Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 5:21 p.m.
MD5 865a6977456ceffdd1ef76ab17c4d6cc
Sha256 96bbecedc76e732b5910dda7d110eb1ea77f10d3c8351b08552e5710ab5f576d
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
InstallFileName server.exe
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,127.0.0.1,
ActiveXStartup {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
ActivateKeylogger TRUE
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 81,81,
Advertising
VirusTotal

50 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus