Details
Malware Family CyberGate
Date Added July 13, 2017, 6:25 a.m.
MD5 5ab918a794872d3c49004e35f281be3a
Sha256 432eaba6ed7f875b81eb84080ccf62c7f49c40c09945c68d3fd03832825bbab9
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir WINDOWS
FTPPort 21
EnableMessageBox FALSE
Password 1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM WINDOWS
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain xdxdxd.ddns.net,
ActiveXStartup {2377LADM-63MM-8R55-B533-6368231M8KHD}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName WINDOWS.exe
REGKeyHKCU WINDOWS
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 1500,
Advertising
VirusTotal

59 out of 61 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
xdxdxd.ddns.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus