Details
Malware Family CyberGate
Date Added Nov. 4, 2015, 7:19 p.m.
MD5 8275f013fdba29c4bc20a0176abe589c
Sha256 9e04fc2a311228e4ac32df2297fb978bd7cf7a24fcacfacf022cb816c80b0822
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID cakal076.zapto.org
FTPPassword +
FTPDirectory ./logs/
Mutex 4H8E3GBWF
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password cakal076.zapto
FTPUserName ftp_user
InstallFileName server.exe
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain cakal076.zapto.org,
ActiveXStartup {65KP6853-JU36-U31O-3NVB-E7YXM1TDM2A2}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 81,
Advertising
VirusTotal

45 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
cakal076.zapto.org 0
0
Geo Location
Yara Rules
Comments
comments powered by Disqus