Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 6:50 p.m.
MD5 87b56e816fea68787b10cdabdde61d6e
Sha256 e37a2ebe7771524b56a479919019f53a0703f9d90fe800c433e935e9da273d65
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID remote
FTPPassword +
FTPDirectory ./logs/
Mutex 412OI76FOQ5121
InstallDir updating
FTPPort 21
EnableMessageBox FALSE
Password h3ckz0r
FTPUserName ftp_user
InstallFileName server.exe
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle CyberGate
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 210.1.58.26,
ActiveXStartup {44N84AFJ-747I-W2X6-STTX-K4W70NBF38EA}
InstallMessageBox Remote Administration anywhere in the world.
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
ActivateKeylogger TRUE
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 7722,
Advertising
VirusTotal

48 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
210.1.58.26 TH
Geo Location
Yara Rules
Comments
comments powered by Disqus