Details
Malware Family CyberGate
Date Added July 25, 2017, 6:25 a.m.
MD5 527e63dfeb620953457b3a59706ad411
Sha256 f15985a91b12e015812f7f960eb0abe03d0cd401f54d0088f75cb087776a297c
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID remote
FTPPassword +
FTPDirectory ./logs/
Mutex J82754LK47E361
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password cybergate
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle CyberGate
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {W1Q5FDI7-F6M3-7578-3R14-ETVTND61V8RR}
InstallMessageBox Remote Administration anywhere in the world.
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 999,
Advertising
VirusTotal

57 out of 59 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus