Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 7901f7897fb944461a6982b9cc4bba5e
Sha256 0f5b30cd52c702305a87d58e6f9e3c7aa2a36278d5123b430598c26b118b1836
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle t?tulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,x3x.zapto.org,
ActiveXStartup {GF4X7745-WQW6-GR05-83C3-J2A4J26U82BY}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName windows.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 288,288,
Advertising
VirusTotal

51 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
x3x.zapto.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus