Details
Malware Family CyberGate
Date Added April 14, 2016, 6:52 a.m.
MD5 794a01c501a7ad301f366a45dcbf1da2
Sha256 1c781baf8ee99d83470cdeea8ef10c82b8e526c67e2d9e67a427712de62118ba
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex walsterr
InstallDir install
FTPPort 21
EnableMessageBox TRUE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 1
StartupPolicies
FTPInterval 30
InstallMessageTitle ERRO
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain spynet.zapto.org,
ActiveXStartup {1H554724-BI1X-N50Y-ICI5-722DSI483B38}
InstallMessageBox Parmetro em falta.
ChangeCreationDate TRUE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 3000,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
spynet.zapto.org 179.96.178.153 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus