Details
Robot
FileName VirusShare_5ca889297ac1d7879088f2115d347f8a
Malware Family CyberGate
Date Added 2015-03-23 20:29:25
MD5 5ca889297ac1d7879088f2115d347f8a
Sha256 fd138f733eb30dc0a069097a9772bf9f74f4d34cbf21685020df986081f6694f
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
CyberGate Version
FTP Port 21
Melt File TRUE
USB Spread FALSE
Change Creation Date TRUE
Password abcd1234
Install Message Box textodamensagem
FTP Address ftp.server.com
Activate Keylogger TRUE
Enable Message Box FALSE
Persistance TRUE
Message Box Icon 16
Port 81,
Domain 127.0.0.1,
Google Chrome Passwords
ServerID vtima
REG Key HKCU HKCU
Active X Startup {11MV8XC1-28A4-B05V-C81W-BE5578P245N6}
FTP UserName ftp_user
Keylogger Enable FTP FALSE
Hide File TRUE
Mutex ***MUTEX***
FTP Directory ./logs/
FTP Password +
Keylogger Backspace = Delete TRUE
P2P Spread
Install Directory explorer
Install File Name server.exe
Install Flag TRUE
Startup Policies Policies
FTP Interval 30
REG Key HKLM HKLM
Install Message Title ttulodamensagem
Message Box Button 0
Virustotal

49 out of 51 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.org 0788827703.no-ip.org 79.173.247.249 JO