Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 8:04 p.m.
MD5 88dd57bb16a5b057d7dba95618232f04
Sha256 9c2a573809556c3c0e9802b1204415724ea9f4a146792d771d6df0564dfaf414
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Cyber
FTPPassword ????4
FTPDirectory ./logs/
Mutex 2OWD7MD451EPOC
InstallDir WinDir
FTPPort 21
EnableMessageBox TRUE
Password 123456
FTPUserName ftp_user
InstallFileName Svchost.exe
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle AlphaSquad
KeyloggerEnableFTP FALSE
MessageBoxIcon 64
Domain zzz.no-ip.biz,
ActiveXStartup {RBF5K11E-2JQ0-850Q-2613-8K580NRGE7CI}
InstallMessageBox This is a test program!
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread 1000
Port 100,
Advertising
VirusTotal

44 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
zzz.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus