Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 8617830f2ea4751552ae97a821a0efe3
Sha256 b02c38698adba506cf3e7f9dcbeb8c3a6a35d0c09748fe4a84cc9d1adc6ff7a3
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain qatar002.no-ip.org,
ActiveXStartup {LQWRTH8G-3X34-4YG6-5Y4N-N527V0CN5I1F}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 85,
Advertising
VirusTotal

52 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
qatar002.no-ip.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus