Details
Malware Family CyberGate
Date Added April 14, 2016, 6:52 a.m.
MD5 2dc3b779de4f45d02920e00011abd9f1
Sha256 b2d556e37cb4a3abba00493fd6083f3edc74ba14d9c31169f41ff4b081e48ec6
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Lammer
FTPPassword
FTPDirectory ./
Mutex Pluguin
InstallDir Microsoft
FTPPort
EnableMessageBox FALSE
Password foda
FTPUserName
ActivateKeylogger TRUE
FTPAddress
REGKeyHKLM Avgnt
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle LAMMER
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain spyzeof.ddns.net,
ActiveXStartup {6PU33CSW-WOL8-U2C5-3263-77R8VT8JWICO}
InstallMessageBox VOC FOI HACKEADO ...SEU SISTEMA SER FORMATADO.
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU Avirnt
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread 1000
Port 15,
Advertising
VirusTotal

50 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
spyzeof.ddns.net 192.168.1.9 0
Geo Location
Yara Rules
Comments
comments powered by Disqus