Details
Malware Family CyberGate
Date Added Oct. 3, 2015, 12:20 a.m.
MD5 28ff672a56d5eaf4445649a92849227b
Sha256 82b7467bab99c5997d33e06ad3c6abfe52622e4852192c6151880e439e372a6b
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Coopen
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir Microsoft
FTPPort 21
EnableMessageBox TRUE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Microsoft
MessageBoxButton 0
StartupPolicies
FTPInterval 30
InstallMessageTitle Erro
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain hostone.noip.me,
ActiveXStartup {6J321B21-6Q46-Q7UF-1N20-74402T3KEF18}
InstallMessageBox O Arquivo No Foi Encontrado
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
REGKeyHKCU Adobe
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread FALSE
Port 2016,
Advertising
VirusTotal

46 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hostone.noip.me 191.8.75.133 BR
0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus