Details
Malware Family CyberGate
Date Added April 8, 2017, 6:25 a.m.
MD5 2f1e459a7d245785a42b9c69df7872df
Sha256 ee75f4bd721874eb809a1e983816cfc9a05979daff7fbe182710a53865e7280a
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Audio do windows
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain aspaire23.ddns.net,aspaire23.ddns.net,aspaire23.ddns.net,
ActiveXStartup {A0XI340T-2CTT-O2U6-EQB0-O1X41P656D0T}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU Windows Defender
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 201,202,203,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
aspaire23.ddns.net 170.231.247.190 BR
aspaire23.ddns.net 170.231.247.190 BR
aspaire23.ddns.net 170.231.247.190 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus