Details
Robot
FileName
Malware Family CyberGate
Date Added 2016-01-30 03:00:03
MD5 5b6427647419193033adf742efc64af0
Sha256 34c69f68f0c5369538ee96075997dfcaeaa394baf38333887e13fe39bfa7c255
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPPassword +
CampaignID Lammer
Password teste
USBSpread FALSE
FTPAddress ftp.server.com
InstallDir WinRAR
Persistance TRUE
InstallMessageTitle ttulo da mensagem
KeyloggerBackspace TRUE
HideFile TRUE
FTPDirectory ./logs/
Domain huuunt3r.no-ip.org,huuunt3r.no-ip.org,huuunt3r.no-ip.org,
InstallFileName Chrome.exe
FTPPort 21
REGKeyHKCU Chrome
MessageBoxIcon 16
Port 1552,2215,9999,
CyberGateVersion
StartupPolicies Chrome
REGKeyHKLM Chrome
FTPUserName ftp_user
ChangeCreationDate TRUE
MeltFile FALSE
Mutex ***MUTEX***
KeyloggerEnableFTP FALSE
FTPInterval 30
InstallMessageBox texto da mensagem
InstallFlag TRUE
ActiveXStartup {E3LU8XTE-82R8-34H7-4MS0-LX88M70CTPO0}
EnableMessageBox FALSE
ActivateKeylogger TRUE
MessageBoxButton 0
Virustotal

52 out of 55 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.org huuunt3r.no-ip.org 0