Details
Robot
FileName
Malware Family CyberGate
Date Added 2015-06-20 11:26:33
MD5 46555b01f573238fda99d4f0b3536a6d
Sha256 b949c12eee9452404cc93d60772ae4dc3defcb1c342a1cf7b6a8a821dd6a0528
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPPassword
CampaignID TRAINER
Password 123
USBSpread 1000
FTPAddress
InstallDir Microsoft
Persistance TRUE
InstallMessageTitle LAMMER
KeyloggerBackspace TRUE
HideFile TRUE
FTPDirectory ./
Domain bossy.no-ip.org,bossy.no-ip.org,bossy.no-ip.org,
InstallFileName svchost.exe
FTPPort
REGKeyHKCU Java Runtime
MessageBoxIcon 16
Port 2000,2015,2016,
CyberGateVersion
StartupPolicies Policies
REGKeyHKLM Microsoft
FTPUserName
ChangeCreationDate TRUE
MeltFile FALSE
Mutex Pluguin
KeyloggerEnableFTP FALSE
FTPInterval 30
InstallMessageBox VOC FOI HACKEADO ...SEU SISTEMA SER FORMATADO.
InstallFlag TRUE
ActiveXStartup {6E6BC05Q-5UP0-U0F6-3657-BCVU276E5256}
EnableMessageBox FALSE
ActivateKeylogger TRUE
MessageBoxButton 0
Virustotal

49 out of 57 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.org bossy.no-ip.org 187.66.222.108 BR