Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 4a9a3d8e8e08fad798c864910498b4e8
Sha256 a057268eefcc3eda24aebc1509e18131ca3c4c00c108d1c14ea19eca20f9ae6a
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID NERA
FTPPassword +
FTPDirectory ./logs/
Mutex S04Q23AF4N877G
GoogleChromePasswords NoLongerStored
InstallDir install
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password 1234567
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle Error
MessageBoxIcon 16
Domain ayarbaban.no-ip.biz,
ActiveXStartup {L0AHICS5-YDYH-SW02-W0BK-87207VLFO6G4}
InstallMessageBox
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
RegKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread 1000
Port 83,
Advertising
VirusTotal

42 out of 52 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
ayarbaban.no-ip.biz 50.70.182.148 CA
Geo Location
Yara Rules
Comments
comments powered by Disqus