352a8
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID Server
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
GoogleChromePasswords NoLongerStored
InstallDir spynet
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulodamensagem
MessageBoxIcon 16
Domain p5n.no-ip.org,
ActiveXStartup
InstallMessageBox textodamensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
RegKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 82,
Advertising
VirusTotal

49 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
p5n.no-ip.org 41.97.66.153 DZ
Geo Location
Yara Rules
Comments
comments powered by Disqus