Details
Malware Family CyberGate
Date Added Feb. 28, 2017, 6:25 a.m.
MD5 686412e3eaa2d7a42841a437ce8d10c0
Sha256 b080e91ee847d3f08dd9eb4be70410815b2c3ebfd5186247eb2ba7bce84f8d86
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123456321
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {V5KN75P4-K557-E684-F456-X14GA5U6LK73}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 81,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus