Details
Malware Family CyberGate
Date Added Oct. 3, 2015, 12:16 a.m.
MD5 7aa40d8df1f221d90b5d7de7ba72da32
Sha256 3c141fa689ddfc81886937e0d68399ed35cb29725dacf593260e73e91cb36abc
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir Windows
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM AvastAntVirus
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain hosthackpp.ddns.net,
ActiveXStartup {UW2KHJ00-8P85-VMA1-68J8-NMJ2IBCOBQ8V}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName svchost.exe
REGKeyHKCU Firewall
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread FALSE
Port 2015,
Advertising
VirusTotal

48 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hosthackpp.ddns.net 189.12.222.74 BR
0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus