Details
Robot
FileName
Malware Family CyberGate
Date Added 2016-04-23 03:00:04
MD5 3413fb95a36f43712e234d29a40d0941
Sha256 7767620e2716c3876a64ef301bac24d6c5a5adccb5b1427ac909a77fe46fecbb
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPPassword +
CampaignID cyber
Password 123456
USBSpread 1000
FTPAddress ftp.server.com
InstallDir WinDir
Persistance FALSE
InstallMessageTitle CyberGate
KeyloggerBackspace TRUE
HideFile FALSE
FTPDirectory ./logs/
Domain dreamwack.no-ip.biz,
InstallFileName Svchost.exe
FTPPort 21
REGKeyHKCU HKCU
MessageBoxIcon 16
Port 100,
CyberGateVersion
StartupPolicies Policies
REGKeyHKLM HKLM
FTPUserName ftp_user
ChangeCreationDate FALSE
MeltFile TRUE
Mutex B7VEY4Y3KETW27
KeyloggerEnableFTP FALSE
FTPInterval 30
InstallMessageBox Remote Administration anywhere in the world.
InstallFlag TRUE
ActiveXStartup {1EWX83AF-LQT5-XEAG-824N-UD0HC35K41E2}
EnableMessageBox FALSE
ActivateKeylogger TRUE
MessageBoxButton 0
Virustotal

54 out of 57 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.biz dreamwack.no-ip.biz 0