Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 5012d12f862e0db19609a893973137db
Sha256 a548c83fa39bc0459b054da555679fce4f14ab26585ea6830fa3ebcc2af35a8f
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Infected
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir Microsoft
FTPPort 21
EnableMessageBox FALSE
Password lol
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain rsdoverbaby.no-ip.biz,
ActiveXStartup {MRP135EW-T6KC-Y0R0-J718-YC1V876F6INI}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName FireFox.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 82,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
rsdoverbaby.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus