Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 7b79167234e528883ff69d4b1c3de399
Sha256 bc78725e2690c4287a63ba25da001d0a08f6032ee6240e9972d6ff6b4f80fe2d
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir System
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain choha.no-ip.biz,
ActiveXStartup {0PYVK42E-I70N-L24H-U36M-87ECDL3U510W}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName System32.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 147,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
choha.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus