Details
Robot
FileName
Malware Family CyberGate
Date Added 2016-05-25 03:00:04
MD5 654dcc3660004017ac9ef9fc49128829
Sha256 990fb443d694ae77b176f129e8b70c5fbab63e77da7ccf03cb8fbddecd55850a
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPPassword +
CampaignID
Password abcd1234
USBSpread TRUE
FTPAddress ftp.server.com
InstallDir
Persistance TRUE
InstallMessageTitle ttulo da mensagem
KeyloggerBackspace TRUE
HideFile TRUE
FTPDirectory ./logs/
Domain 5.6.231.89,topwoman.zapto.org,
InstallFileName windows.exe
FTPPort 21
REGKeyHKCU
MessageBoxIcon 16
Port 288,288,
CyberGateVersion
StartupPolicies Policies
REGKeyHKLM
FTPUserName ftp_user
ChangeCreationDate TRUE
MeltFile FALSE
Mutex ***MUTEX***
KeyloggerEnableFTP FALSE
FTPInterval 30
InstallMessageBox texto da mensagem
InstallFlag TRUE
ActiveXStartup {GF4X7745-WQW6-GR05-83C3-J2A4J26U82BY}
EnableMessageBox FALSE
ActivateKeylogger TRUE
MessageBoxButton 0
Virustotal

51 out of 57 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
zapto.org topwoman.zapto.org 94.73.32.235 BG